Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/hKJldulEGHoyzwDOt6VPXvhNTZg.roa
File:                     hKJldulEGHoyzwDOt6VPXvhNTZg.roa (raw, json)
Hash identifier:          4G0UwKZ37UMbmAXdgL/qQEuf9h/wjzF1ngJky7vmkhg=
Subject key identifier:   84:A2:65:76:E9:44:18:7A:32:CF:00:CE:B7:A5:4F:5E:F8:4D:4D:98
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018F5376F8A8D1DB23D97C25F4C2B7091DFF
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/hKJldulEGHoyzwDOt6VPXvhNTZg.roa
Signing time:             Tue 07 May 2024 14:30:56 +0000
ROA not before:           Tue 07 May 2024 14:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207273
IP address blocks:        45.148.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:76:f8:a8:d1:db:23:d9:7c:25:f4:c2:b7:09:1d:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: May  7 14:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84a26576e944187a32cf00ceb7a54f5ef84d4d98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e0:ab:2d:ea:25:bb:d6:e8:9a:f8:6b:1a:3a:
                    06:36:bd:dd:4f:84:f8:b2:36:eb:a7:cb:e2:60:03:
                    2d:5e:18:0a:a0:cf:e6:9c:71:ac:df:7b:c8:5d:f5:
                    b9:a4:ec:2e:ac:13:3f:22:6d:6b:7c:7c:8a:e8:7f:
                    b7:63:1c:07:7e:ba:a2:c4:53:75:76:27:90:0d:e4:
                    64:a6:9d:d9:14:ec:21:88:42:1e:37:e6:79:a3:fb:
                    8a:9c:48:9c:3a:13:15:22:d8:5a:04:c3:f8:6d:48:
                    20:8a:e6:c2:69:67:61:25:76:1c:e7:4e:52:75:a7:
                    d3:4d:a2:54:be:0a:af:85:33:2d:76:eb:7c:91:39:
                    2d:9a:b8:e8:b1:7e:b9:c0:86:ca:81:1d:f4:89:50:
                    aa:fe:ad:51:32:2a:58:75:7d:37:48:20:41:67:b7:
                    98:57:9d:a2:44:2d:47:bf:be:1e:c9:cd:b4:07:03:
                    cc:62:35:a6:d4:67:87:f1:4a:05:e2:f2:89:a7:e1:
                    79:73:d7:2a:a4:68:e3:70:68:41:0c:13:43:48:cf:
                    49:99:23:e2:56:90:50:43:21:87:6d:15:ee:43:5a:
                    0b:2e:90:6a:41:e5:2e:3a:d0:e1:1a:11:eb:65:6f:
                    71:18:3f:41:1f:d8:ae:5b:67:42:63:18:f0:1b:3e:
                    8c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:A2:65:76:E9:44:18:7A:32:CF:00:CE:B7:A5:4F:5E:F8:4D:4D:98
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/hKJldulEGHoyzwDOt6VPXvhNTZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:f8:62:55:27:5e:b0:e5:12:5a:31:4e:ed:e7:54:51:26:c6:
         a3:74:63:26:bf:7c:ac:38:e1:ac:89:49:cb:41:f5:27:94:f6:
         41:ad:ff:0e:78:46:fc:25:14:52:fb:38:dc:74:bf:98:fa:fa:
         19:7c:24:13:3c:70:58:65:2e:65:22:6b:50:1b:7c:51:d6:f2:
         43:87:64:33:11:20:ff:4d:df:4a:b2:8a:36:75:67:c8:63:51:
         ce:b5:dd:44:f0:16:5f:c3:ff:f8:44:01:3b:de:5b:a8:a1:a1:
         9e:89:9f:e9:b5:73:0c:7b:a1:01:fe:f7:6e:5e:48:61:90:5b:
         54:81:e3:7c:4a:44:0f:73:b7:8b:0f:2e:f7:2d:74:7d:62:08:
         ad:bd:b2:5f:28:05:bb:a7:2f:15:18:e7:27:55:be:3f:1c:37:
         e3:3c:b2:a3:e6:d9:a5:94:a0:d0:f0:7e:3f:55:49:be:33:65:
         0e:cf:cd:db:11:e6:98:19:e1:a4:3b:57:b5:f1:df:80:bc:d0:
         5a:54:46:f1:7c:11:c1:96:46:d0:14:8a:73:20:25:b7:1e:d3:
         5c:f5:3e:6c:30:fd:d7:42:57:b8:55:7d:1b:d1:65:91:52:4f:
         2c:c2:a1:f7:06:8f:3d:ee:77:1a:88:a1:a0:3c:8a:b2:6d:b3:
         72:02:3c:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9Tdvio0dsj2Xwl9MK3CR3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwNTA3MTQzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGEyNjU3NmU5NDQxODdhMzJjZjAwY2ViN2E1NGY1ZWY4NGQ0ZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+CrLeolu9bomvhrGjoGNr3dT4T4
sjbrp8viYAMtXhgKoM/mnHGs33vIXfW5pOwurBM/Im1rfHyK6H+3YxwHfrqixFN1
dieQDeRkpp3ZFOwhiEIeN+Z5o/uKnEicOhMVIthaBMP4bUggiubCaWdhJXYc505S
dafTTaJUvgqvhTMtdut8kTktmrjosX65wIbKgR30iVCq/q1RMipYdX03SCBBZ7eY
V52iRC1Hv74eyc20BwPMYjWm1GeH8UoF4vKJp+F5c9cqpGjjcGhBDBNDSM9JmSPi
VpBQQyGHbRXuQ1oLLpBqQeUuOtDhGhHrZW9xGD9BH9iuW2dCYxjwGz6MFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISiZXbpRBh6Ms8AzrelT174TU2YMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvaEtKbGR1bEVHSG95endET3Q2VlBYdmhOVFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZQyMA0G
CSqGSIb3DQEBCwUAA4IBAQBT+GJVJ16w5RJaMU7t51RRJsajdGMmv3ysOOGsiUnL
QfUnlPZBrf8OeEb8JRRS+zjcdL+Y+voZfCQTPHBYZS5lImtQG3xR1vJDh2QzESD/
Td9Ksoo2dWfIY1HOtd1E8BZfw//4RAE73luooaGeiZ/ptXMMe6EB/vduXkhhkFtU
geN8SkQPc7eLDy73LXR9YgitvbJfKAW7py8VGOcnVb4/HDfjPLKj5tmllKDQ8H4/
VUm+M2UOz83bEeaYGeGkO1e18d+AvNBaVEbxfBHBlkbQFIpzICW3HtNc9T5sMP3X
Qle4VX0b0WWRUk8swqH3Bo897ncaiKGgPIqybbNyAjxQ
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:32:02 2024 by rpki-client on console-ams.rpki-client.org