Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/wYLo5A5kujXgpc-VWYv8-KgETTc.roa
File:                     wYLo5A5kujXgpc-VWYv8-KgETTc.roa (raw, json)
Hash identifier:          Yf1A1N2QAT8S1y+tqs5Vk1bVhsG0JInE6U6uUxU6X2g=
Subject key identifier:   C1:82:E8:E4:0E:64:BA:35:E0:A5:CF:95:59:8B:FC:F8:A8:04:4D:37
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAC1F1ACF5E6317B851D49B08596C8
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/wYLo5A5kujXgpc-VWYv8-KgETTc.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47507
IP address blocks:        212.104.160.0/19 maxlen: 24
                          86.105.234.0/24 maxlen: 24
                          193.91.0.0/24 maxlen: 24
                          193.91.10.0/24 maxlen: 24
                          185.43.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c1:f1:ac:f5:e6:31:7b:85:1d:49:b0:85:96:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c182e8e40e64ba35e0a5cf95598bfcf8a8044d37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:20:7e:ef:1a:89:21:c7:6e:bf:30:ef:23:32:
                    ed:6e:0e:4d:95:43:d1:05:33:23:c2:85:d8:0d:3e:
                    10:be:1d:99:f3:b1:2a:a5:65:93:50:54:4f:29:60:
                    2a:28:77:70:90:8b:1b:d8:06:53:19:c2:93:68:ea:
                    a0:6a:3e:d2:2c:65:0a:2c:c7:04:86:d8:59:fa:e2:
                    00:c8:99:6b:01:38:0f:46:44:80:61:53:30:99:66:
                    5c:0a:70:57:52:6d:2b:1f:66:69:2a:ec:99:4c:72:
                    3f:fa:28:09:5d:77:54:81:ec:e8:10:cb:6d:5e:0b:
                    f5:54:1f:2a:e0:5f:ea:9f:25:2a:74:b8:34:de:67:
                    90:75:0f:6f:7c:0e:2a:2f:2b:d4:a0:a3:72:af:c2:
                    86:04:29:ca:db:3d:8c:ce:c4:f5:c8:d8:d6:da:4c:
                    84:21:d9:5c:52:fd:2c:d0:0c:f6:b6:46:68:26:15:
                    e6:dd:a1:4d:5a:4d:52:8b:fc:66:ec:e6:60:16:11:
                    6b:95:12:50:b3:5d:b3:c2:3f:e9:b2:29:a4:d3:a9:
                    fb:39:d4:64:65:3e:77:aa:dc:ec:33:15:ad:a0:0f:
                    cb:ea:af:26:d7:65:58:78:77:c4:05:22:2c:3a:f6:
                    03:f5:87:8c:74:e3:91:80:5b:62:8b:3b:a7:f0:bd:
                    fd:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:82:E8:E4:0E:64:BA:35:E0:A5:CF:95:59:8B:FC:F8:A8:04:4D:37
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/wYLo5A5kujXgpc-VWYv8-KgETTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.234.0/24
                  185.43.252.0/22
                  193.91.0.0/24
                  193.91.10.0/24
                  212.104.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         57:b7:a9:e4:f9:2e:bb:35:c3:00:68:d1:e6:08:22:5c:98:4d:
         d8:8f:47:e2:b8:a8:dc:b4:8b:0a:e3:97:28:d5:dd:b8:a4:e1:
         98:eb:a5:99:fd:5b:bc:bc:39:4c:86:a6:13:34:73:1d:b5:57:
         0e:49:74:76:23:31:31:ab:36:69:37:7f:9a:5c:9f:08:27:84:
         30:a3:77:f0:db:6a:e0:00:dc:f0:9f:c2:c4:e2:69:86:21:fb:
         68:a5:0a:53:ae:ef:6e:1a:cf:2d:60:89:52:7b:5b:3d:f4:7e:
         27:42:5b:fd:14:08:7c:a4:76:f9:5f:5f:78:f8:62:2d:5c:c8:
         60:35:cc:b2:79:f8:54:46:36:49:6a:c5:32:25:a1:94:d6:a7:
         3c:e3:12:e1:9c:57:95:31:30:70:c6:b9:68:e9:8b:85:ee:0a:
         97:c2:16:2c:d5:38:12:97:90:13:c2:1b:56:fc:3d:ee:82:7f:
         98:ba:26:42:b4:7b:cc:da:0a:94:6f:65:88:62:09:57:4f:42:
         c3:e5:86:dc:55:81:7e:31:db:bb:94:4c:fa:9e:fe:74:29:fd:
         85:9b:67:c5:b8:b8:50:9a:05:39:96:3d:16:b8:5c:e9:69:39:
         64:dc:3d:4a:68:d4:e3:b7:10:23:31:e5:56:aa:70:27:96:58:
         76:d9:0d:91
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzC2sHxrPXmMXuFHUmwhZbIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTgyZThlNDBlNjRiYTM1ZTBhNWNmOTU1OThiZmNmOGE4MDQ0ZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSB+7xqJIcduvzDvIzLtbg5NlUPR
BTMjwoXYDT4Qvh2Z87EqpWWTUFRPKWAqKHdwkIsb2AZTGcKTaOqgaj7SLGUKLMcE
hthZ+uIAyJlrATgPRkSAYVMwmWZcCnBXUm0rH2ZpKuyZTHI/+igJXXdUgezoEMtt
Xgv1VB8q4F/qnyUqdLg03meQdQ9vfA4qLyvUoKNyr8KGBCnK2z2MzsT1yNjW2kyE
IdlcUv0s0Az2tkZoJhXm3aFNWk1Si/xm7OZgFhFrlRJQs12zwj/psimk06n7OdRk
ZT53qtzsMxWtoA/L6q8m12VYeHfEBSIsOvYD9YeMdOORgFtiizun8L39mwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMGC6OQOZLo14KXPlVmL/PioBE03MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvd1lMbzVBNWt1alhncGMtVldZdjgtS2dFVFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVmnqAwQC
uSv8AwQAwVsAAwQAwVsKAwQF1GigMA0GCSqGSIb3DQEBCwUAA4IBAQBXt6nk+S67
NcMAaNHmCCJcmE3Yj0fiuKjctIsK45co1d24pOGY66WZ/Vu8vDlMhqYTNHMdtVcO
SXR2IzExqzZpN3+aXJ8IJ4Qwo3fw22rgANzwn8LE4mmGIftopQpTru9uGs8tYIlS
e1s99H4nQlv9FAh8pHb5X194+GItXMhgNcyyefhURjZJasUyJaGU1qc84xLhnFeV
MTBwxrlo6YuF7gqXwhYs1TgSl5ATwhtW/D3ugn+YuiZCtHvM2gqUb2WIYglXT0LD
5YbcVYF+Mdu7lEz6nv50Kf2Fm2fFuLhQmgU5lj0WuFzpaTlk3D1KaNTjtxAjMeVW
qnAnllh22Q2R
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:26:08 2024 by rpki-client on console-ams.rpki-client.org