Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/WfKb2A2IRAr2logNY8dVMMyvU8E.roa
File:                     WfKb2A2IRAr2logNY8dVMMyvU8E.roa (raw, json)
Hash identifier:          64QpnAndau8ZgGnIz0/p8hxVxiW741NDTR62Qv5+iYA=
Subject key identifier:   59:F2:9B:D8:0D:88:44:0A:F6:96:88:0D:63:C7:55:30:CC:AF:53:C1
Certificate issuer:       /CN=099a1f2dbf7b7a84ae57b8d67426b7e4e420fab5
Certificate serial:       018CC3489048E3EC3D141A0E6B8817D1BAB3
Authority key identifier: 09:9A:1F:2D:BF:7B:7A:84:AE:57:B8:D6:74:26:B7:E4:E4:20:FA:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/WfKb2A2IRAr2logNY8dVMMyvU8E.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        94.237.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:90:48:e3:ec:3d:14:1a:0e:6b:88:17:d1:ba:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=099a1f2dbf7b7a84ae57b8d67426b7e4e420fab5
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59f29bd80d88440af696880d63c75530ccaf53c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:35:b5:b0:01:b4:14:de:aa:c6:e1:14:81:c7:
                    1e:45:ec:6c:23:c2:61:a4:3d:e2:40:2f:8c:16:8d:
                    21:60:f9:1d:91:1b:93:86:5a:8f:87:eb:7a:1d:a2:
                    6f:ff:37:55:47:bc:ed:01:a6:9c:57:71:17:d4:83:
                    08:4a:66:db:0f:c7:90:a8:5e:4f:0a:ac:ad:ea:0d:
                    d0:1f:b5:07:aa:75:4e:9c:fd:26:0d:62:58:9e:7c:
                    db:ba:b9:f0:c5:8c:16:84:3c:06:23:55:1e:33:62:
                    50:be:75:3f:f2:46:30:6a:ca:b3:86:8e:81:09:1c:
                    1e:c4:1b:fe:1b:70:24:37:df:d5:9f:e0:84:49:9c:
                    2c:fe:8d:8e:a3:bb:f8:a8:86:7e:c8:36:dd:9b:c9:
                    b2:50:23:e5:40:98:d0:3a:87:ec:92:0a:e8:4c:9b:
                    b6:e5:43:2d:2b:9e:45:85:f3:31:04:a5:18:6c:a4:
                    0f:e5:28:9f:33:73:a5:af:e1:7c:5a:ba:a0:0e:ac:
                    c2:0a:0b:07:36:75:ad:c9:ce:d9:9d:bf:df:49:92:
                    a2:68:39:e9:de:14:08:17:b2:11:16:0c:dd:59:30:
                    13:2c:66:f2:2d:47:b3:66:88:11:41:72:33:28:48:
                    57:d6:b0:ff:f4:6b:fd:09:b2:94:fa:cb:ef:8e:08:
                    c3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F2:9B:D8:0D:88:44:0A:F6:96:88:0D:63:C7:55:30:CC:AF:53:C1
            X509v3 Authority Key Identifier:
                keyid:09:9A:1F:2D:BF:7B:7A:84:AE:57:B8:D6:74:26:B7:E4:E4:20:FA:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/WfKb2A2IRAr2logNY8dVMMyvU8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.237.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:9f:2a:4c:89:e8:d1:65:af:2c:bf:dc:5d:b8:35:12:db:73:
         d2:66:6e:c9:cf:bd:29:cd:07:68:e8:19:f6:08:f7:74:91:3a:
         e5:60:92:ba:3e:dc:5a:83:1e:db:13:f5:04:1d:0a:2d:f6:92:
         d1:c1:57:3e:5e:40:39:28:7a:31:c7:33:e7:7b:fc:82:42:7a:
         fe:59:d2:46:8f:4d:e8:3f:08:b6:41:be:24:7c:94:05:26:0a:
         62:b1:77:a3:20:a8:d5:ee:37:a8:c6:c8:16:c6:65:2c:02:24:
         d1:e2:fa:78:0d:de:d1:6f:48:61:53:c9:62:cb:90:b6:ad:41:
         a0:3d:6c:84:0a:01:1b:c7:39:7e:8c:5c:0d:83:d2:19:4f:92:
         b0:07:41:38:d0:68:03:da:49:d1:8b:33:cc:bd:df:1f:6c:d0:
         9e:0c:83:9d:21:99:71:8c:e4:5a:d1:e5:c5:51:74:cb:da:b1:
         8d:1d:89:9b:ba:23:45:50:b9:5c:32:02:13:fa:66:d2:9c:2c:
         d9:61:a2:6f:aa:4f:0f:7a:cf:4c:20:27:cb:ec:ce:77:c5:a0:
         ef:70:ed:f2:6e:98:9d:da:20:91:e3:e8:1d:ab:45:2f:70:07:
         50:51:36:e2:cc:84:fd:4a:99:a6:b2:80:a1:8d:d6:5a:3c:ef:
         3e:9e:5d:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJBI4+w9FBoOa4gX0bqzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OWExZjJkYmY3YjdhODRhZTU3YjhkNjc0MjZiN2U0ZTQy
MGZhYjUwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWYyOWJkODBkODg0NDBhZjY5Njg4MGQ2M2M3NTUzMGNjYWY1M2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTW1sAG0FN6qxuEUgcceRexsI8Jh
pD3iQC+MFo0hYPkdkRuThlqPh+t6HaJv/zdVR7ztAaacV3EX1IMISmbbD8eQqF5P
Cqyt6g3QH7UHqnVOnP0mDWJYnnzburnwxYwWhDwGI1UeM2JQvnU/8kYwasqzho6B
CRwexBv+G3AkN9/Vn+CESZws/o2Oo7v4qIZ+yDbdm8myUCPlQJjQOofskgroTJu2
5UMtK55FhfMxBKUYbKQP5SifM3Olr+F8WrqgDqzCCgsHNnWtyc7Znb/fSZKiaDnp
3hQIF7IRFgzdWTATLGbyLUezZogRQXIzKEhX1rD/9Gv9CbKU+svvjgjD8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnym9gNiEQK9paIDWPHVTDMr1PBMB8GA1UdIwQY
MBaAFAmaHy2/e3qErle41nQmt+TkIPq1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1pvZkxiOTdlb1N1VjdqV2RDYTM1T1FnLXJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9kNDJhYmItMzM0Mi00ODg3LWFmNDAt
OWNkNjhmMjIxZTIxLzEvV2ZLYjJBMklSQXIybG9nTlk4ZFZNTXl2VThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9kNDJhYmItMzM0Mi00ODg3LWFmNDAtOWNkNjhmMjIxZTIx
LzEvQ1pvZkxiOTdlb1N1VjdqV2RDYTM1T1FnLXJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXu1/MA0G
CSqGSIb3DQEBCwUAA4IBAQCDnypMiejRZa8sv9xduDUS23PSZm7Jz70pzQdo6Bn2
CPd0kTrlYJK6Ptxagx7bE/UEHQot9pLRwVc+XkA5KHoxxzPne/yCQnr+WdJGj03o
Pwi2Qb4kfJQFJgpisXejIKjV7jeoxsgWxmUsAiTR4vp4Dd7Rb0hhU8liy5C2rUGg
PWyECgEbxzl+jFwNg9IZT5KwB0E40GgD2knRizPMvd8fbNCeDIOdIZlxjORa0eXF
UXTL2rGNHYmbuiNFULlcMgIT+mbSnCzZYaJvqk8Pes9MICfL7M53xaDvcO3ybpid
2iCR4+gdq0UvcAdQUTbizIT9SpmmsoChjdZaPO8+nl1E
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:11:18 2024 by rpki-client on console-ams.rpki-client.org