Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/s0ioViFZOBIqfUqe3yjbl1zCnnI.roa
File:                     s0ioViFZOBIqfUqe3yjbl1zCnnI.roa (raw, json)
Hash identifier:          rwgwYNmGuEnYj5W/l6Bv7MaUHDNwRTFsmDb85+F/CP0=
Subject key identifier:   B3:48:A8:56:21:59:38:12:2A:7D:4A:9E:DF:28:DB:97:5C:C2:9E:72
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018CC5011F73C83D37CDC70731C275ED7414
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/s0ioViFZOBIqfUqe3yjbl1zCnnI.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210489
IP address blocks:        45.140.8.0/23 maxlen: 23
                          45.141.206.0/23 maxlen: 23
                          45.157.202.0/23 maxlen: 23
                          46.161.210.0/23 maxlen: 23
                          46.161.220.0/23 maxlen: 23
                          46.161.222.0/23 maxlen: 23
                          45.135.96.0/23 maxlen: 23
                          45.135.98.0/23 maxlen: 23
                          45.136.64.0/22 maxlen: 23
                          185.222.32.0/23 maxlen: 23
                          185.222.34.0/23 maxlen: 23
                          45.141.16.0/23 maxlen: 23
                          45.152.8.0/23 maxlen: 23
                          45.141.18.0/23 maxlen: 23
                          193.110.4.0/23 maxlen: 24
                          91.244.204.0/22 maxlen: 23
                          195.62.22.0/23 maxlen: 24
                          45.141.62.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1f:73:c8:3d:37:cd:c7:07:31:c2:75:ed:74:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b348a856215938122a7d4a9edf28db975cc29e72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4a:ff:ac:5c:19:8e:0a:f8:5b:d8:14:26:23:
                    36:57:2c:ca:87:19:7c:21:81:a1:6b:ad:a5:c1:e6:
                    cf:88:34:4b:91:43:38:ea:8f:6e:de:1a:5f:26:a3:
                    1e:b1:7b:f8:72:f7:80:6b:a2:0b:7e:5a:5f:8c:83:
                    7e:03:45:32:76:74:f8:32:1f:c5:38:63:c1:a8:e2:
                    84:17:15:12:3f:53:27:8b:92:1f:b8:77:7b:4d:a1:
                    65:b1:a3:f4:5a:9f:59:d0:f9:af:39:d9:ba:7a:24:
                    1d:35:02:d5:ad:5e:75:8f:7d:a5:99:4b:3c:08:16:
                    ef:06:ae:11:3d:14:e5:f9:0a:c2:3b:78:e5:d1:36:
                    d5:6b:1f:1e:4a:e5:66:b9:cd:1d:50:32:2c:ba:b8:
                    08:33:84:9f:d6:19:38:8b:15:20:ac:0c:e5:96:a2:
                    9c:46:8d:1a:62:2c:b7:ad:e9:5b:d8:44:20:c0:b5:
                    99:07:a7:75:34:70:ef:5c:cf:69:73:29:c4:34:bf:
                    8d:9e:7a:76:56:b7:5d:08:04:22:99:2f:2d:80:88:
                    5e:b9:08:ec:04:e3:c0:77:fd:01:6e:3d:ee:84:8d:
                    24:66:8a:6a:1f:66:e0:b9:c9:be:55:db:96:f4:95:
                    e8:15:00:0f:b8:60:cb:3f:67:e1:7c:c2:95:2e:d3:
                    38:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:48:A8:56:21:59:38:12:2A:7D:4A:9E:DF:28:DB:97:5C:C2:9E:72
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/s0ioViFZOBIqfUqe3yjbl1zCnnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.96.0/22
                  45.136.64.0/22
                  45.140.8.0/23
                  45.141.16.0/22
                  45.141.62.0/23
                  45.141.206.0/23
                  45.152.8.0/23
                  45.157.202.0/23
                  46.161.210.0/23
                  46.161.220.0/22
                  91.244.204.0/22
                  185.222.32.0/22
                  193.110.4.0/23
                  195.62.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:b9:68:c3:f7:a3:e9:21:38:1c:34:43:01:79:2a:07:cd:0b:
         34:95:b1:31:82:33:44:c1:f4:36:e6:a2:be:1b:84:ec:98:13:
         46:b1:9c:68:8b:cd:61:7a:9b:f0:f1:5d:ef:a0:7e:ae:25:f0:
         38:be:52:db:94:3e:b1:19:59:cf:4c:40:a5:9c:8b:3e:88:60:
         66:b6:e7:ae:7e:44:69:58:4f:18:50:e7:b5:7a:e9:f0:26:b5:
         71:50:af:cc:d1:25:8a:54:f6:b4:91:0a:07:eb:20:aa:3b:de:
         f3:fa:1e:71:7d:b3:df:4a:7d:bb:17:d6:bc:fe:05:e9:52:b7:
         3e:f7:33:77:53:7c:2e:f9:1e:d8:36:0a:ce:c0:bb:a0:7a:cd:
         43:38:a2:a9:98:84:7b:56:df:94:51:eb:4d:8b:58:30:71:f3:
         e3:29:f9:a3:65:37:f7:ea:fb:9b:ba:2c:af:fd:3c:85:18:c2:
         81:57:e0:37:18:d2:59:d6:b8:04:7c:7f:ab:d4:cc:bc:b8:7b:
         90:fc:7b:2b:b1:60:1e:77:5b:e5:af:8e:fb:54:ed:cc:8e:1a:
         c5:05:8b:64:21:db:8e:80:3d:17:e6:8a:88:2e:9d:d4:51:3e:
         a1:4c:35:de:de:35:d9:d8:60:e9:d1:e9:95:4b:7d:85:fc:57:
         93:72:7a:8a
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYzFAR9zyD03zccHMcJ17XQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzQ4YTg1NjIxNTkzODEyMmE3ZDRhOWVkZjI4ZGI5NzVjYzI5ZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEr/rFwZjgr4W9gUJiM2VyzKhxl8
IYGha62lwebPiDRLkUM46o9u3hpfJqMesXv4cveAa6ILflpfjIN+A0UydnT4Mh/F
OGPBqOKEFxUSP1Mni5IfuHd7TaFlsaP0Wp9Z0PmvOdm6eiQdNQLVrV51j32lmUs8
CBbvBq4RPRTl+QrCO3jl0TbVax8eSuVmuc0dUDIsurgIM4Sf1hk4ixUgrAzllqKc
Ro0aYiy3relb2EQgwLWZB6d1NHDvXM9pcynENL+Nnnp2VrddCAQimS8tgIheuQjs
BOPAd/0Bbj3uhI0kZopqH2bgucm+VduW9JXoFQAPuGDLP2fhfMKVLtM4UQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFLNIqFYhWTgSKn1Knt8o25dcwp5yMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvczBpb1ZpRlpPQklxZlVxZTN5amJsMXpDbm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQCLYdgAwQC
LYhAAwQBLYwIAwQCLY0QAwQBLY0+AwQBLY3OAwQBLZgIAwQBLZ3KAwQBLqHSAwQC
LqHcAwQCW/TMAwQCud4gAwQBwW4EAwQBwz4WMA0GCSqGSIb3DQEBCwUAA4IBAQCr
uWjD96PpITgcNEMBeSoHzQs0lbExgjNEwfQ25qK+G4TsmBNGsZxoi81hepvw8V3v
oH6uJfA4vlLblD6xGVnPTEClnIs+iGBmtueufkRpWE8YUOe1eunwJrVxUK/M0SWK
VPa0kQoH6yCqO97z+h5xfbPfSn27F9a8/gXpUrc+9zN3U3wu+R7YNgrOwLuges1D
OKKpmIR7Vt+UUetNi1gwcfPjKfmjZTf36vubuiyv/TyFGMKBV+A3GNJZ1rgEfH+r
1My8uHuQ/HsrsWAed1vlr477VO3MjhrFBYtkIduOgD0X5oqILp3UUT6hTDXe3jXZ
2GDp0emVS32F/FeTcnqK
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:39:18 2024 by rpki-client on console-fra.rpki-client.org