Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wUceHFsk9Qmkeqe4gxttRlZewtE.roa
File:                     wUceHFsk9Qmkeqe4gxttRlZewtE.roa (raw, json)
Hash identifier:          AgR8eOauNfb6hmDyeCchNhY21VtaBkJ5uqcA5mVCz8o=
Subject key identifier:   C1:47:1E:1C:5B:24:F5:09:A4:7A:A7:B8:83:1B:6D:46:56:5E:C2:D1
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018F682DB42C3B22FC4EACB8786DA358668D
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wUceHFsk9Qmkeqe4gxttRlZewtE.roa
Signing time:             Sat 11 May 2024 15:02:56 +0000
ROA not before:           Sat 11 May 2024 15:02:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        89.23.103.0/24 maxlen: 24
                          89.23.107.0/24 maxlen: 24
                          89.23.108.0/24 maxlen: 24
                          185.39.204.0/24 maxlen: 24
                          185.39.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:68:2d:b4:2c:3b:22:fc:4e:ac:b8:78:6d:a3:58:66:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: May 11 15:02:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1471e1c5b24f509a47aa7b8831b6d46565ec2d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:b8:da:f2:2f:3e:14:ae:4e:b5:0a:28:07:79:
                    d5:c7:32:86:38:b2:9f:9b:96:62:07:72:d1:b4:34:
                    65:a2:fe:c8:91:32:6b:97:70:e4:30:f8:b5:b8:4e:
                    48:a2:e5:e7:67:05:68:d0:80:a7:9e:ec:ad:8b:36:
                    7f:5d:60:f5:3b:e8:c3:2f:21:f5:15:3c:fc:d6:31:
                    48:fa:1f:36:08:29:a4:ca:35:b0:38:ea:d9:74:68:
                    a1:a1:32:98:a8:19:13:dd:37:9f:fc:01:81:79:7d:
                    da:25:f8:ad:fa:99:a9:ee:7e:0e:70:7a:db:27:e0:
                    8c:7f:3e:c0:a4:df:05:5e:11:12:75:0b:bd:9a:1c:
                    21:c1:63:74:7d:95:8f:b3:cd:75:b0:fe:a3:35:c5:
                    39:8b:32:fa:d4:cc:b9:9d:e2:d3:92:3e:ac:fa:d2:
                    80:29:8a:e4:48:e3:ba:80:1a:4f:14:e7:fd:66:f0:
                    43:2e:8f:08:bb:16:d7:7d:28:01:fd:3d:13:7d:c9:
                    06:18:20:b2:91:36:36:9d:8b:7e:94:42:b6:2f:9b:
                    d4:cc:48:f7:53:08:c8:f5:99:67:fa:85:c0:81:69:
                    16:a0:14:74:65:9b:5a:6a:a2:b4:20:e1:87:da:3e:
                    43:2c:9d:c4:f1:e0:a7:19:19:74:96:4a:00:13:3c:
                    17:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:47:1E:1C:5B:24:F5:09:A4:7A:A7:B8:83:1B:6D:46:56:5E:C2:D1
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wUceHFsk9Qmkeqe4gxttRlZewtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.103.0/24
                  89.23.107.0-89.23.108.255
                  185.39.204.0/24
                  185.39.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:bc:ed:45:a1:39:a7:f4:0a:66:13:b8:98:e7:65:13:42:7f:
         4a:cf:56:21:2b:05:45:c7:cf:38:09:f2:be:c6:84:40:74:8e:
         b6:7c:d5:18:7c:83:2e:e2:55:3c:a7:6c:4d:70:c0:87:31:5d:
         26:79:20:57:11:40:de:79:7f:81:7a:63:f0:72:0f:0d:25:08:
         87:f3:dd:42:71:b1:39:3e:b9:3c:ac:fa:56:94:2b:0d:92:9a:
         37:8f:32:27:b8:72:76:df:f8:14:d9:1b:7e:ac:c9:c5:a4:63:
         bd:54:27:17:c0:a4:6e:f2:bf:9a:68:1b:41:7b:40:7f:65:bc:
         95:14:b2:72:63:c5:ab:b8:fb:98:02:ed:50:82:ff:55:aa:4d:
         3f:f3:3e:99:8a:a9:83:68:a3:11:41:91:28:0d:dc:a5:9b:16:
         99:f6:23:60:ef:79:25:ea:e4:84:34:7e:2b:86:4b:e2:db:77:
         16:b5:b8:e1:be:c4:c0:e3:14:7a:1c:2a:07:44:58:f5:d5:6c:
         10:40:94:f6:31:26:2d:ee:ad:cf:2c:cb:47:b8:31:36:7f:d3:
         aa:6f:28:48:66:9c:14:33:66:b4:b3:56:74:33:01:57:a6:81:
         96:c4:4a:45:56:bf:27:e1:9a:7a:a0:cf:f1:fb:d4:ae:80:40:
         b5:4d:db:17
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY9oLbQsOyL8Tqy4eG2jWGaNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwNTExMTUwMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTQ3MWUxYzViMjRmNTA5YTQ3YWE3Yjg4MzFiNmQ0NjU2NWVjMmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9bja8i8+FK5OtQooB3nVxzKGOLKf
m5ZiB3LRtDRlov7IkTJrl3DkMPi1uE5IouXnZwVo0ICnnuytizZ/XWD1O+jDLyH1
FTz81jFI+h82CCmkyjWwOOrZdGihoTKYqBkT3Tef/AGBeX3aJfit+pmp7n4OcHrb
J+CMfz7ApN8FXhESdQu9mhwhwWN0fZWPs811sP6jNcU5izL61My5neLTkj6s+tKA
KYrkSOO6gBpPFOf9ZvBDLo8IuxbXfSgB/T0TfckGGCCykTY2nYt+lEK2L5vUzEj3
UwjI9Zln+oXAgWkWoBR0ZZtaaqK0IOGH2j5DLJ3E8eCnGRl0lkoAEzwXMQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFMFHHhxbJPUJpHqnuIMbbUZWXsLRMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvd1VjZUhGc2s5UW1rZXFlNGd4dHRSbFpld3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAWRdnMAwD
BABZF2sDBABZF2wDBAC5J8wDBAC5J88wDQYJKoZIhvcNAQELBQADggEBABS87UWh
Oaf0CmYTuJjnZRNCf0rPViErBUXHzzgJ8r7GhEB0jrZ81Rh8gy7iVTynbE1wwIcx
XSZ5IFcRQN55f4F6Y/ByDw0lCIfz3UJxsTk+uTys+laUKw2SmjePMie4cnbf+BTZ
G36sycWkY71UJxfApG7yv5poG0F7QH9lvJUUsnJjxau4+5gC7VCC/1WqTT/zPpmK
qYNooxFBkSgN3KWbFpn2I2DveSXq5IQ0fiuGS+Lbdxa1uOG+xMDjFHocKgdEWPXV
bBBAlPYxJi3urc8sy0e4MTZ/06pvKEhmnBQzZrSzVnQzAVemgZbESkVWvyfhmnqg
z/H71K6AQLVN2xc=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:19:11 2024 by rpki-client on console-fra.rpki-client.org