Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/0bnuTkCfYfzUfw3eB1VZySpW2z8.roa
File:                     0bnuTkCfYfzUfw3eB1VZySpW2z8.roa (raw, json)
Hash identifier:          57UexDJJ4dyqLTvR+hM8PAsHjeV+TSvkbh8n7TWviQs=
Subject key identifier:   D1:B9:EE:4E:40:9F:61:FC:D4:7F:0D:DE:07:55:59:C9:2A:56:DB:3F
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B5CC4D3853E22CCC9BA84F5198DE
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/0bnuTkCfYfzUfw3eB1VZySpW2z8.roa
Signing time:             Mon 01 Jan 2024 20:29:37 +0000
ROA not before:           Mon 01 Jan 2024 20:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57724
IP address blocks:        45.155.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b5:cc:4d:38:53:e2:2c:cc:9b:a8:4f:51:98:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1b9ee4e409f61fcd47f0dde075559c92a56db3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9c:56:21:39:d8:cb:d6:1d:11:06:8c:7e:09:
                    41:e9:4a:89:e1:8b:65:04:22:a1:0f:9d:44:37:46:
                    ae:58:bf:32:db:3a:3f:f5:5f:9f:41:a0:30:00:e3:
                    1f:c2:a1:93:3b:2b:23:1a:3e:a4:a9:e0:f4:d2:e3:
                    58:3a:03:6b:03:c6:c0:8f:91:2c:9b:0d:a0:35:03:
                    26:a9:c3:50:cf:3f:40:32:a8:c8:2f:c1:db:06:2d:
                    dc:63:3a:8d:07:dd:88:df:28:17:85:72:45:71:9d:
                    57:85:4a:af:1e:f9:bd:40:e5:8f:e4:2f:1f:2f:1c:
                    a8:ef:d7:d6:9b:1d:e8:10:81:c9:d9:94:9b:84:9d:
                    92:cf:0e:cd:7b:8e:e0:7a:28:a8:99:9e:a3:22:23:
                    67:93:f2:e8:f4:df:05:04:d6:68:a1:2a:95:bd:55:
                    73:82:8d:59:e8:b6:5c:10:c0:de:79:cc:d0:3d:02:
                    a6:0a:dc:e7:e3:07:9f:0d:98:d0:37:cc:42:a1:f9:
                    bc:d2:56:69:0f:8d:22:1d:27:58:32:74:5a:d9:40:
                    e7:eb:ee:ae:3b:38:08:6a:d5:dc:89:e4:fa:86:7c:
                    a1:64:ab:6d:61:62:4f:25:20:1e:22:6b:7a:d9:84:
                    72:24:1c:46:4c:cb:16:de:81:09:96:0c:5c:2a:9a:
                    67:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B9:EE:4E:40:9F:61:FC:D4:7F:0D:DE:07:55:59:C9:2A:56:DB:3F
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/0bnuTkCfYfzUfw3eB1VZySpW2z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:bc:24:51:2e:ee:97:c4:6a:d5:f7:85:78:7e:64:90:91:c0:
         89:66:27:b7:34:4e:dc:75:3d:db:05:4a:a3:e2:4b:f6:e6:db:
         53:45:1c:92:e1:27:87:49:89:a6:00:b2:f5:8b:f0:e8:d6:12:
         0e:e9:f8:ea:8a:07:7c:d8:5f:38:0d:48:0f:55:c3:6a:8a:b5:
         51:a1:84:7a:be:03:18:6b:0e:7e:24:cb:12:25:48:76:84:75:
         27:4c:ce:b5:60:93:a5:f3:5b:b2:40:9b:dc:52:57:d3:ae:7c:
         c7:b4:3c:3d:c4:8e:8b:e5:02:2b:97:84:c9:f8:a3:92:a1:b2:
         d3:83:4f:3b:cc:13:52:ba:a5:5d:f3:d9:ad:43:cd:ea:b9:0e:
         61:fc:a4:b2:54:c4:cb:b7:e9:d9:b3:63:16:ce:c2:a3:1f:01:
         b4:50:5c:7f:96:5f:1b:8d:71:a9:37:83:be:49:e0:7b:57:3e:
         61:f6:07:2c:38:40:2a:3f:b1:f9:83:cb:71:b9:f4:4a:b3:7f:
         0a:54:b7:32:c6:c3:ae:a3:e8:fd:97:22:ea:1c:ec:82:92:df:
         28:62:6e:59:52:03:a2:88:5d:0b:cb:c9:a2:95:ee:4d:76:70:
         1c:58:c9:6b:c6:eb:32:64:0e:10:a9:62:c2:d7:bd:4e:76:85:
         b7:6b:25:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7XMTThT4izMm6hPUZjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWI5ZWU0ZTQwOWY2MWZjZDQ3ZjBkZGUwNzU1NTljOTJhNTZkYjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJxWITnYy9YdEQaMfglB6UqJ4Ytl
BCKhD51EN0auWL8y2zo/9V+fQaAwAOMfwqGTOysjGj6kqeD00uNYOgNrA8bAj5Es
mw2gNQMmqcNQzz9AMqjIL8HbBi3cYzqNB92I3ygXhXJFcZ1XhUqvHvm9QOWP5C8f
Lxyo79fWmx3oEIHJ2ZSbhJ2Szw7Ne47geiiomZ6jIiNnk/Lo9N8FBNZooSqVvVVz
go1Z6LZcEMDeeczQPQKmCtzn4wefDZjQN8xCofm80lZpD40iHSdYMnRa2UDn6+6u
OzgIatXcieT6hnyhZKttYWJPJSAeImt62YRyJBxGTMsW3oEJlgxcKppnxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNG57k5An2H81H8N3gdVWckqVts/MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvMGJudVRrQ2ZZZnpVZnczZUIxVlp5U3BXMno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZs8MA0G
CSqGSIb3DQEBCwUAA4IBAQBdvCRRLu6XxGrV94V4fmSQkcCJZie3NE7cdT3bBUqj
4kv25ttTRRyS4SeHSYmmALL1i/Do1hIO6fjqigd82F84DUgPVcNqirVRoYR6vgMY
aw5+JMsSJUh2hHUnTM61YJOl81uyQJvcUlfTrnzHtDw9xI6L5QIrl4TJ+KOSobLT
g087zBNSuqVd89mtQ83quQ5h/KSyVMTLt+nZs2MWzsKjHwG0UFx/ll8bjXGpN4O+
SeB7Vz5h9gcsOEAqP7H5g8txufRKs38KVLcyxsOuo+j9lyLqHOyCkt8oYm5ZUgOi
iF0Ly8mile5NdnAcWMlrxusyZA4QqWLC171OdoW3ayXO
-----END CERTIFICATE-----
Generated at Sat Jun 15 19:25:56 2024 by rpki-client on console-ams.rpki-client.org