Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/P4qi_N5vcPwkFJvVDzS_f_LGpVw.roa
File:                     P4qi_N5vcPwkFJvVDzS_f_LGpVw.roa (raw, json)
Hash identifier:          b6LFTTMQLphxgyZDrSPUZM7EAl8+CrhWMRcCMRLurKQ=
Subject key identifier:   3F:8A:A2:FC:DE:6F:70:FC:24:14:9B:D5:0F:34:BF:7F:F2:C6:A5:5C
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E45EDCB43624D28627D2540F217B8
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/P4qi_N5vcPwkFJvVDzS_f_LGpVw.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398395
IP address blocks:        2.58.200.0/24 maxlen: 24
                          45.67.87.0/24 maxlen: 24
                          45.134.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:45:ed:cb:43:62:4d:28:62:7d:25:40:f2:17:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f8aa2fcde6f70fc24149bd50f34bf7ff2c6a55c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2b:a7:73:82:24:9a:da:66:72:c0:39:58:6e:
                    33:f6:5e:93:52:14:75:09:51:b6:53:86:68:00:c6:
                    6f:2a:24:d5:d0:04:d5:e7:5c:48:fa:89:fb:d9:cf:
                    2d:ee:94:0e:f1:6b:9e:08:39:c5:92:c8:bf:a4:63:
                    78:c8:5b:eb:3f:f5:08:01:0e:b0:45:a9:a2:f9:06:
                    f7:ad:c7:72:e7:7d:3b:85:04:d2:f4:6a:77:54:4a:
                    1a:40:ce:fb:ab:af:a5:10:3c:15:11:f4:8b:60:c7:
                    b0:7f:8a:d6:f1:06:f1:fa:7c:27:62:3d:59:92:b3:
                    2e:4c:f5:bd:d9:2d:05:1c:f1:28:d4:54:c3:0c:ef:
                    9c:a4:20:43:f5:00:bc:37:7e:20:2d:cd:83:e8:e8:
                    bd:7f:45:64:d0:b3:66:3b:29:0b:8d:85:e7:ed:7c:
                    77:f2:05:be:1f:e6:e6:80:fd:6a:62:fa:1e:ba:91:
                    6a:7e:7e:fd:84:89:0e:a8:4f:4a:01:df:56:1e:26:
                    c6:5b:57:e9:cc:6f:fe:96:a3:17:26:64:a5:11:61:
                    79:62:45:f6:1b:ac:2b:7f:0d:c9:36:b1:7d:7a:c2:
                    b5:a2:64:e8:b2:78:46:f6:31:f1:23:2d:57:fc:e8:
                    12:75:8a:98:fc:4c:89:90:bc:43:c5:9a:52:82:45:
                    73:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:8A:A2:FC:DE:6F:70:FC:24:14:9B:D5:0F:34:BF:7F:F2:C6:A5:5C
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/P4qi_N5vcPwkFJvVDzS_f_LGpVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.200.0/24
                  45.67.87.0/24
                  45.134.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:9a:98:d8:20:b4:cf:6f:b7:29:af:60:6b:f0:32:9d:01:71:
         b6:2d:3e:86:d7:9c:93:99:15:e3:8e:d3:e2:b5:cd:de:66:e1:
         24:4e:49:aa:59:47:b5:a6:f9:e7:ab:10:ab:93:bd:0d:ac:da:
         1c:e1:14:40:21:96:c1:8c:c4:2d:6a:e0:67:0c:43:de:db:4e:
         c7:f7:67:2e:97:7f:f4:7c:93:30:af:28:6f:bf:09:d8:8c:57:
         c6:53:79:c8:c2:e7:1d:4d:73:23:f6:32:14:6a:70:12:3a:07:
         fd:82:ff:be:d1:3d:1f:03:cb:24:e7:a7:70:17:5b:c7:88:fc:
         69:9c:d3:8d:db:fb:73:51:1b:99:06:3e:55:d9:61:4a:23:23:
         9d:10:ff:f1:61:69:90:7a:21:81:61:08:32:3d:c0:5f:be:d7:
         bd:7d:fe:45:e9:aa:51:5c:33:08:1f:31:7c:f0:34:b4:a0:14:
         80:85:18:00:cf:16:71:14:53:42:61:e9:bf:8e:d9:52:5c:7e:
         8a:d6:fe:28:96:b1:79:2c:6a:b2:b7:06:d9:44:ed:d9:c2:15:
         2a:35:de:7b:23:82:06:34:5b:0f:0c:33:45:65:f0:17:73:0c:
         1a:a2:37:2b:97:03:84:85:4c:9e:23:6e:66:d4:48:d8:44:95:
         6e:ca:74:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTkXty0NiTShifSVA8he4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjhhYTJmY2RlNmY3MGZjMjQxNDliZDUwZjM0YmY3ZmYyYzZhNTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliunc4IkmtpmcsA5WG4z9l6TUhR1
CVG2U4ZoAMZvKiTV0ATV51xI+on72c8t7pQO8WueCDnFksi/pGN4yFvrP/UIAQ6w
Rami+Qb3rcdy5307hQTS9Gp3VEoaQM77q6+lEDwVEfSLYMewf4rW8Qbx+nwnYj1Z
krMuTPW92S0FHPEo1FTDDO+cpCBD9QC8N34gLc2D6Oi9f0Vk0LNmOykLjYXn7Xx3
8gW+H+bmgP1qYvoeupFqfn79hIkOqE9KAd9WHibGW1fpzG/+lqMXJmSlEWF5YkX2
G6wrfw3JNrF9esK1omTosnhG9jHxIy1X/OgSdYqY/EyJkLxDxZpSgkVzdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD+Kovzeb3D8JBSb1Q80v3/yxqVcMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvUDRxaV9ONXZjUHdrRkp2VkR6U19mX0xHcFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAjrIAwQA
LUNXAwQALYZuMA0GCSqGSIb3DQEBCwUAA4IBAQCampjYILTPb7cpr2Br8DKdAXG2
LT6G15yTmRXjjtPitc3eZuEkTkmqWUe1pvnnqxCrk70NrNoc4RRAIZbBjMQtauBn
DEPe207H92cul3/0fJMwryhvvwnYjFfGU3nIwucdTXMj9jIUanASOgf9gv++0T0f
A8sk56dwF1vHiPxpnNON2/tzURuZBj5V2WFKIyOdEP/xYWmQeiGBYQgyPcBfvte9
ff5F6apRXDMIHzF88DS0oBSAhRgAzxZxFFNCYem/jtlSXH6K1v4olrF5LGqytwbZ
RO3ZwhUqNd57I4IGNFsPDDNFZfAXcwwaojcrlwOEhUyeI25m1EjYRJVuynRb
-----END CERTIFICATE-----
Generated at Thu Nov 21 22:43:05 2024 by rpki-client on console-fra.rpki-client.org