Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/82d6af-eac8-4d18-9aea-cee4c518770d/1/Wv8D2xiKWhnpjLEmHjSovV2X51A.roa
File:                     Wv8D2xiKWhnpjLEmHjSovV2X51A.roa (raw, json)
Hash identifier:          uDSBc789BQxtCtlY99yYjdgGEimK8T9lkMQxatMFba8=
Subject key identifier:   5A:FF:03:DB:18:8A:5A:19:E9:8C:B1:26:1E:34:A8:BD:5D:97:E7:50
Certificate issuer:       /CN=5f0f162afa7bfd7b847c1dd0eb4aebea93c469cf
Certificate serial:       018CC6B7EF4046598739D63E478BA4CB9643
Authority key identifier: 5F:0F:16:2A:FA:7B:FD:7B:84:7C:1D:D0:EB:4A:EB:EA:93:C4:69:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xw8WKvp7_XuEfB3Q60rr6pPEac8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/82d6af-eac8-4d18-9aea-cee4c518770d/1/Wv8D2xiKWhnpjLEmHjSovV2X51A.roa
Signing time:             Mon 01 Jan 2024 20:29:52 +0000
ROA not before:           Mon 01 Jan 2024 20:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47737
IP address blocks:        94.124.168.0/21 maxlen: 21
                          78.142.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/82d6af-eac8-4d18-9aea-cee4c518770d/1/Xw8WKvp7_XuEfB3Q60rr6pPEac8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/82d6af-eac8-4d18-9aea-cee4c518770d/1/Xw8WKvp7_XuEfB3Q60rr6pPEac8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xw8WKvp7_XuEfB3Q60rr6pPEac8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ef:40:46:59:87:39:d6:3e:47:8b:a4:cb:96:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0f162afa7bfd7b847c1dd0eb4aebea93c469cf
        Validity
            Not Before: Jan  1 20:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5aff03db188a5a19e98cb1261e34a8bd5d97e750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:03:37:bd:83:c5:11:22:e8:67:c2:47:10:5a:
                    d5:90:13:e3:72:11:e8:e6:d7:f4:90:e1:41:29:27:
                    86:c4:85:5d:ac:23:52:53:ac:ab:6b:0f:c8:16:8a:
                    96:ad:2a:ad:ff:ef:df:e9:0b:3a:e7:48:45:a3:77:
                    96:72:18:57:26:0f:67:4f:ed:c3:f5:ad:a4:11:ca:
                    aa:7a:6c:22:9e:53:83:54:b2:66:c6:7c:75:b5:9b:
                    e7:56:c5:e2:bc:8d:98:f3:d9:d3:04:5f:db:8a:35:
                    df:16:d3:25:a0:dd:3c:90:de:82:5b:9f:44:5a:f0:
                    dd:46:6b:00:ad:c4:09:a3:b2:c3:8d:27:bb:8d:48:
                    27:02:b1:bd:9c:1b:9a:42:83:70:74:04:39:9b:25:
                    49:1d:20:f1:29:09:8a:c6:e9:c7:20:22:a4:dc:31:
                    cc:15:1b:a2:eb:8f:8e:4e:ca:bf:99:fd:2c:d8:03:
                    6e:bd:17:f9:10:a6:40:b0:8f:7d:19:6c:79:88:43:
                    cb:24:b9:4b:ed:52:76:27:e1:df:b6:7e:44:de:5e:
                    c9:90:df:da:ec:6d:d0:5e:ef:b9:aa:19:06:ac:63:
                    d2:7e:9d:36:0d:2d:b3:39:55:90:30:b2:f5:80:43:
                    4c:25:d4:80:22:a5:92:20:38:cf:d2:49:4e:1b:73:
                    fa:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:FF:03:DB:18:8A:5A:19:E9:8C:B1:26:1E:34:A8:BD:5D:97:E7:50
            X509v3 Authority Key Identifier:
                keyid:5F:0F:16:2A:FA:7B:FD:7B:84:7C:1D:D0:EB:4A:EB:EA:93:C4:69:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xw8WKvp7_XuEfB3Q60rr6pPEac8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/82d6af-eac8-4d18-9aea-cee4c518770d/1/Wv8D2xiKWhnpjLEmHjSovV2X51A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/82d6af-eac8-4d18-9aea-cee4c518770d/1/Xw8WKvp7_XuEfB3Q60rr6pPEac8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.220.0/22
                  94.124.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         19:e7:f8:8b:1d:ce:01:b4:20:bc:65:4f:82:62:f6:e0:c4:a8:
         cc:db:cb:1f:eb:55:1e:97:29:e7:fb:be:c9:77:01:a1:0c:d3:
         78:b7:98:27:81:ce:02:cc:8b:8b:c7:c0:3e:cc:4c:d8:00:ec:
         1c:ef:07:49:28:4a:2f:ce:09:2b:73:41:ee:bd:95:32:3e:7a:
         f1:40:6b:7d:4c:81:b7:92:11:4e:69:ac:fb:e6:55:b9:a0:1a:
         b0:75:33:97:7a:be:5c:61:79:93:ce:f9:4c:11:92:40:79:af:
         f1:58:f5:f1:91:c0:f0:98:bd:8c:c2:03:5f:ca:17:ce:2e:2e:
         b5:23:98:35:3d:97:78:62:32:94:c9:27:93:9b:9d:f8:31:b0:
         ec:77:66:ec:16:0f:03:4f:96:e5:52:07:ff:a0:af:a9:b0:87:
         fd:7f:e6:22:19:d3:e7:9d:25:19:23:be:d0:75:c1:70:57:3a:
         b8:68:6a:55:9c:13:93:e7:54:6b:c9:e9:10:09:9d:7d:aa:04:
         03:39:2a:82:e7:c1:80:1a:8e:d9:e0:ce:ff:b6:7f:5b:72:aa:
         cf:4e:77:66:a7:26:20:e2:4d:8d:df:4c:2e:1e:5e:36:95:60:
         b3:7f:9f:cf:51:0f:7b:a2:01:db:61:33:52:7f:35:65:54:9f:
         6d:23:a5:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt+9ARlmHOdY+R4uky5ZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMGYxNjJhZmE3YmZkN2I4NDdjMWRkMGViNGFlYmVhOTNj
NDY5Y2YwHhcNMjQwMTAxMjAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWZmMDNkYjE4OGE1YTE5ZTk4Y2IxMjYxZTM0YThiZDVkOTdlNzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgM3vYPFESLoZ8JHEFrVkBPjchHo
5tf0kOFBKSeGxIVdrCNSU6yraw/IFoqWrSqt/+/f6Qs650hFo3eWchhXJg9nT+3D
9a2kEcqqemwinlODVLJmxnx1tZvnVsXivI2Y89nTBF/bijXfFtMloN08kN6CW59E
WvDdRmsArcQJo7LDjSe7jUgnArG9nBuaQoNwdAQ5myVJHSDxKQmKxunHICKk3DHM
FRui64+OTsq/mf0s2ANuvRf5EKZAsI99GWx5iEPLJLlL7VJ2J+Hftn5E3l7JkN/a
7G3QXu+5qhkGrGPSfp02DS2zOVWQMLL1gENMJdSAIqWSIDjP0klOG3P6KQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFr/A9sYiloZ6YyxJh40qL1dl+dQMB8GA1UdIwQY
MBaAFF8PFir6e/17hHwd0OtK6+qTxGnPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHc4V0t2cDdfWHVFZkIzUTYwcnI2cFBFYWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy84MmQ2YWYtZWFjOC00ZDE4LTlhZWEt
Y2VlNGM1MTg3NzBkLzEvV3Y4RDJ4aUtXaG5wakxFbUhqU292VjJYNTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy84MmQ2YWYtZWFjOC00ZDE4LTlhZWEtY2VlNGM1MTg3NzBk
LzEvWHc4V0t2cDdfWHVFZkIzUTYwcnI2cFBFYWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTo7cAwQD
XnyoMA0GCSqGSIb3DQEBCwUAA4IBAQAZ5/iLHc4BtCC8ZU+CYvbgxKjM28sf61Ue
lynn+77JdwGhDNN4t5gngc4CzIuLx8A+zEzYAOwc7wdJKEovzgkrc0HuvZUyPnrx
QGt9TIG3khFOaaz75lW5oBqwdTOXer5cYXmTzvlMEZJAea/xWPXxkcDwmL2MwgNf
yhfOLi61I5g1PZd4YjKUySeTm534MbDsd2bsFg8DT5blUgf/oK+psIf9f+YiGdPn
nSUZI77QdcFwVzq4aGpVnBOT51RryekQCZ19qgQDOSqC58GAGo7Z4M7/tn9bcqrP
TndmpyYg4k2N30wuHl42lWCzf5/PUQ97ogHbYTNSfzVlVJ9tI6XU
-----END CERTIFICATE-----
Generated at Tue Nov 26 15:53:07 2024 by rpki-client on console-fra.rpki-client.org