Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/2DWV5XA3FYDgqF5hQlI-lK-Zybc.roa
File:                     2DWV5XA3FYDgqF5hQlI-lK-Zybc.roa (raw, json)
Hash identifier:          9C+4hBh7hxKMRABs0O96BDgXXAbpWqSGbv04BFqQyJ8=
Subject key identifier:   D8:35:95:E5:70:37:15:80:E0:A8:5E:61:42:52:3E:94:AF:99:C9:B7
Certificate issuer:       /CN=87c37d035d95fefba1d47f98b9ff4973f17df6cd
Certificate serial:       018CC94E224A3ADC73CF89D9F19BD9A12676
Authority key identifier: 87:C3:7D:03:5D:95:FE:FB:A1:D4:7F:98:B9:FF:49:73:F1:7D:F6:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h8N9A12V_vuh1H-Yuf9Jc_F99s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/2DWV5XA3FYDgqF5hQlI-lK-Zybc.roa
Signing time:             Tue 02 Jan 2024 08:33:10 +0000
ROA not before:           Tue 02 Jan 2024 08:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        185.59.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/h8N9A12V_vuh1H-Yuf9Jc_F99s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/h8N9A12V_vuh1H-Yuf9Jc_F99s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h8N9A12V_vuh1H-Yuf9Jc_F99s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:22:4a:3a:dc:73:cf:89:d9:f1:9b:d9:a1:26:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87c37d035d95fefba1d47f98b9ff4973f17df6cd
        Validity
            Not Before: Jan  2 08:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d83595e570371580e0a85e6142523e94af99c9b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:fd:24:ad:92:b5:f4:ac:9d:d3:b8:e9:0a:b0:
                    d5:da:17:4f:eb:c1:31:60:80:7f:10:c4:31:0c:9c:
                    e3:37:e0:a3:4c:84:bb:87:89:3b:1e:9e:88:73:11:
                    de:4c:06:8f:d7:ca:cd:7a:e8:f1:f7:99:63:40:b2:
                    fb:c1:3b:bd:70:88:84:ae:5c:24:da:fa:de:2d:56:
                    47:a1:0f:c7:e9:a4:6c:de:3a:68:e0:87:e6:b6:3d:
                    1c:95:e2:ff:b5:91:8e:2c:60:dd:19:da:9b:d6:ee:
                    fb:af:67:b0:f0:02:8a:8d:85:04:22:79:d7:ac:6d:
                    57:31:6e:24:3a:9e:d2:44:e3:41:07:9e:2e:2a:a5:
                    74:bb:c3:af:72:cc:32:f6:22:98:d6:cc:8a:b3:3e:
                    f9:e7:d2:ce:84:ce:3b:ac:a2:70:0e:47:55:c6:e9:
                    96:f3:0a:6d:27:6b:db:e1:46:b6:c6:ed:6c:cf:3e:
                    f2:d6:bb:db:0d:65:3d:bc:7c:f7:d9:c0:bb:82:8c:
                    1f:e9:1a:c1:b9:fc:74:a1:ce:aa:6e:c0:8e:cd:9e:
                    13:cb:0c:1d:48:d4:63:14:a8:ac:31:b3:f3:eb:db:
                    a9:c6:df:46:54:be:81:a6:c4:7f:08:cf:98:8a:23:
                    2f:9a:c7:bd:fb:29:fb:13:99:6e:8d:cd:e9:4b:71:
                    fb:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:35:95:E5:70:37:15:80:E0:A8:5E:61:42:52:3E:94:AF:99:C9:B7
            X509v3 Authority Key Identifier:
                keyid:87:C3:7D:03:5D:95:FE:FB:A1:D4:7F:98:B9:FF:49:73:F1:7D:F6:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h8N9A12V_vuh1H-Yuf9Jc_F99s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/2DWV5XA3FYDgqF5hQlI-lK-Zybc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/h8N9A12V_vuh1H-Yuf9Jc_F99s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:0a:51:9f:f8:ee:a7:bc:02:93:d2:32:e6:72:de:21:b8:d0:
         c2:53:07:5a:f3:9a:2c:f8:fb:89:49:ff:1a:90:05:b8:c4:32:
         e0:ba:e9:1a:1c:72:1e:98:60:56:f2:8d:55:df:f4:6e:23:7b:
         52:42:87:60:5e:8f:a0:5b:eb:a9:37:ab:b9:cb:89:e7:bc:c1:
         7e:ba:92:bb:52:b4:bb:9d:34:d3:f9:d5:af:75:05:42:9e:b6:
         c3:05:95:38:5b:72:b2:a4:e6:08:02:af:42:85:c4:79:cc:1d:
         0d:28:3c:50:ab:d9:34:03:75:5b:73:ca:ae:88:47:c8:e2:76:
         84:67:50:a0:a0:8d:6b:ee:77:76:17:4e:6e:01:9b:9e:c6:65:
         ed:f1:1d:16:cc:c5:25:5d:d2:12:72:9c:5b:a8:c4:d7:05:b8:
         bf:82:29:d1:03:d2:cb:8f:2e:75:6c:c4:b2:c1:16:d7:b6:54:
         43:cd:0f:7d:45:49:dd:28:19:52:e5:6e:70:fc:33:db:22:ca:
         ca:87:9b:d7:0c:2a:ec:ba:1c:a7:1e:00:5d:96:fb:af:c4:74:
         84:70:80:8c:32:a4:0f:0d:29:6e:9c:c9:1e:97:03:df:34:bf:
         90:dd:20:8c:4b:f6:dc:04:24:be:db:9c:e0:16:c4:44:82:35:
         de:a8:a1:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTiJKOtxzz4nZ8ZvZoSZ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YzM3ZDAzNWQ5NWZlZmJhMWQ0N2Y5OGI5ZmY0OTczZjE3
ZGY2Y2QwHhcNMjQwMTAyMDgzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODM1OTVlNTcwMzcxNTgwZTBhODVlNjE0MjUyM2U5NGFmOTljOWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAif0krZK19Kyd07jpCrDV2hdP68Ex
YIB/EMQxDJzjN+CjTIS7h4k7Hp6IcxHeTAaP18rNeujx95ljQLL7wTu9cIiErlwk
2vreLVZHoQ/H6aRs3jpo4Ifmtj0cleL/tZGOLGDdGdqb1u77r2ew8AKKjYUEInnX
rG1XMW4kOp7SRONBB54uKqV0u8Ovcswy9iKY1syKsz7559LOhM47rKJwDkdVxumW
8wptJ2vb4Ua2xu1szz7y1rvbDWU9vHz32cC7gowf6RrBufx0oc6qbsCOzZ4Tywwd
SNRjFKisMbPz69upxt9GVL6BpsR/CM+YiiMvmse9+yn7E5lujc3pS3H7QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNg1leVwNxWA4KheYUJSPpSvmcm3MB8GA1UdIwQY
MBaAFIfDfQNdlf77odR/mLn/SXPxffbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDhOOUExMlZfdnVoMUgtWXVmOUpjX0Y5OXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS81ZWYwNjAtZjQ3My00MDQzLWI4YTIt
ZTFiN2M3NjQ5ZmEzLzEvMkRXVjVYQTNGWURncUY1aFFsSS1sSy1aeWJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS81ZWYwNjAtZjQ3My00MDQzLWI4YTItZTFiN2M3NjQ5ZmEz
LzEvaDhOOUExMlZfdnVoMUgtWXVmOUpjX0Y5OXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTs0MA0G
CSqGSIb3DQEBCwUAA4IBAQAaClGf+O6nvAKT0jLmct4huNDCUwda85os+PuJSf8a
kAW4xDLguukaHHIemGBW8o1V3/RuI3tSQodgXo+gW+upN6u5y4nnvMF+upK7UrS7
nTTT+dWvdQVCnrbDBZU4W3KypOYIAq9ChcR5zB0NKDxQq9k0A3Vbc8quiEfI4naE
Z1CgoI1r7nd2F05uAZuexmXt8R0WzMUlXdIScpxbqMTXBbi/ginRA9LLjy51bMSy
wRbXtlRDzQ99RUndKBlS5W5w/DPbIsrKh5vXDCrsuhynHgBdlvuvxHSEcICMMqQP
DSlunMkelwPfNL+Q3SCMS/bcBCS+25zgFsREgjXeqKEO
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:50:18 2024 by rpki-client on console-fra.rpki-client.org