Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/gtvgdq4acIosSQpTaUwZdXYUJOw.roa
File:                     gtvgdq4acIosSQpTaUwZdXYUJOw.roa (raw, json)
Hash identifier:          Sq9CAqyrRbMqM22lwe0aGlQki/qGVBkdoJimy1/Tf+I=
Subject key identifier:   82:DB:E0:76:AE:1A:70:8A:2C:49:0A:53:69:4C:19:75:76:14:24:EC
Certificate issuer:       /CN=2890da765a999f719875c51eecf4c7d6148a1bd9
Certificate serial:       018CC26D0A6A6634245CB592E2AFD70FC066
Authority key identifier: 28:90:DA:76:5A:99:9F:71:98:75:C5:1E:EC:F4:C7:D6:14:8A:1B:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KJDadlqZn3GYdcUe7PTH1hSKG9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/gtvgdq4acIosSQpTaUwZdXYUJOw.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205293
IP address blocks:        45.143.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/KJDadlqZn3GYdcUe7PTH1hSKG9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/KJDadlqZn3GYdcUe7PTH1hSKG9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KJDadlqZn3GYdcUe7PTH1hSKG9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0a:6a:66:34:24:5c:b5:92:e2:af:d7:0f:c0:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2890da765a999f719875c51eecf4c7d6148a1bd9
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82dbe076ae1a708a2c490a53694c1975761424ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3d:c3:a5:27:67:b1:86:11:33:15:ab:c7:0c:
                    aa:7a:56:5f:14:e3:50:10:67:a7:a0:36:c7:39:31:
                    c6:d5:82:45:30:de:a6:9a:b2:5e:77:c7:ee:50:53:
                    5c:96:16:32:c4:fd:ed:0b:f9:d1:6e:11:09:4b:5c:
                    fa:44:9a:aa:13:d2:b4:e5:46:99:4a:28:e4:c9:44:
                    2a:f4:14:1f:c3:d0:9b:ca:84:f2:cc:e8:66:83:5a:
                    0c:1d:09:6f:f6:52:25:db:0c:e7:d9:ce:54:d6:be:
                    11:1b:d4:d4:12:f9:fe:da:92:3d:51:e3:68:1e:08:
                    16:7a:c5:e7:cc:61:42:ea:59:6e:33:73:a9:13:f8:
                    49:03:68:8c:eb:18:50:63:8d:9d:ab:43:d4:55:18:
                    51:67:aa:ed:e7:e0:a5:fb:b1:97:ae:dd:70:3b:ca:
                    42:00:22:b4:31:a6:bb:f5:9a:b6:c1:e3:c7:b5:aa:
                    ba:5c:5e:ff:6f:c2:86:f0:d3:65:c5:6f:3d:81:ec:
                    fd:00:30:5b:95:48:78:69:34:54:95:6b:8f:93:4d:
                    67:e1:7e:e5:12:bb:dc:29:3b:d9:f6:d6:e9:b7:0b:
                    6c:80:15:62:4b:07:d3:51:ee:75:d4:20:15:4b:d7:
                    8f:d5:0a:88:fb:46:6c:40:6f:c4:7c:3b:6a:aa:f1:
                    6a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:DB:E0:76:AE:1A:70:8A:2C:49:0A:53:69:4C:19:75:76:14:24:EC
            X509v3 Authority Key Identifier:
                keyid:28:90:DA:76:5A:99:9F:71:98:75:C5:1E:EC:F4:C7:D6:14:8A:1B:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KJDadlqZn3GYdcUe7PTH1hSKG9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/gtvgdq4acIosSQpTaUwZdXYUJOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/KJDadlqZn3GYdcUe7PTH1hSKG9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e4:d3:28:e0:a9:69:1c:3e:c1:52:89:83:ac:43:42:b9:66:a8:
         1b:0e:0e:a5:c2:0d:69:f2:51:38:47:b2:56:8a:bf:a7:2c:59:
         55:8c:b4:a8:90:b5:ce:62:9a:1e:45:40:51:6d:47:4f:15:a2:
         e7:e8:7b:68:f7:84:d1:6c:f1:9b:9d:67:59:a1:12:ad:2a:da:
         2c:4d:bd:5f:e8:d7:04:18:5e:ad:60:fe:fc:9d:36:a1:a2:2a:
         02:fa:3e:f3:52:86:f8:a5:a0:77:9a:be:57:e7:3f:6b:a8:27:
         97:aa:1f:0c:8c:f4:52:33:09:1a:e0:68:10:5e:84:76:18:44:
         28:66:86:b6:82:7c:0d:3c:c2:b1:49:c7:6f:52:dc:0d:a8:28:
         79:6e:98:d3:57:be:c5:20:36:4f:a1:98:fe:3f:c5:41:cd:b5:
         58:7c:a3:f5:b1:d3:41:f3:1b:ae:4a:9d:f1:82:f9:04:ff:6e:
         f9:15:ba:b4:6f:20:e2:d4:eb:cc:4e:18:bb:ca:aa:1e:98:78:
         98:c2:5c:56:5a:27:b9:2c:d4:af:4a:b2:5c:ee:a5:72:9c:8a:
         82:06:3d:50:44:fe:c4:83:d4:5f:6b:f2:49:f5:21:80:78:7b:
         56:22:b0:1d:18:bb:4f:0b:7f:15:ee:2a:0f:25:bc:82:8b:1a:
         5a:cd:7e:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQpqZjQkXLWS4q/XD8BmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4OTBkYTc2NWE5OTlmNzE5ODc1YzUxZWVjZjRjN2Q2MTQ4
YTFiZDkwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmRiZTA3NmFlMWE3MDhhMmM0OTBhNTM2OTRjMTk3NTc2MTQyNGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmz3DpSdnsYYRMxWrxwyqelZfFONQ
EGenoDbHOTHG1YJFMN6mmrJed8fuUFNclhYyxP3tC/nRbhEJS1z6RJqqE9K05UaZ
SijkyUQq9BQfw9CbyoTyzOhmg1oMHQlv9lIl2wzn2c5U1r4RG9TUEvn+2pI9UeNo
HggWesXnzGFC6lluM3OpE/hJA2iM6xhQY42dq0PUVRhRZ6rt5+Cl+7GXrt1wO8pC
ACK0Maa79Zq2wePHtaq6XF7/b8KG8NNlxW89gez9ADBblUh4aTRUlWuPk01n4X7l
ErvcKTvZ9tbptwtsgBViSwfTUe511CAVS9eP1QqI+0ZsQG/EfDtqqvFq0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILb4HauGnCKLEkKU2lMGXV2FCTsMB8GA1UdIwQY
MBaAFCiQ2nZamZ9xmHXFHuz0x9YUihvZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0pEYWRscVpuM0dZZGNVZTdQVEgxaFNLRzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yYmJjZDQtZWRhYi00OGVlLWE0MTEt
MjhmYzcwNjNkOTUyLzEvZ3R2Z2RxNGFjSW9zU1FwVGFVd1pkWFlVSk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yYmJjZDQtZWRhYi00OGVlLWE0MTEtMjhmYzcwNjNkOTUy
LzEvS0pEYWRscVpuM0dZZGNVZTdQVEgxaFNLRzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY/OMA0G
CSqGSIb3DQEBCwUAA4IBAQDk0yjgqWkcPsFSiYOsQ0K5ZqgbDg6lwg1p8lE4R7JW
ir+nLFlVjLSokLXOYpoeRUBRbUdPFaLn6Hto94TRbPGbnWdZoRKtKtosTb1f6NcE
GF6tYP78nTahoioC+j7zUob4paB3mr5X5z9rqCeXqh8MjPRSMwka4GgQXoR2GEQo
Zoa2gnwNPMKxScdvUtwNqCh5bpjTV77FIDZPoZj+P8VBzbVYfKP1sdNB8xuuSp3x
gvkE/275Fbq0byDi1OvMThi7yqoemHiYwlxWWie5LNSvSrJc7qVynIqCBj1QRP7E
g9Rfa/JJ9SGAeHtWIrAdGLtPC38V7ioPJbyCixpazX6r
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:14:43 2024 by rpki-client on console-fra.rpki-client.org