Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/WFWK_G9C2DLu9PhTHXWSYsDLKsY.roa
File:                     WFWK_G9C2DLu9PhTHXWSYsDLKsY.roa (raw, json)
Hash identifier:          Y8Ow6lFNIPSwwVem6o+s005LTC8vf7P3Jw0bTSwpKJ4=
Subject key identifier:   58:55:8A:FC:6F:42:D8:32:EE:F4:F8:53:1D:75:92:62:C0:CB:2A:C6
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B4E4CEEA9CE890BBB42921984E6C7
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/WFWK_G9C2DLu9PhTHXWSYsDLKsY.roa
Signing time:             Tue 02 Jan 2024 12:34:44 +0000
ROA not before:           Tue 02 Jan 2024 12:34:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        185.141.206.0/23 maxlen: 23
                          185.144.100.0/24 maxlen: 24
                          2a06:8ec4::/43 maxlen: 43

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:4e:4c:ee:a9:ce:89:0b:bb:42:92:19:84:e6:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58558afc6f42d832eef4f8531d759262c0cb2ac6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4b:f3:b8:18:a2:c4:f2:42:a1:50:f7:5c:1f:
                    eb:99:b5:64:bf:85:fe:d4:7a:e9:5f:27:c6:72:05:
                    7b:2b:57:54:39:31:9e:78:93:35:52:2b:e7:22:4a:
                    25:cf:0f:75:56:50:08:0e:1e:14:85:6e:8a:49:65:
                    00:61:14:3f:44:1e:35:c7:d1:88:f7:36:cd:4d:c8:
                    89:6c:34:af:e4:7b:32:c6:a5:40:97:3d:ec:29:e7:
                    87:79:6f:82:c4:7a:0e:fc:36:44:58:71:22:0d:9d:
                    33:00:4a:31:e7:94:06:c1:89:97:18:f7:f8:b3:fb:
                    11:95:47:85:81:24:65:27:9f:8b:d3:d0:86:43:b5:
                    db:13:b7:44:ff:b9:cf:95:15:9a:c9:e7:c0:41:d8:
                    f3:0e:74:80:50:0c:00:53:26:ee:77:a4:0a:2d:7c:
                    7e:0b:75:2a:6a:0b:e0:f2:0b:ab:9e:65:f8:24:53:
                    63:62:37:50:b6:82:f2:69:40:23:57:7c:af:8d:4b:
                    01:62:4d:54:9e:f4:53:d3:e0:d2:5a:24:f0:14:17:
                    cc:7c:56:38:74:c2:d9:74:e3:88:9f:fe:97:85:ab:
                    ae:ce:56:f4:5a:79:fd:fc:01:f8:b8:36:70:13:2f:
                    cd:9d:b7:8c:bf:3e:29:5f:e4:c6:aa:5e:a3:96:86:
                    37:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:55:8A:FC:6F:42:D8:32:EE:F4:F8:53:1D:75:92:62:C0:CB:2A:C6
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/WFWK_G9C2DLu9PhTHXWSYsDLKsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.206.0/23
                  185.144.100.0/24
                IPv6:
                  2a06:8ec4::/43

    Signature Algorithm: sha256WithRSAEncryption
         54:87:94:74:75:71:fa:57:64:8b:8e:b4:b3:a9:28:cb:fe:75:
         77:b9:69:8e:9d:f1:fa:bc:0c:85:b0:46:2a:1b:87:56:0e:fb:
         71:61:55:70:d8:e4:f5:bf:25:9a:02:b4:55:35:ea:0a:35:6d:
         dd:9a:81:f7:99:cc:1a:4c:51:cc:dc:81:e4:4b:03:1e:4c:47:
         1a:47:60:d4:23:f4:e7:58:81:c8:4a:76:f1:e5:88:c9:01:d5:
         45:4b:e5:34:ca:14:8f:f5:da:c1:02:78:e1:97:d3:d7:7a:ab:
         dc:67:77:d7:ad:80:cf:12:d2:5a:70:68:5e:73:ed:41:6c:5f:
         94:6f:4f:22:d7:9a:fa:09:47:86:f0:54:4c:3e:c9:83:6f:1b:
         2b:78:5e:8b:06:be:b1:96:e7:5c:0b:3e:86:a9:99:e1:22:22:
         8e:82:d0:e2:1b:4e:a8:aa:bb:09:ee:00:88:29:f4:44:85:15:
         70:04:19:4d:33:26:ce:50:56:ea:6b:43:fe:12:64:ba:d2:d7:
         d1:dd:3c:16:20:4b:d2:94:1d:41:61:62:87:cc:22:25:3e:e6:
         df:a1:b5:13:8d:12:ba:45:1d:85:ea:95:e4:df:92:41:bb:ba:
         46:62:e9:62:01:d2:a6:f2:4e:1f:5b:8e:22:5e:0e:44:bc:bc:
         0b:24:ae:8b
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzKK05M7qnOiQu7QpIZhObHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODU1OGFmYzZmNDJkODMyZWVmNGY4NTMxZDc1OTI2MmMwY2IyYWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEvzuBiixPJCoVD3XB/rmbVkv4X+
1HrpXyfGcgV7K1dUOTGeeJM1UivnIkolzw91VlAIDh4UhW6KSWUAYRQ/RB41x9GI
9zbNTciJbDSv5HsyxqVAlz3sKeeHeW+CxHoO/DZEWHEiDZ0zAEox55QGwYmXGPf4
s/sRlUeFgSRlJ5+L09CGQ7XbE7dE/7nPlRWayefAQdjzDnSAUAwAUybud6QKLXx+
C3Uqagvg8gurnmX4JFNjYjdQtoLyaUAjV3yvjUsBYk1UnvRT0+DSWiTwFBfMfFY4
dMLZdOOIn/6Xhauuzlb0Wnn9/AH4uDZwEy/NnbeMvz4pX+TGql6jloY3mQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFFhVivxvQtgy7vT4Ux11kmLAyyrGMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvV0ZXS19HOUMyREx1OVBoVEhYV1NZc0RMS3NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBuY3OAwQA
uZBkMA8EAgACMAkDBwUqBo7EAAAwDQYJKoZIhvcNAQELBQADggEBAFSHlHR1cfpX
ZIuOtLOpKMv+dXe5aY6d8fq8DIWwRiobh1YO+3FhVXDY5PW/JZoCtFU16go1bd2a
gfeZzBpMUczcgeRLAx5MRxpHYNQj9OdYgchKdvHliMkB1UVL5TTKFI/12sECeOGX
09d6q9xnd9etgM8S0lpwaF5z7UFsX5RvTyLXmvoJR4bwVEw+yYNvGyt4XosGvrGW
51wLPoapmeEiIo6C0OIbTqiquwnuAIgp9ESFFXAEGU0zJs5QVuprQ/4SZLrS19Hd
PBYgS9KUHUFhYofMIiU+5t+htRONErpFHYXqleTfkkG7ukZi6WIB0qbyTh9bjiJe
DkS8vAskros=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:43:38 2024 by rpki-client on console-fra.rpki-client.org