Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/a1c6ec-c260-4ca2-887b-4bb94cbc2e73/1/O_WB8liwAacA7IGVD7Hg4oIznr0.roa
File:                     O_WB8liwAacA7IGVD7Hg4oIznr0.roa (raw, json)
Hash identifier:          p3tixNjtpSKbQSqUY/5I6m5Z2XODc5xQHDRo9yAarNc=
Subject key identifier:   3B:F5:81:F2:58:B0:01:A7:00:EC:81:95:0F:B1:E0:E2:82:33:9E:BD
Certificate issuer:       /CN=5b6d178f13851306b5634df159716319f4d82478
Certificate serial:       018CC26D50EDBA7924838F39FA6D20264605
Authority key identifier: 5B:6D:17:8F:13:85:13:06:B5:63:4D:F1:59:71:63:19:F4:D8:24:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W20XjxOFEwa1Y03xWXFjGfTYJHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/a1c6ec-c260-4ca2-887b-4bb94cbc2e73/1/O_WB8liwAacA7IGVD7Hg4oIznr0.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207459
IP address blocks:        91.217.119.0/24 maxlen: 32
                          2a0e:36c2::/32 maxlen: 32
                          2a0e:36c0::/32 maxlen: 32
                          2a0e:36c6::/32 maxlen: 32
                          2a0e:36c3::/32 maxlen: 32
                          2a0e:36c1::/32 maxlen: 32
                          2a0e:36c5::/32 maxlen: 32
                          2a0e:36c0::/29 maxlen: 32
                          2a0e:36c7::/32 maxlen: 32
                          2a0e:36c4::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/a1c6ec-c260-4ca2-887b-4bb94cbc2e73/1/W20XjxOFEwa1Y03xWXFjGfTYJHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/a1c6ec-c260-4ca2-887b-4bb94cbc2e73/1/W20XjxOFEwa1Y03xWXFjGfTYJHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W20XjxOFEwa1Y03xWXFjGfTYJHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 16:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:50:ed:ba:79:24:83:8f:39:fa:6d:20:26:46:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b6d178f13851306b5634df159716319f4d82478
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bf581f258b001a700ec81950fb1e0e282339ebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c9:c5:fc:3d:7a:ac:71:51:1e:29:43:4e:c2:
                    54:34:2c:33:14:09:95:57:73:bd:08:f0:68:99:f6:
                    f4:fe:99:39:75:76:ad:15:69:2a:df:5e:b1:42:c4:
                    00:0c:ed:7d:8f:13:53:41:69:47:28:c3:2f:27:30:
                    1f:46:da:82:ae:e7:da:1c:8a:93:cf:48:03:9b:74:
                    2c:c6:4f:5a:e6:2c:a0:ba:c4:68:55:16:d0:d3:d3:
                    06:8c:ad:3c:8a:26:29:73:d7:96:f7:ac:1c:fa:37:
                    49:c7:a3:45:6c:47:58:c0:00:44:46:b9:b0:4b:41:
                    7c:99:bd:f9:e6:fa:ec:17:9c:af:92:9f:74:fe:b4:
                    f3:14:0c:07:01:bd:9a:81:c9:e0:85:84:5f:cd:11:
                    68:9a:8a:08:6e:19:2d:0d:29:24:4d:0d:81:a6:50:
                    4b:be:1f:82:e2:1f:47:a9:e9:7c:bb:ab:26:b9:96:
                    67:f7:79:e9:7c:32:be:2a:44:e0:9a:92:99:42:5c:
                    f5:d4:0b:c3:8b:39:21:a4:1f:8c:df:1c:6b:56:f0:
                    ac:2b:a5:5a:93:9d:6b:98:3b:b3:f7:3f:7e:4b:d3:
                    8f:0d:8a:5f:ab:9e:ec:51:c3:2a:48:08:81:3d:b9:
                    9e:2c:14:3e:60:ca:08:2a:2f:bb:9b:34:a4:01:5c:
                    dd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:F5:81:F2:58:B0:01:A7:00:EC:81:95:0F:B1:E0:E2:82:33:9E:BD
            X509v3 Authority Key Identifier:
                keyid:5B:6D:17:8F:13:85:13:06:B5:63:4D:F1:59:71:63:19:F4:D8:24:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W20XjxOFEwa1Y03xWXFjGfTYJHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a1c6ec-c260-4ca2-887b-4bb94cbc2e73/1/O_WB8liwAacA7IGVD7Hg4oIznr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a1c6ec-c260-4ca2-887b-4bb94cbc2e73/1/W20XjxOFEwa1Y03xWXFjGfTYJHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.119.0/24
                IPv6:
                  2a0e:36c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:c2:ff:c6:e8:c2:78:7f:e2:ea:52:d7:17:8c:26:c4:87:16:
         4a:31:f2:05:10:10:77:40:fb:49:5c:30:52:b9:1e:ed:d0:57:
         4a:e6:95:20:48:63:57:66:94:9b:6e:9b:1b:db:02:7b:dd:2d:
         66:94:91:45:b7:4d:d6:3c:a4:d3:04:f0:53:9d:a5:f1:e4:37:
         ac:14:28:7e:b5:8c:db:12:c3:86:e0:6c:e8:c8:c5:5c:29:da:
         e9:ef:7d:15:8a:ca:3b:05:d4:b7:02:0f:ef:54:98:4b:32:d4:
         ab:18:d9:07:af:03:48:ea:0c:3d:fa:cd:e6:79:16:0d:2a:a3:
         a8:a4:45:49:1c:85:b6:b7:29:e5:55:4f:c1:ad:ae:d6:e9:27:
         a7:89:b2:e1:48:e3:d1:43:30:39:c2:c4:e8:e2:11:fc:98:ff:
         19:cd:cb:05:d6:ba:a5:4a:d9:ee:63:16:0a:0a:c2:11:78:96:
         72:a8:95:8b:14:75:6d:61:e4:a0:3f:11:fd:d1:9d:7a:4a:da:
         54:cf:bb:3a:3e:78:f9:bb:72:cc:41:58:fe:79:18:b7:db:27:
         9b:73:e4:e3:05:7e:8c:fb:42:33:8d:c5:aa:d4:a1:11:f6:cf:
         fd:d6:29:66:8a:a6:1e:28:08:17:cf:a9:42:0f:32:cb:e1:2a:
         c1:4f:6b:f8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbVDtunkkg485+m0gJkYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNmQxNzhmMTM4NTEzMDZiNTYzNGRmMTU5NzE2MzE5ZjRk
ODI0NzgwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmY1ODFmMjU4YjAwMWE3MDBlYzgxOTUwZmIxZTBlMjgyMzM5ZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicnF/D16rHFRHilDTsJUNCwzFAmV
V3O9CPBomfb0/pk5dXatFWkq316xQsQADO19jxNTQWlHKMMvJzAfRtqCrufaHIqT
z0gDm3Qsxk9a5iygusRoVRbQ09MGjK08iiYpc9eW96wc+jdJx6NFbEdYwABERrmw
S0F8mb355vrsF5yvkp90/rTzFAwHAb2agcnghYRfzRFomooIbhktDSkkTQ2BplBL
vh+C4h9Hqel8u6smuZZn93npfDK+KkTgmpKZQlz11AvDizkhpB+M3xxrVvCsK6Va
k51rmDuz9z9+S9OPDYpfq57sUcMqSAiBPbmeLBQ+YMoIKi+7mzSkAVzdLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDv1gfJYsAGnAOyBlQ+x4OKCM569MB8GA1UdIwQY
MBaAFFttF48ThRMGtWNN8VlxYxn02CR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzIwWGp4T0ZFd2ExWTAzeFdYRmpHZlRZSkhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9hMWM2ZWMtYzI2MC00Y2EyLTg4N2It
NGJiOTRjYmMyZTczLzEvT19XQjhsaXdBYWNBN0lHVkQ3SGc0b0l6bnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9hMWM2ZWMtYzI2MC00Y2EyLTg4N2ItNGJiOTRjYmMyZTcz
LzEvVzIwWGp4T0ZFd2ExWTAzeFdYRmpHZlRZSkhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9l3MA0E
AgACMAcDBQMqDjbAMA0GCSqGSIb3DQEBCwUAA4IBAQCmwv/G6MJ4f+LqUtcXjCbE
hxZKMfIFEBB3QPtJXDBSuR7t0FdK5pUgSGNXZpSbbpsb2wJ73S1mlJFFt03WPKTT
BPBTnaXx5DesFCh+tYzbEsOG4GzoyMVcKdrp730Viso7BdS3Ag/vVJhLMtSrGNkH
rwNI6gw9+s3meRYNKqOopEVJHIW2tynlVU/Bra7W6SenibLhSOPRQzA5wsTo4hH8
mP8ZzcsF1rqlStnuYxYKCsIReJZyqJWLFHVtYeSgPxH90Z16StpUz7s6Pnj5u3LM
QVj+eRi32yebc+TjBX6M+0IzjcWq1KER9s/91ilmiqYeKAgXz6lCDzLL4SrBT2v4
-----END CERTIFICATE-----
Generated at Thu Jun 13 20:02:38 2024 by rpki-client on console-ams.rpki-client.org