Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/Rj4x-k2eypY_uH4zB6KLMXnbj4g.roa
File:                     Rj4x-k2eypY_uH4zB6KLMXnbj4g.roa (raw, json)
Hash identifier:          mwe/FBkwnRwI2NRtDLk5HUpUzsXhRrBHhLkIpEJW+pQ=
Subject key identifier:   46:3E:31:FA:4D:9E:CA:96:3F:B8:7E:33:07:A2:8B:31:79:DB:8F:88
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       018CC56DE766E7FA9803D58E0F02F1EEE83B
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/Rj4x-k2eypY_uH4zB6KLMXnbj4g.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        185.169.180.0/24 maxlen: 24
                          45.133.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e7:66:e7:fa:98:03:d5:8e:0f:02:f1:ee:e8:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=463e31fa4d9eca963fb87e3307a28b3179db8f88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ad:ec:ae:74:b9:4e:d0:2b:83:87:b9:7c:65:
                    39:17:b4:23:60:ef:04:8d:b8:bc:7a:bd:fe:09:a4:
                    e9:71:88:e1:31:19:70:4b:d4:23:de:64:bd:db:e9:
                    5b:8a:d4:b6:f9:37:0e:ec:df:55:45:8b:32:b8:59:
                    3d:8f:ef:0e:33:1c:58:b2:4b:fd:bd:57:6f:4e:d8:
                    57:84:63:00:1b:79:20:1c:37:f5:f8:cb:f0:bd:77:
                    90:d4:15:57:64:5e:3e:fa:58:3a:7c:91:50:29:4d:
                    5e:fc:f5:bf:85:1d:f5:7f:02:f6:86:a4:4e:ff:4c:
                    6f:bb:1b:f8:05:c2:07:d9:19:12:f0:f4:3d:6a:37:
                    36:b5:af:5d:b3:b6:5c:b8:29:b2:de:8d:21:5b:0e:
                    8a:a4:23:7a:5e:b7:02:bf:6c:a5:cd:76:7a:48:63:
                    fa:3f:af:a1:2f:0b:fc:49:3f:b8:a8:da:06:1c:95:
                    b4:10:41:06:2f:77:33:5d:8b:2d:0c:e5:12:2a:6e:
                    79:d2:5f:5f:0a:cf:8b:5f:4f:58:fc:e3:41:fb:5f:
                    58:a2:bb:52:07:53:9f:ac:6c:9e:c5:bd:40:c6:22:
                    01:a2:2d:40:ed:38:e1:13:49:cf:24:7e:53:f3:bd:
                    97:b7:8a:06:1b:3d:a3:96:e9:0b:5f:01:a4:b9:ac:
                    e8:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:3E:31:FA:4D:9E:CA:96:3F:B8:7E:33:07:A2:8B:31:79:DB:8F:88
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/Rj4x-k2eypY_uH4zB6KLMXnbj4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.36.0/24
                  185.169.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:e2:df:90:e2:6a:ab:ea:a1:e0:8c:45:83:94:d9:25:ad:db:
         60:d8:f3:c9:97:30:2d:ee:2e:89:5c:26:98:15:f9:36:2b:a0:
         f4:43:64:84:20:66:52:a8:a7:18:e1:71:8b:48:f2:06:22:45:
         ad:ec:f1:ce:11:2f:c1:26:bc:c0:23:9a:8b:28:c8:92:62:3b:
         87:ba:00:50:94:95:d6:e5:94:5b:26:2c:a3:0b:50:75:fe:6e:
         83:8f:79:77:28:fd:54:df:06:2d:6c:2a:06:49:87:ae:da:ae:
         8a:33:d7:2f:3e:03:f7:a3:03:fd:55:d2:47:4b:4f:d8:9e:c5:
         d3:04:f3:e6:70:ca:89:f9:f4:2c:fc:4b:d3:c7:cc:fb:65:aa:
         09:7b:9b:af:79:eb:12:4e:72:df:93:1d:3e:31:30:75:55:cc:
         64:04:c3:8d:e2:4e:a9:7c:3d:e1:29:63:14:b4:d3:3b:9f:a4:
         78:1c:7b:5d:59:04:ec:3f:c0:b1:54:b7:4a:8e:27:50:56:f4:
         a9:e7:75:86:ba:cb:ef:e6:c9:73:cc:b1:80:a0:c2:a8:60:f2:
         f9:fb:82:bf:32:da:41:aa:b9:83:bb:31:b6:2e:57:2b:5d:3f:
         7a:18:d5:90:a6:fd:1f:be:5e:7d:ef:f8:ef:8e:99:7d:fe:9e:
         6e:63:0a:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbedm5/qYA9WODwLx7ug7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjNlMzFmYTRkOWVjYTk2M2ZiODdlMzMwN2EyOGIzMTc5ZGI4Zjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjq3srnS5TtArg4e5fGU5F7QjYO8E
jbi8er3+CaTpcYjhMRlwS9Qj3mS92+lbitS2+TcO7N9VRYsyuFk9j+8OMxxYskv9
vVdvTthXhGMAG3kgHDf1+MvwvXeQ1BVXZF4++lg6fJFQKU1e/PW/hR31fwL2hqRO
/0xvuxv4BcIH2RkS8PQ9ajc2ta9ds7ZcuCmy3o0hWw6KpCN6XrcCv2ylzXZ6SGP6
P6+hLwv8ST+4qNoGHJW0EEEGL3czXYstDOUSKm550l9fCs+LX09Y/ONB+19YortS
B1OfrGyexb1AxiIBoi1A7TjhE0nPJH5T872Xt4oGGz2jlukLXwGkuazotQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEY+MfpNnsqWP7h+MweiizF524+IMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvUmo0eC1rMmV5cFlfdUg0ekI2S0xNWG5iajRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYUkAwQA
uam0MA0GCSqGSIb3DQEBCwUAA4IBAQA24t+Q4mqr6qHgjEWDlNklrdtg2PPJlzAt
7i6JXCaYFfk2K6D0Q2SEIGZSqKcY4XGLSPIGIkWt7PHOES/BJrzAI5qLKMiSYjuH
ugBQlJXW5ZRbJiyjC1B1/m6Dj3l3KP1U3wYtbCoGSYeu2q6KM9cvPgP3owP9VdJH
S0/YnsXTBPPmcMqJ+fQs/EvTx8z7ZaoJe5uveesSTnLfkx0+MTB1VcxkBMON4k6p
fD3hKWMUtNM7n6R4HHtdWQTsP8CxVLdKjidQVvSp53WGusvv5slzzLGAoMKoYPL5
+4K/MtpBqrmDuzG2LlcrXT96GNWQpv0fvl597/jvjpl9/p5uYwqE
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:05:10 2024 by rpki-client on console-ams.rpki-client.org