Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/zS2-HP1VnbZC3j_0QTVrpAebgEU.roa
File:                     zS2-HP1VnbZC3j_0QTVrpAebgEU.roa (raw, json)
Hash identifier:          4avwGWv370hAx/9Dh+fIW3AL3KBaixp9uTUW5FPB01w=
Subject key identifier:   CD:2D:BE:1C:FD:55:9D:B6:42:DE:3F:F4:41:35:6B:A4:07:9B:80:45
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018F616D3078080A569C38B9E49E26E135C7
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/zS2-HP1VnbZC3j_0QTVrpAebgEU.roa
Signing time:             Fri 10 May 2024 07:34:56 +0000
ROA not before:           Fri 10 May 2024 07:34:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.134.36.0/24 maxlen: 24
                          45.142.105.0/24 maxlen: 24
                          45.151.56.0/24 maxlen: 24
                          92.118.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:6d:30:78:08:0a:56:9c:38:b9:e4:9e:26:e1:35:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: May 10 07:34:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd2dbe1cfd559db642de3ff441356ba4079b8045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cc:96:06:dd:a1:47:68:2f:ef:d9:26:34:8c:
                    6c:c9:5a:18:ef:98:3b:07:09:a2:8f:50:8a:46:39:
                    13:84:00:6c:2c:a2:38:91:62:27:94:bb:a8:b5:f3:
                    22:6f:87:f3:c0:fc:9f:b9:1e:4b:02:b5:4f:46:e1:
                    d4:60:38:2f:5e:01:c3:4c:32:d3:8c:c9:c5:8f:d2:
                    54:e8:d7:53:b3:4d:f4:86:e0:c7:01:3a:43:40:b7:
                    6b:e2:17:ea:6d:77:4e:27:25:b7:e4:17:66:ea:ef:
                    b2:3a:25:12:6b:61:6c:16:91:48:dc:69:ec:89:72:
                    11:5d:54:1d:98:ac:1f:53:4f:0e:60:1a:8c:7a:52:
                    3d:60:e0:86:93:3a:45:ae:9d:c5:41:15:d4:50:51:
                    ef:f4:14:06:e5:0e:3a:ea:ae:f3:5e:28:75:a8:33:
                    63:ab:19:cf:49:fc:dc:e0:80:c5:3b:8a:39:97:ed:
                    6a:5c:a1:9e:d5:c7:c7:f2:6b:28:37:e5:13:dd:4f:
                    f5:cd:ed:ac:f1:a3:ab:72:68:8f:dd:1d:2b:38:66:
                    06:e9:39:27:fb:bd:c4:6a:5c:08:62:0d:30:3e:2b:
                    4c:65:43:9d:79:b5:fc:ba:4c:6c:7e:10:f7:eb:3e:
                    f7:9c:24:10:e0:6d:0b:e2:08:dd:26:2b:3d:8a:cd:
                    63:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:2D:BE:1C:FD:55:9D:B6:42:DE:3F:F4:41:35:6B:A4:07:9B:80:45
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/zS2-HP1VnbZC3j_0QTVrpAebgEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.36.0/24
                  45.142.105.0/24
                  45.151.56.0/24
                  92.118.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:34:0b:62:b3:56:03:1d:db:69:62:aa:53:b7:27:22:3f:3f:
         ab:4d:0c:85:ab:36:f4:e3:a3:6f:eb:ba:08:96:95:34:40:a3:
         cb:a6:2a:52:dc:0c:b6:37:90:40:4d:4a:8c:5c:a0:12:2c:91:
         5c:a8:a2:50:0e:7b:26:32:1d:3b:b0:bd:84:38:8b:c6:55:68:
         24:74:d0:86:72:81:e0:e7:f1:5e:a4:e6:50:c4:18:99:4e:5f:
         8f:cd:44:8e:5e:34:f5:e1:cb:de:aa:7d:a5:fb:43:e6:55:83:
         5d:60:ed:f5:45:58:f6:e9:66:e8:72:d5:a7:67:52:f3:46:94:
         81:18:ad:d6:06:fb:60:24:b3:4f:3c:cb:a3:42:5e:34:1b:18:
         12:6b:66:34:0d:00:68:5c:b3:3c:c4:39:c0:18:d7:c8:01:ed:
         e1:c0:2f:4a:93:9a:16:4d:96:c5:5a:9d:68:9f:55:9b:08:70:
         ba:7f:25:c2:7f:b6:48:6c:1a:2e:85:eb:79:8b:f5:77:f7:dc:
         51:2e:5e:73:70:2b:ad:b9:52:6a:c1:5b:44:fb:0c:0f:7c:aa:
         99:8a:7a:de:38:1e:2a:70:3c:e5:65:55:c5:bf:88:65:94:2d:
         58:fb:51:da:29:fd:b3:45:0e:08:e4:46:45:ec:f7:63:ac:08:
         c6:6e:b0:5f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY9hbTB4CApWnDi55J4m4TXHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwNTEwMDczNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDJkYmUxY2ZkNTU5ZGI2NDJkZTNmZjQ0MTM1NmJhNDA3OWI4MDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8yWBt2hR2gv79kmNIxsyVoY75g7
Bwmij1CKRjkThABsLKI4kWInlLuotfMib4fzwPyfuR5LArVPRuHUYDgvXgHDTDLT
jMnFj9JU6NdTs030huDHATpDQLdr4hfqbXdOJyW35Bdm6u+yOiUSa2FsFpFI3Gns
iXIRXVQdmKwfU08OYBqMelI9YOCGkzpFrp3FQRXUUFHv9BQG5Q466q7zXih1qDNj
qxnPSfzc4IDFO4o5l+1qXKGe1cfH8msoN+UT3U/1ze2s8aOrcmiP3R0rOGYG6Tkn
+73EalwIYg0wPitMZUOdebX8ukxsfhD36z73nCQQ4G0L4gjdJis9is1jUQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFM0tvhz9VZ22Qt4/9EE1a6QHm4BFMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvelMyLUhQMVZuYlpDM2pfMFFUVnJwQWViZ0VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALYYkAwQA
LY5pAwQALZc4AwQCXHbMMA0GCSqGSIb3DQEBCwUAA4IBAQB7NAtis1YDHdtpYqpT
tyciPz+rTQyFqzb046Nv67oIlpU0QKPLpipS3Ay2N5BATUqMXKASLJFcqKJQDnsm
Mh07sL2EOIvGVWgkdNCGcoHg5/FepOZQxBiZTl+PzUSOXjT14cveqn2l+0PmVYNd
YO31RVj26WboctWnZ1LzRpSBGK3WBvtgJLNPPMujQl40GxgSa2Y0DQBoXLM8xDnA
GNfIAe3hwC9Kk5oWTZbFWp1on1WbCHC6fyXCf7ZIbBouhet5i/V399xRLl5zcCut
uVJqwVtE+wwPfKqZinreOB4qcDzlZVXFv4hllC1Y+1HaKf2zRQ4I5EZF7PdjrAjG
brBf
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:19:21 2024 by rpki-client on console-fra.rpki-client.org