Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/WIIsSIk0oAqZ-zpzLhEILB0lkyY.roa
File:                     WIIsSIk0oAqZ-zpzLhEILB0lkyY.roa (raw, json)
Hash identifier:          0Br8xx+/b87POLLjDVH4qSOOVCF3Jr2VYr/ulAFgp14=
Subject key identifier:   58:82:2C:48:89:34:A0:0A:99:FB:3A:73:2E:11:08:2C:1D:25:93:26
Certificate issuer:       /CN=290bcc50a9a33ba5651efd1afe40b6fdb02556f0
Certificate serial:       018CC5DC5440A1AEC2BD68A8E6D36E699FA8
Authority key identifier: 29:0B:CC:50:A9:A3:3B:A5:65:1E:FD:1A:FE:40:B6:FD:B0:25:56:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQvMUKmjO6VlHv0a_kC2_bAlVvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/WIIsSIk0oAqZ-zpzLhEILB0lkyY.roa
Signing time:             Mon 01 Jan 2024 16:30:00 +0000
ROA not before:           Mon 01 Jan 2024 16:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48573
IP address blocks:        94.143.44.0/22 maxlen: 22
                          94.143.40.0/22 maxlen: 22
                          94.143.40.0/21 maxlen: 21
                          185.43.10.0/23 maxlen: 23
                          185.43.8.0/23 maxlen: 23
                          185.43.8.0/22 maxlen: 22
                          95.215.138.0/23 maxlen: 23
                          95.215.136.0/23 maxlen: 23
                          95.215.136.0/22 maxlen: 22
                          193.29.230.0/23 maxlen: 23
                          31.185.0.0/22 maxlen: 22
                          31.185.0.0/21 maxlen: 21
                          31.185.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/KQvMUKmjO6VlHv0a_kC2_bAlVvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/KQvMUKmjO6VlHv0a_kC2_bAlVvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQvMUKmjO6VlHv0a_kC2_bAlVvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:54:40:a1:ae:c2:bd:68:a8:e6:d3:6e:69:9f:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=290bcc50a9a33ba5651efd1afe40b6fdb02556f0
        Validity
            Not Before: Jan  1 16:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58822c488934a00a99fb3a732e11082c1d259326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7f:17:84:e9:8e:db:9c:25:68:a7:a5:0c:d8:
                    74:b6:0e:40:20:90:c0:77:ec:03:9e:32:0d:1e:43:
                    bc:1f:ed:0b:b3:01:9a:42:11:9c:58:d3:59:71:10:
                    c0:64:cb:40:5d:34:b6:3c:b1:d5:34:95:cb:75:2a:
                    8f:df:b4:61:85:b3:bc:0f:c3:86:fd:f0:a7:c2:9d:
                    4c:ff:16:e5:07:cd:f4:21:66:b2:bf:2c:02:c0:5a:
                    ea:52:08:22:4e:18:85:7a:19:89:85:31:fd:5c:06:
                    33:01:99:4c:98:a6:68:21:c0:71:56:e8:5c:2b:75:
                    55:5a:43:ed:42:e5:9e:33:d7:56:95:8b:5c:4e:bc:
                    7e:20:b2:9d:f8:04:19:a4:c6:ea:c8:02:b1:52:9e:
                    0a:b8:24:8f:99:3f:a2:a2:62:bb:5e:df:fb:43:bf:
                    4d:bf:fc:56:84:1e:b1:d9:a8:cb:a5:e0:2c:06:a6:
                    9d:1b:d1:20:a7:e5:39:fc:99:b2:57:e7:0a:63:8b:
                    53:2f:01:3b:07:9f:2d:c9:41:72:bd:e5:8c:ad:8f:
                    5e:af:81:27:be:4b:12:b8:37:5c:ce:df:f4:61:f4:
                    12:a9:8d:ce:5f:41:3c:a2:5b:be:83:68:ab:3a:4c:
                    28:71:e3:2c:72:50:15:1d:9d:de:31:f0:6f:85:2c:
                    bf:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:82:2C:48:89:34:A0:0A:99:FB:3A:73:2E:11:08:2C:1D:25:93:26
            X509v3 Authority Key Identifier:
                keyid:29:0B:CC:50:A9:A3:3B:A5:65:1E:FD:1A:FE:40:B6:FD:B0:25:56:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQvMUKmjO6VlHv0a_kC2_bAlVvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/WIIsSIk0oAqZ-zpzLhEILB0lkyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/KQvMUKmjO6VlHv0a_kC2_bAlVvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.0.0/21
                  94.143.40.0/21
                  95.215.136.0/22
                  185.43.8.0/22
                  193.29.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:35:a6:d0:58:50:01:70:b5:eb:79:a2:f2:24:f4:6e:76:ef:
         44:b5:f3:99:9f:2a:96:7a:ec:a3:dd:15:5e:c1:bb:96:1a:da:
         e8:b7:85:4e:d7:fa:f4:91:8a:8e:39:51:4a:14:a0:46:93:45:
         17:38:4a:cf:11:c1:9c:80:07:32:06:37:18:fc:3c:46:e8:6e:
         11:16:40:a7:3b:22:75:fe:65:61:cd:87:d1:80:24:86:f5:bf:
         7f:fc:90:2a:a0:0c:a7:84:36:53:71:52:6b:1b:df:9c:54:b6:
         4d:1f:43:6b:21:af:bd:d3:ea:d2:bc:d0:4b:75:79:50:ad:63:
         bb:77:1f:4f:1e:ac:b1:4d:7b:dc:2c:db:7e:ff:4e:41:c6:44:
         0f:6d:1f:6f:bf:8f:c7:7b:21:28:1a:b9:31:7e:9e:c2:14:dd:
         ad:40:c5:3f:f5:21:03:52:36:8d:d8:44:0e:97:34:29:73:1c:
         28:1a:e1:1b:10:fb:c6:1b:35:f1:70:ce:b3:78:24:dd:64:a1:
         ce:6b:de:ae:a8:1e:af:81:5b:b6:c1:f4:cf:9a:36:9c:2c:cd:
         2b:b0:8c:47:9d:8e:d8:65:9e:54:09:31:4e:ad:4c:c8:5e:36:
         3f:9c:95:09:54:da:1a:59:46:2d:08:40:11:51:00:97:9e:2b:
         ff:74:57:44
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzF3FRAoa7CvWio5tNuaZ+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MGJjYzUwYTlhMzNiYTU2NTFlZmQxYWZlNDBiNmZkYjAy
NTU2ZjAwHhcNMjQwMTAxMTYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODgyMmM0ODg5MzRhMDBhOTlmYjNhNzMyZTExMDgyYzFkMjU5MzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj38XhOmO25wlaKelDNh0tg5AIJDA
d+wDnjINHkO8H+0LswGaQhGcWNNZcRDAZMtAXTS2PLHVNJXLdSqP37RhhbO8D8OG
/fCnwp1M/xblB830IWayvywCwFrqUggiThiFehmJhTH9XAYzAZlMmKZoIcBxVuhc
K3VVWkPtQuWeM9dWlYtcTrx+ILKd+AQZpMbqyAKxUp4KuCSPmT+iomK7Xt/7Q79N
v/xWhB6x2ajLpeAsBqadG9Egp+U5/JmyV+cKY4tTLwE7B58tyUFyveWMrY9er4En
vksSuDdczt/0YfQSqY3OX0E8olu+g2irOkwoceMsclAVHZ3eMfBvhSy/CwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFiCLEiJNKAKmfs6cy4RCCwdJZMmMB8GA1UdIwQY
MBaAFCkLzFCpozulZR79Gv5Atv2wJVbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1F2TVVLbWpPNlZsSHYwYV9rQzJfYkFsVnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi80YjZlZjQtMzhlZS00YzA2LThjYjYt
NzY5ODI0OTNlYTFhLzEvV0lJc1NJazBvQXFaLXpwekxoRUlMQjBsa3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi80YjZlZjQtMzhlZS00YzA2LThjYjYtNzY5ODI0OTNlYTFh
LzEvS1F2TVVLbWpPNlZsSHYwYV9rQzJfYkFsVnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDH7kAAwQD
Xo8oAwQCX9eIAwQCuSsIAwQBwR3mMA0GCSqGSIb3DQEBCwUAA4IBAQBzNabQWFAB
cLXreaLyJPRudu9EtfOZnyqWeuyj3RVewbuWGtrot4VO1/r0kYqOOVFKFKBGk0UX
OErPEcGcgAcyBjcY/DxG6G4RFkCnOyJ1/mVhzYfRgCSG9b9//JAqoAynhDZTcVJr
G9+cVLZNH0NrIa+90+rSvNBLdXlQrWO7dx9PHqyxTXvcLNt+/05BxkQPbR9vv4/H
eyEoGrkxfp7CFN2tQMU/9SEDUjaN2EQOlzQpcxwoGuEbEPvGGzXxcM6zeCTdZKHO
a96uqB6vgVu2wfTPmjacLM0rsIxHnY7YZZ5UCTFOrUzIXjY/nJUJVNoaWUYtCEAR
UQCXniv/dFdE
-----END CERTIFICATE-----
Generated at Tue Nov 26 20:13:29 2024 by rpki-client on console-ams.rpki-client.org