Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/6b9ec0-9b10-4443-b5e6-c4fd53ebeb67/1/WOG7VnnNaCan7I1b0qFWs97bO34.roa
File:                     WOG7VnnNaCan7I1b0qFWs97bO34.roa (raw, json)
Hash identifier:          xeo55NI/JEdkiQohfCLo1YSPCwNyr2Q/mGqkvTvo3Rw=
Subject key identifier:   58:E1:BB:56:79:CD:68:26:A7:EC:8D:5B:D2:A1:56:B3:DE:DB:3B:7E
Certificate issuer:       /CN=4b61cc8a365cc40382a31dad54f6cb723f58758a
Certificate serial:       018CC801ADA035D9E4D0C7C7B359DBCEACF6
Authority key identifier: 4B:61:CC:8A:36:5C:C4:03:82:A3:1D:AD:54:F6:CB:72:3F:58:75:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S2HMijZcxAOCox2tVPbLcj9YdYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/6b9ec0-9b10-4443-b5e6-c4fd53ebeb67/1/WOG7VnnNaCan7I1b0qFWs97bO34.roa
Signing time:             Tue 02 Jan 2024 02:30:02 +0000
ROA not before:           Tue 02 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42339
IP address blocks:        46.28.224.0/21 maxlen: 21
                          77.72.120.0/21 maxlen: 21
                          185.22.204.0/22 maxlen: 22
                          2a00:60a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/6b9ec0-9b10-4443-b5e6-c4fd53ebeb67/1/S2HMijZcxAOCox2tVPbLcj9YdYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/6b9ec0-9b10-4443-b5e6-c4fd53ebeb67/1/S2HMijZcxAOCox2tVPbLcj9YdYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S2HMijZcxAOCox2tVPbLcj9YdYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ad:a0:35:d9:e4:d0:c7:c7:b3:59:db:ce:ac:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b61cc8a365cc40382a31dad54f6cb723f58758a
        Validity
            Not Before: Jan  2 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58e1bb5679cd6826a7ec8d5bd2a156b3dedb3b7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f7:58:74:2d:f9:db:6d:aa:32:ba:9f:45:1f:
                    ce:86:5c:00:a6:78:75:77:aa:10:db:20:40:5b:de:
                    6e:82:07:83:66:81:e0:6d:7f:62:cd:af:b1:bd:9f:
                    33:9e:67:1e:b3:7a:8a:97:20:c9:85:f8:1c:e2:5d:
                    68:55:4d:8d:0c:2e:1a:20:87:78:22:b3:a0:cb:58:
                    16:b9:28:3a:74:8b:d6:fa:dd:da:82:bf:ef:e9:52:
                    72:6d:8f:f7:4d:55:e0:27:2f:da:76:1b:9f:2c:37:
                    9b:c2:3b:6c:d0:48:e4:86:7f:c4:2c:4a:34:f3:8e:
                    40:27:87:26:f4:0f:2b:23:f0:2a:f0:9a:d8:e6:6f:
                    8a:fb:30:e8:bd:c2:eb:45:82:b4:31:1e:6b:7b:40:
                    0d:b7:ba:7e:f1:fa:9a:a5:6e:0e:72:7b:9b:cc:7b:
                    72:c3:9b:91:99:58:b0:10:c8:ec:19:7f:5a:20:55:
                    51:f2:fc:42:5b:f4:ae:3a:df:8b:6a:c1:bf:b6:2f:
                    ff:b3:b8:31:f8:10:46:5e:3e:c8:47:85:9e:56:e1:
                    8c:bb:4a:d8:6d:0b:cc:b7:27:77:66:e7:63:e4:e2:
                    59:83:25:f7:09:76:fa:51:ca:db:bd:f2:bb:46:36:
                    2d:23:07:55:87:e3:a3:5c:41:8b:fd:49:cf:66:b7:
                    bd:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:E1:BB:56:79:CD:68:26:A7:EC:8D:5B:D2:A1:56:B3:DE:DB:3B:7E
            X509v3 Authority Key Identifier:
                keyid:4B:61:CC:8A:36:5C:C4:03:82:A3:1D:AD:54:F6:CB:72:3F:58:75:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S2HMijZcxAOCox2tVPbLcj9YdYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6b9ec0-9b10-4443-b5e6-c4fd53ebeb67/1/WOG7VnnNaCan7I1b0qFWs97bO34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6b9ec0-9b10-4443-b5e6-c4fd53ebeb67/1/S2HMijZcxAOCox2tVPbLcj9YdYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.224.0/21
                  77.72.120.0/21
                  185.22.204.0/22
                IPv6:
                  2a00:60a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:39:93:d6:4d:a2:96:4f:ae:30:69:b9:fa:ff:2c:aa:12:9d:
         09:5d:6b:75:bb:d4:3b:59:c9:85:79:e5:7e:57:bb:0b:2c:06:
         7b:28:9e:41:93:79:14:43:de:1d:7f:3a:40:0d:6f:4f:c2:69:
         0e:b6:33:37:85:a7:c4:cf:1a:8b:6c:9b:c2:f9:d2:b1:f5:80:
         3d:7c:45:69:75:f1:fe:f4:fe:26:d9:9e:22:e7:c5:a9:db:cd:
         07:d0:58:ee:88:37:c4:60:68:e5:02:e8:75:48:0b:3e:d1:bc:
         9a:8d:a6:5d:d2:fb:6a:4a:c7:d3:3a:1a:97:09:75:06:13:2d:
         1f:8c:45:ae:e0:99:85:2a:f4:c0:5c:00:87:fe:af:87:f4:08:
         b0:d6:c4:db:e2:c3:70:9e:8d:17:b2:44:82:0b:76:ca:28:81:
         d9:0f:b0:c7:dc:36:33:a1:ee:3e:e6:4c:b4:51:b1:ac:52:b8:
         a3:51:ac:d7:e7:c5:16:5c:13:88:7a:60:8d:6e:f8:bd:a9:1a:
         74:5e:10:e0:a2:6d:54:dd:79:9f:a5:f3:0f:94:9b:36:1f:bb:
         6f:f3:b6:b4:0c:df:43:3c:3a:dc:29:6c:ec:5b:95:5d:81:de:
         0e:94:94:19:9d:e6:fc:5b:ec:b3:d1:26:40:df:f1:91:ae:08:
         3c:a8:fa:f0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzIAa2gNdnk0MfHs1nbzqz2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNjFjYzhhMzY1Y2M0MDM4MmEzMWRhZDU0ZjZjYjcyM2Y1
ODc1OGEwHhcNMjQwMTAyMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGUxYmI1Njc5Y2Q2ODI2YTdlYzhkNWJkMmExNTZiM2RlZGIzYjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/dYdC35222qMrqfRR/OhlwApnh1
d6oQ2yBAW95uggeDZoHgbX9iza+xvZ8znmces3qKlyDJhfgc4l1oVU2NDC4aIId4
IrOgy1gWuSg6dIvW+t3agr/v6VJybY/3TVXgJy/adhufLDebwjts0Ejkhn/ELEo0
845AJ4cm9A8rI/Aq8JrY5m+K+zDovcLrRYK0MR5re0ANt7p+8fqapW4OcnubzHty
w5uRmViwEMjsGX9aIFVR8vxCW/SuOt+LasG/ti//s7gx+BBGXj7IR4WeVuGMu0rY
bQvMtyd3Zudj5OJZgyX3CXb6UcrbvfK7RjYtIwdVh+OjXEGL/UnPZre9cwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFFjhu1Z5zWgmp+yNW9KhVrPe2zt+MB8GA1UdIwQY
MBaAFEthzIo2XMQDgqMdrVT2y3I/WHWKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzJITWlqWmN4QU9Db3gydFZQYkxjajlZZFlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82YjllYzAtOWIxMC00NDQzLWI1ZTYt
YzRmZDUzZWJlYjY3LzEvV09HN1Zubk5hQ2FuN0kxYjBxRldzOTdiTzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82YjllYzAtOWIxMC00NDQzLWI1ZTYtYzRmZDUzZWJlYjY3
LzEvUzJITWlqWmN4QU9Db3gydFZQYkxjajlZZFlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLhzgAwQD
TUh4AwQCuRbMMA0EAgACMAcDBQAqAGCgMA0GCSqGSIb3DQEBCwUAA4IBAQC3OZPW
TaKWT64wabn6/yyqEp0JXWt1u9Q7WcmFeeV+V7sLLAZ7KJ5Bk3kUQ94dfzpADW9P
wmkOtjM3hafEzxqLbJvC+dKx9YA9fEVpdfH+9P4m2Z4i58Wp280H0FjuiDfEYGjl
Auh1SAs+0byajaZd0vtqSsfTOhqXCXUGEy0fjEWu4JmFKvTAXACH/q+H9Aiw1sTb
4sNwno0XskSCC3bKKIHZD7DH3DYzoe4+5ky0UbGsUrijUazX58UWXBOIemCNbvi9
qRp0XhDgom1U3XmfpfMPlJs2H7tv87a0DN9DPDrcKWzsW5Vdgd4OlJQZneb8W+yz
0SZA3/GRrgg8qPrw
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:59:31 2024 by rpki-client on console-fra.rpki-client.org