Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/4risuUbTuuksWFjx-zBQE5xaR5s.roa
File:                     4risuUbTuuksWFjx-zBQE5xaR5s.roa (raw, json)
Hash identifier:          h3vAbWApa2m96KBqQpcaRSI39msq/jE1tIB8zWww0kk=
Subject key identifier:   E2:B8:AC:B9:46:D3:BA:E9:2C:58:58:F1:FB:30:50:13:9C:5A:47:9B
Certificate issuer:       /CN=c4b21c89bc7e2b214067f30707a4a03dc346ee05
Certificate serial:       018CC6B8461AEAD9B05EEF10A0BFCA1CC621
Authority key identifier: C4:B2:1C:89:BC:7E:2B:21:40:67:F3:07:07:A4:A0:3D:C3:46:EE:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xLIcibx-KyFAZ_MHB6SgPcNG7gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/4risuUbTuuksWFjx-zBQE5xaR5s.roa
Signing time:             Mon 01 Jan 2024 20:30:14 +0000
ROA not before:           Mon 01 Jan 2024 20:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209007
IP address blocks:        45.11.43.0/24 maxlen: 24
                          45.11.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/xLIcibx-KyFAZ_MHB6SgPcNG7gU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/xLIcibx-KyFAZ_MHB6SgPcNG7gU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xLIcibx-KyFAZ_MHB6SgPcNG7gU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:46:1a:ea:d9:b0:5e:ef:10:a0:bf:ca:1c:c6:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4b21c89bc7e2b214067f30707a4a03dc346ee05
        Validity
            Not Before: Jan  1 20:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2b8acb946d3bae92c5858f1fb3050139c5a479b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:60:20:af:34:b1:93:77:44:8f:d5:af:29:c0:
                    ff:db:7d:94:c5:bc:5e:41:c2:ea:b4:1a:f6:6a:36:
                    e6:e8:95:78:17:32:85:72:7b:c4:2c:ce:85:80:a7:
                    9f:a2:cb:7c:fd:98:bd:2d:1c:90:07:65:47:89:1b:
                    49:e2:84:53:21:de:b6:28:42:85:8d:b7:fc:e6:bb:
                    e8:72:75:8f:7c:46:41:51:a2:a3:b1:07:4c:8e:cc:
                    82:27:ce:9e:f6:5d:dc:0c:37:1e:91:52:05:05:57:
                    64:b0:84:ae:a4:d5:ec:76:16:67:e9:1f:20:ce:75:
                    79:0d:f9:d0:91:a2:a2:cc:ed:4f:90:ef:d8:d3:c6:
                    84:20:47:bf:1c:8a:e7:99:ec:6b:d3:55:55:23:9f:
                    65:87:79:20:9d:0d:b1:69:1c:19:bc:8a:af:86:f6:
                    2e:c8:39:a9:c3:52:39:4c:12:55:68:3f:37:5e:14:
                    66:51:9a:63:05:94:17:24:b9:e4:74:9f:d2:a5:2e:
                    65:e5:f3:cd:7d:75:19:40:62:10:2c:3a:f3:7b:97:
                    aa:8a:09:fd:b4:c5:d9:6c:82:68:92:bb:21:d1:06:
                    d5:68:5a:56:1c:d4:e2:12:b1:53:ae:63:e5:39:14:
                    3a:d1:d1:d1:7f:15:3c:26:1b:bb:0d:1d:9d:4c:a2:
                    9f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:B8:AC:B9:46:D3:BA:E9:2C:58:58:F1:FB:30:50:13:9C:5A:47:9B
            X509v3 Authority Key Identifier:
                keyid:C4:B2:1C:89:BC:7E:2B:21:40:67:F3:07:07:A4:A0:3D:C3:46:EE:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xLIcibx-KyFAZ_MHB6SgPcNG7gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/4risuUbTuuksWFjx-zBQE5xaR5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/6137b8-1383-4b71-a189-063b40174597/1/xLIcibx-KyFAZ_MHB6SgPcNG7gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:2a:69:7b:57:41:4b:02:78:5a:b4:a7:a6:07:1c:7e:8a:c4:
         7f:66:d3:bf:84:41:e1:21:9d:71:3f:d7:9a:5d:60:05:57:9a:
         e4:03:d6:21:5e:26:74:ed:39:48:70:b9:ad:91:b1:30:32:a0:
         eb:60:be:af:5f:13:55:11:ae:ab:c5:6c:13:66:b3:be:47:d4:
         0f:a4:95:e3:41:5c:c8:20:c5:08:89:e5:7f:3d:2a:20:d9:1f:
         6c:41:bc:2d:f9:0a:a6:fb:3a:80:57:d1:a8:d8:8d:d4:42:48:
         9d:7f:fc:ad:76:d0:9a:b7:31:43:fb:e0:b1:5d:e4:d2:49:a6:
         5e:dc:ca:09:02:a3:07:97:f0:60:f9:a4:6b:d7:69:e1:b3:7b:
         77:7f:80:5a:d7:7d:e5:68:8a:0a:8a:7a:bd:6e:74:14:d9:b3:
         17:fa:1a:41:4b:72:7d:eb:51:e4:df:aa:a3:fd:e8:d8:32:96:
         b8:22:fb:f9:06:4f:b5:bd:0c:0d:e5:a3:fc:e6:ea:16:dc:db:
         82:32:72:94:cf:96:27:ca:22:5d:b2:5b:f6:c2:c2:b6:0c:ab:
         c0:d5:19:8e:7c:59:9f:f5:e3:8f:55:18:75:c2:ac:83:b5:e0:
         6b:7c:a7:2d:ea:61:ff:03:23:6f:1d:a4:63:58:98:82:6c:ec:
         a3:81:e9:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuEYa6tmwXu8QoL/KHMYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YjIxYzg5YmM3ZTJiMjE0MDY3ZjMwNzA3YTRhMDNkYzM0
NmVlMDUwHhcNMjQwMTAxMjAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmI4YWNiOTQ2ZDNiYWU5MmM1ODU4ZjFmYjMwNTAxMzljNWE0NzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGAgrzSxk3dEj9WvKcD/232Uxbxe
QcLqtBr2ajbm6JV4FzKFcnvELM6FgKefost8/Zi9LRyQB2VHiRtJ4oRTId62KEKF
jbf85rvocnWPfEZBUaKjsQdMjsyCJ86e9l3cDDcekVIFBVdksISupNXsdhZn6R8g
znV5DfnQkaKizO1PkO/Y08aEIEe/HIrnmexr01VVI59lh3kgnQ2xaRwZvIqvhvYu
yDmpw1I5TBJVaD83XhRmUZpjBZQXJLnkdJ/SpS5l5fPNfXUZQGIQLDrze5eqign9
tMXZbIJokrsh0QbVaFpWHNTiErFTrmPlORQ60dHRfxU8Jhu7DR2dTKKfpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOK4rLlG07rpLFhY8fswUBOcWkebMB8GA1UdIwQY
MBaAFMSyHIm8fishQGfzBwekoD3DRu4FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveExJY2lieC1LeUZBWl9NSEI2U2dQY05HN2dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi82MTM3YjgtMTM4My00YjcxLWExODkt
MDYzYjQwMTc0NTk3LzEvNHJpc3VVYlR1dWtzV0ZqeC16QlFFNXhhUjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi82MTM3YjgtMTM4My00YjcxLWExODktMDYzYjQwMTc0NTk3
LzEveExJY2lieC1LeUZBWl9NSEI2U2dQY05HN2dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQsqMA0G
CSqGSIb3DQEBCwUAA4IBAQAiKml7V0FLAnhatKemBxx+isR/ZtO/hEHhIZ1xP9ea
XWAFV5rkA9YhXiZ07TlIcLmtkbEwMqDrYL6vXxNVEa6rxWwTZrO+R9QPpJXjQVzI
IMUIieV/PSog2R9sQbwt+Qqm+zqAV9Go2I3UQkidf/ytdtCatzFD++CxXeTSSaZe
3MoJAqMHl/Bg+aRr12nhs3t3f4Ba133laIoKinq9bnQU2bMX+hpBS3J961Hk36qj
/ejYMpa4Ivv5Bk+1vQwN5aP85uoW3NuCMnKUz5YnyiJdslv2wsK2DKvA1RmOfFmf
9eOPVRh1wqyDteBrfKct6mH/AyNvHaRjWJiCbOyjgenh
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:35:04 2024 by rpki-client on console-ams.rpki-client.org