Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/V7fwYfvKH0Gy6K48uH0B2xfEZ_0.roa
File:                     V7fwYfvKH0Gy6K48uH0B2xfEZ_0.roa (raw, json)
Hash identifier:          jETkTt3PU2eAp/68T0ZQyovOXBQA96VJii7IYuu0u1w=
Subject key identifier:   57:B7:F0:61:FB:CA:1F:41:B2:E8:AE:3C:B8:7D:01:DB:17:C4:67:FD
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E344168F617AF202140F3239FE1B3
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/V7fwYfvKH0Gy6K48uH0B2xfEZ_0.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44592
IP address blocks:        185.117.3.0/24 maxlen: 24
                          45.13.227.0/24 maxlen: 24
                          5.253.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:34:41:68:f6:17:af:20:21:40:f3:23:9f:e1:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57b7f061fbca1f41b2e8ae3cb87d01db17c467fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:99:f0:de:0e:38:42:83:7b:4b:39:77:58:6e:
                    40:73:d7:3e:82:1c:65:b3:e4:4b:0e:f2:bd:fa:c8:
                    81:94:2d:c1:84:18:87:45:eb:31:09:b9:4a:50:e5:
                    80:4f:10:75:d5:27:dd:e8:c0:b0:2e:0a:ef:bf:1e:
                    8d:d7:f3:d6:92:64:5f:20:38:65:a5:f6:6d:03:3e:
                    55:6f:c3:39:a3:6e:2c:1a:3f:95:88:fd:10:f1:91:
                    f4:60:14:b2:94:f0:33:b8:41:9e:be:50:06:0c:65:
                    1c:e1:59:82:a4:6b:73:f6:35:e8:b2:3a:10:f4:d9:
                    96:a4:d9:ce:be:23:1c:69:0b:86:16:69:61:cf:fc:
                    39:70:c1:a8:86:36:f4:63:97:19:c7:15:02:76:2a:
                    13:7a:eb:e3:6a:bb:3e:90:dc:14:04:8d:bc:f6:cc:
                    5a:2a:41:f7:81:3e:80:61:ba:49:c4:5c:54:11:21:
                    a1:6d:4e:f7:63:c9:6e:47:bd:bf:b6:e4:35:3b:e2:
                    7e:7a:3f:46:49:ac:63:43:ff:85:ec:bb:64:b0:0c:
                    30:4a:84:46:2e:bb:62:f3:78:b3:cb:c7:71:6a:c6:
                    c0:84:c7:7a:e6:91:80:eb:0d:1b:bb:97:80:2e:63:
                    12:e4:7e:f8:ad:1b:86:58:a9:0d:03:d6:6f:ff:0f:
                    03:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:B7:F0:61:FB:CA:1F:41:B2:E8:AE:3C:B8:7D:01:DB:17:C4:67:FD
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/V7fwYfvKH0Gy6K48uH0B2xfEZ_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.246.0/24
                  45.13.227.0/24
                  185.117.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:04:7e:63:ae:d0:39:8d:bd:93:fb:93:e6:89:46:a0:7d:00:
         a4:88:27:d6:f4:a9:60:3d:5f:b2:67:b5:12:89:da:fc:d9:53:
         d4:40:9e:21:7c:e3:b1:0d:53:02:88:54:49:50:b0:ed:f5:a2:
         3a:11:d7:36:c6:7a:00:95:a5:a4:73:b1:5d:c2:83:62:c7:c8:
         de:96:06:db:4a:77:b4:9c:d8:6c:a7:8e:0e:f9:b5:c4:c3:9e:
         df:da:07:6a:e7:80:d1:c4:a7:82:34:0d:8c:10:83:d3:76:39:
         3d:7e:01:a7:78:53:ef:00:ee:5f:95:c9:df:81:15:dc:b2:df:
         13:b7:ed:7a:f4:1e:70:0b:b3:43:f3:04:1e:c0:3a:5f:e8:89:
         b1:76:77:79:a3:d7:a9:af:97:1f:09:f5:39:43:26:d8:98:d2:
         2f:8d:60:f8:a1:fd:aa:4c:01:1d:70:20:6b:41:31:2c:be:30:
         29:f0:3d:ed:9d:1b:e1:17:15:4b:bf:d7:87:d4:71:3c:94:32:
         85:2d:f2:56:36:f9:53:50:3f:d8:74:ec:24:d2:31:0b:57:6c:
         20:1a:ec:8c:08:a2:6c:9c:b5:a9:25:c8:d5:75:69:02:73:b3:
         3b:00:66:55:0c:e3:6f:ce:ec:86:52:65:d2:a3:e0:f7:ea:e6:
         64:7d:f9:e2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTjRBaPYXryAhQPMjn+GzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2I3ZjA2MWZiY2ExZjQxYjJlOGFlM2NiODdkMDFkYjE3YzQ2N2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpnw3g44QoN7Szl3WG5Ac9c+ghxl
s+RLDvK9+siBlC3BhBiHResxCblKUOWATxB11Sfd6MCwLgrvvx6N1/PWkmRfIDhl
pfZtAz5Vb8M5o24sGj+ViP0Q8ZH0YBSylPAzuEGevlAGDGUc4VmCpGtz9jXosjoQ
9NmWpNnOviMcaQuGFmlhz/w5cMGohjb0Y5cZxxUCdioTeuvjars+kNwUBI289sxa
KkH3gT6AYbpJxFxUESGhbU73Y8luR72/tuQ1O+J+ej9GSaxjQ/+F7LtksAwwSoRG
Lrti83izy8dxasbAhMd65pGA6w0bu5eALmMS5H74rRuGWKkNA9Zv/w8DJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFe38GH7yh9BsuiuPLh9AdsXxGf9MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvVjdmd1lmdktIMEd5Nks0OHVIMEIyeGZFWl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABf32AwQA
LQ3jAwQAuXUDMA0GCSqGSIb3DQEBCwUAA4IBAQB4BH5jrtA5jb2T+5PmiUagfQCk
iCfW9KlgPV+yZ7USidr82VPUQJ4hfOOxDVMCiFRJULDt9aI6Edc2xnoAlaWkc7Fd
woNix8jelgbbSne0nNhsp44O+bXEw57f2gdq54DRxKeCNA2MEIPTdjk9fgGneFPv
AO5flcnfgRXcst8Tt+169B5wC7ND8wQewDpf6Imxdnd5o9epr5cfCfU5QybYmNIv
jWD4of2qTAEdcCBrQTEsvjAp8D3tnRvhFxVLv9eH1HE8lDKFLfJWNvlTUD/YdOwk
0jELV2wgGuyMCKJsnLWpJcjVdWkCc7M7AGZVDONvzuyGUmXSo+D36uZkffni
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:01:45 2024 by rpki-client on console-ams.rpki-client.org