Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/WkpiWxO7Q-yN6mOR59de0rNwfRA.roa
File:                     WkpiWxO7Q-yN6mOR59de0rNwfRA.roa (raw, json)
Hash identifier:          OBBIqIIsoThvXGD9Jzx7zMSllUyC3gW2i5JZ0/eDPzw=
Subject key identifier:   5A:4A:62:5B:13:BB:43:EC:8D:EA:63:91:E7:D7:5E:D2:B3:70:7D:10
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B52D024A6A8BD4BD21D73584D80F3
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/WkpiWxO7Q-yN6mOR59de0rNwfRA.roa
Signing time:             Tue 02 Jan 2024 12:34:46 +0000
ROA not before:           Tue 02 Jan 2024 12:34:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44103
IP address blocks:        185.142.142.0/24 maxlen: 32
                          194.34.230.0/24 maxlen: 32
                          45.93.119.0/24 maxlen: 32
                          185.249.217.0/24 maxlen: 32
                          2a06:8e01::/44 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:52:d0:24:a6:a8:bd:4b:d2:1d:73:58:4d:80:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a4a625b13bb43ec8dea6391e7d75ed2b3707d10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:db:57:3a:55:ae:e6:00:b6:c4:33:72:fb:cd:
                    39:c8:07:12:53:7b:f0:34:97:c0:11:47:ca:12:f3:
                    91:3c:96:d2:9c:ac:fe:06:e9:2e:8f:51:be:82:80:
                    ae:a9:48:5b:20:c4:89:c1:4f:92:ac:e2:d5:ac:c6:
                    a9:03:65:c2:60:18:9f:86:8f:a6:f0:ab:01:50:cf:
                    c3:d1:93:e0:56:42:1b:3d:a1:40:b9:df:e5:89:89:
                    59:7a:07:82:24:d4:10:fb:e3:b4:6a:18:1b:80:3b:
                    e1:45:5b:38:a5:fc:53:3a:b9:99:42:58:57:c7:c5:
                    53:ce:2a:f1:f5:f8:5a:91:80:48:d4:47:24:a8:22:
                    6f:24:21:47:9e:bf:26:10:57:6f:05:b9:2d:b9:13:
                    89:6c:fe:25:a1:9a:0a:55:4f:73:11:c2:cb:b1:ed:
                    94:35:0f:a6:22:9b:7f:8e:2a:7c:d1:98:02:25:90:
                    7c:54:26:5f:64:f4:c6:54:b9:50:ab:29:d4:a3:37:
                    33:9d:8a:dd:f0:a6:eb:b7:94:d7:3a:ec:73:b3:9d:
                    3b:e8:45:bf:52:7c:11:b8:1f:73:bb:fc:63:f5:32:
                    52:9f:68:05:9b:41:43:fb:98:4c:8a:37:2e:11:2b:
                    95:aa:c4:41:08:0d:35:76:d8:2b:1a:82:10:37:a1:
                    4f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:4A:62:5B:13:BB:43:EC:8D:EA:63:91:E7:D7:5E:D2:B3:70:7D:10
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/WkpiWxO7Q-yN6mOR59de0rNwfRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.119.0/24
                  185.142.142.0/24
                  185.249.217.0/24
                  194.34.230.0/24
                IPv6:
                  2a06:8e01::/44

    Signature Algorithm: sha256WithRSAEncryption
         b0:c3:1e:e5:8d:2f:69:e0:ba:77:5a:23:d7:28:79:fa:8b:74:
         38:8a:a8:8f:23:7e:95:8c:67:e0:39:cc:cc:54:ba:9a:b6:89:
         fd:a6:1b:ff:59:f8:ef:ab:c8:52:ec:1b:1a:5c:5f:9e:2f:4e:
         5d:82:78:0e:7e:eb:5a:21:1e:12:c6:d4:a4:31:29:5c:35:43:
         de:ba:eb:cc:48:21:31:23:d2:a3:a6:8f:10:86:e8:0c:17:70:
         23:f1:1a:6c:a5:53:d1:69:7f:2e:ac:48:83:13:93:c6:66:9b:
         4f:45:9a:0d:03:cc:d5:45:b6:f5:24:7b:26:fc:8a:6c:8b:99:
         fc:02:98:d7:b5:91:2d:d3:62:04:19:35:89:fa:77:59:f1:44:
         e6:50:8e:1f:3c:96:fb:1e:89:9a:c3:81:0b:86:4e:1b:a6:df:
         2a:38:81:32:22:69:a5:74:5b:cc:d4:60:d7:0c:89:db:33:5e:
         bf:6a:48:65:e9:09:ce:92:82:e9:e6:d7:24:5f:4b:01:e0:a0:
         97:65:31:b1:00:bf:bc:16:f5:03:bd:a2:52:52:ea:21:86:7b:
         70:95:f4:bb:59:11:0f:40:cd:6f:5f:00:39:a9:09:f9:3e:09:
         d6:38:6a:ae:34:31:9f:a2:71:1c:af:44:6e:a0:a2:16:88:1c:
         91:64:44:ad
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzKK1LQJKaovUvSHXNYTYDzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTRhNjI1YjEzYmI0M2VjOGRlYTYzOTFlN2Q3NWVkMmIzNzA3ZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNtXOlWu5gC2xDNy+805yAcSU3vw
NJfAEUfKEvORPJbSnKz+Bukuj1G+goCuqUhbIMSJwU+SrOLVrMapA2XCYBifho+m
8KsBUM/D0ZPgVkIbPaFAud/liYlZegeCJNQQ++O0ahgbgDvhRVs4pfxTOrmZQlhX
x8VTzirx9fhakYBI1EckqCJvJCFHnr8mEFdvBbktuROJbP4loZoKVU9zEcLLse2U
NQ+mIpt/jip80ZgCJZB8VCZfZPTGVLlQqynUozcznYrd8Kbrt5TXOuxzs5076EW/
UnwRuB9zu/xj9TJSn2gFm0FD+5hMijcuESuVqsRBCA01dtgrGoIQN6FPYwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFFpKYlsTu0PsjepjkefXXtKzcH0QMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvV2twaVd4TzdRLXlONm1PUjU5ZGUwck53ZlJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQALV13AwQA
uY6OAwQAufnZAwQAwiLmMA8EAgACMAkDBwQqBo4BAAAwDQYJKoZIhvcNAQELBQAD
ggEBALDDHuWNL2ngundaI9coefqLdDiKqI8jfpWMZ+A5zMxUupq2if2mG/9Z+O+r
yFLsGxpcX54vTl2CeA5+61ohHhLG1KQxKVw1Q96668xIITEj0qOmjxCG6AwXcCPx
GmylU9Fpfy6sSIMTk8Zmm09Fmg0DzNVFtvUkeyb8imyLmfwCmNe1kS3TYgQZNYn6
d1nxROZQjh88lvseiZrDgQuGThum3yo4gTIiaaV0W8zUYNcMidszXr9qSGXpCc6S
gunm1yRfSwHgoJdlMbEAv7wW9QO9olJS6iGGe3CV9LtZEQ9AzW9fADmpCfk+CdY4
aq40MZ+icRyvRG6gohaIHJFkRK0=
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:04:07 2024 by rpki-client on console-ams.rpki-client.org