Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/w_nv36brT4JRnGXtI1jVEeHHZxo.roa
File:                     w_nv36brT4JRnGXtI1jVEeHHZxo.roa (raw, json)
Hash identifier:          VrWqo4SHBluyRcOjSTWaxcAld4JXCKo8dfDYuqTTvqM=
Subject key identifier:   C3:F9:EF:DF:A6:EB:4F:82:51:9C:65:ED:23:58:D5:11:E1:C7:67:1A
Certificate issuer:       /CN=a96e2341d783e5934f87d05c473fc6d2b30d9d45
Certificate serial:       018CC3B690DB60CBFFCCB74D17DE415E252B
Authority key identifier: A9:6E:23:41:D7:83:E5:93:4F:87:D0:5C:47:3F:C6:D2:B3:0D:9D:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/w_nv36brT4JRnGXtI1jVEeHHZxo.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34373
IP address blocks:        185.171.163.0/24 maxlen: 24
                          185.82.152.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:90:db:60:cb:ff:cc:b7:4d:17:de:41:5e:25:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a96e2341d783e5934f87d05c473fc6d2b30d9d45
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3f9efdfa6eb4f82519c65ed2358d511e1c7671a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c1:f1:fc:d2:0f:f8:aa:6b:26:8b:c3:61:74:
                    0f:2f:b9:b9:c9:a3:ee:ce:8c:ff:b0:15:dc:c5:ef:
                    be:89:7b:80:f0:64:49:43:7c:4f:ac:8c:11:1f:5c:
                    97:2d:f8:56:19:f2:5d:2c:57:0d:3b:f5:60:02:2f:
                    f3:ac:d3:f1:7c:96:24:af:22:97:f6:47:b9:bd:3a:
                    7a:39:61:90:1f:aa:95:de:43:4e:ee:36:4b:3e:fb:
                    77:ae:a3:4e:c7:ba:28:5a:23:f2:1f:7a:85:db:f7:
                    3f:c4:3d:8e:da:e0:31:97:45:bb:bd:75:b4:95:c2:
                    11:41:05:22:b5:c6:39:22:62:0e:b9:5a:8c:bc:8a:
                    32:9a:eb:e2:07:1d:89:65:2b:88:5c:b4:df:ff:fb:
                    74:0a:06:5b:1d:b3:a3:9b:c8:98:fb:01:61:aa:d4:
                    35:e3:1d:62:f7:d4:20:79:01:85:53:b2:91:15:89:
                    01:30:4a:7a:10:1d:9a:fc:93:44:ce:93:4b:da:bd:
                    4d:c3:7e:76:06:d7:52:55:6a:f2:aa:86:d1:17:4b:
                    eb:53:66:4b:44:2a:a2:56:28:ef:22:1a:41:0a:20:
                    86:33:79:d1:31:35:df:51:24:aa:18:04:5c:c3:9d:
                    6c:ae:42:91:04:c6:c1:7d:b7:28:2e:d6:55:15:dc:
                    80:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:F9:EF:DF:A6:EB:4F:82:51:9C:65:ED:23:58:D5:11:E1:C7:67:1A
            X509v3 Authority Key Identifier:
                keyid:A9:6E:23:41:D7:83:E5:93:4F:87:D0:5C:47:3F:C6:D2:B3:0D:9D:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/w_nv36brT4JRnGXtI1jVEeHHZxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.152.0/23
                  185.171.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:99:a2:e7:78:2a:aa:3d:a0:a7:2d:84:a6:90:af:d1:c9:03:
         34:42:b4:8d:ad:6e:4a:a0:3b:ba:b7:80:94:4c:98:fa:e7:70:
         8a:38:2e:69:79:9a:a8:8d:04:84:f7:73:84:d0:ef:16:f3:86:
         8b:94:c4:3e:cd:48:d7:e9:0a:7c:c8:95:d2:c6:55:0e:4d:66:
         39:b2:16:3e:4f:c0:ad:d2:a4:b7:8c:97:e9:07:07:13:9d:05:
         50:c7:8f:0e:8a:ed:5d:f4:98:68:e5:90:e1:23:76:7f:b5:fb:
         3f:03:77:69:51:d7:ed:b9:c3:c3:49:2e:32:e5:85:da:e5:21:
         e1:8b:57:be:55:c1:cb:f0:1f:3f:c6:37:92:a6:8d:21:52:45:
         5e:59:b4:a3:41:53:7f:18:c4:9d:60:27:51:17:d1:27:c8:8f:
         26:27:11:4c:e2:17:da:95:b1:46:b5:73:b0:0d:ae:ac:a8:11:
         af:a4:fe:fa:4e:76:39:9e:c7:80:ab:45:ea:93:3b:87:11:30:
         fa:0b:9b:67:f8:00:6f:0d:f6:e3:9b:a6:d3:c7:29:e7:57:fc:
         dc:41:b6:9e:e0:f1:84:89:aa:55:1f:6f:d4:2d:6d:8c:59:20:
         ce:ed:76:d3:17:8c:c3:19:f3:87:4f:bf:11:67:e3:a4:9f:22:
         cf:3f:8e:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtpDbYMv/zLdNF95BXiUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NmUyMzQxZDc4M2U1OTM0Zjg3ZDA1YzQ3M2ZjNmQyYjMw
ZDlkNDUwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Y5ZWZkZmE2ZWI0ZjgyNTE5YzY1ZWQyMzU4ZDUxMWUxYzc2NzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMHx/NIP+KprJovDYXQPL7m5yaPu
zoz/sBXcxe++iXuA8GRJQ3xPrIwRH1yXLfhWGfJdLFcNO/VgAi/zrNPxfJYkryKX
9ke5vTp6OWGQH6qV3kNO7jZLPvt3rqNOx7ooWiPyH3qF2/c/xD2O2uAxl0W7vXW0
lcIRQQUitcY5ImIOuVqMvIoymuviBx2JZSuIXLTf//t0CgZbHbOjm8iY+wFhqtQ1
4x1i99QgeQGFU7KRFYkBMEp6EB2a/JNEzpNL2r1Nw352BtdSVWryqobRF0vrU2ZL
RCqiVijvIhpBCiCGM3nRMTXfUSSqGARcw51srkKRBMbBfbcoLtZVFdyAqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMP579+m60+CUZxl7SNY1RHhx2caMB8GA1UdIwQY
MBaAFKluI0HXg+WTT4fQXEc/xtKzDZ1FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVc0alFkZUQ1Wk5QaDlCY1J6X0cwck1OblVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yNTc5MzItYzE4Zi00MTFkLTliNmYt
NmQ0MjI1N2M4ZjZiLzEvd19udjM2YnJUNEpSbkdYdEkxalZFZUhIWnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yNTc5MzItYzE4Zi00MTFkLTliNmYtNmQ0MjI1N2M4ZjZi
LzEvcVc0alFkZUQ1Wk5QaDlCY1J6X0cwck1OblVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuVKYAwQA
uaujMA0GCSqGSIb3DQEBCwUAA4IBAQDAmaLneCqqPaCnLYSmkK/RyQM0QrSNrW5K
oDu6t4CUTJj653CKOC5peZqojQSE93OE0O8W84aLlMQ+zUjX6Qp8yJXSxlUOTWY5
shY+T8Ct0qS3jJfpBwcTnQVQx48Oiu1d9Jho5ZDhI3Z/tfs/A3dpUdftucPDSS4y
5YXa5SHhi1e+VcHL8B8/xjeSpo0hUkVeWbSjQVN/GMSdYCdRF9EnyI8mJxFM4hfa
lbFGtXOwDa6sqBGvpP76TnY5nseAq0XqkzuHETD6C5tn+ABvDfbjm6bTxynnV/zc
Qbae4PGEiapVH2/ULW2MWSDO7XbTF4zDGfOHT78RZ+OknyLPP44W
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:31:23 2024 by rpki-client on console-fra.rpki-client.org