Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/ChORsy3QU_JsKVmoAfD_lSMbrOM.roa
File:                     ChORsy3QU_JsKVmoAfD_lSMbrOM.roa (raw, json)
Hash identifier:          UT/Ni+i+MsE3JKXlPwY7j0pYRfh87tK2nqm9GX6dS4E=
Subject key identifier:   0A:13:91:B3:2D:D0:53:F2:6C:29:59:A8:01:F0:FF:95:23:1B:AC:E3
Certificate issuer:       /CN=974661cb1c38e63bd78bd6b2b1d68686a5415bf5
Certificate serial:       018CC94DD9C926ABAF128BBEE46BCF0416F0
Authority key identifier: 97:46:61:CB:1C:38:E6:3B:D7:8B:D6:B2:B1:D6:86:86:A5:41:5B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l0Zhyxw45jvXi9aysdaGhqVBW_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/ChORsy3QU_JsKVmoAfD_lSMbrOM.roa
Signing time:             Tue 02 Jan 2024 08:32:51 +0000
ROA not before:           Tue 02 Jan 2024 08:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30823
IP address blocks:        160.20.145.0/24 maxlen: 24
                          160.20.144.0/24 maxlen: 24
                          160.20.146.0/24 maxlen: 24
                          160.20.147.0/24 maxlen: 24
                          45.11.16.0/22 maxlen: 22
                          45.153.240.0/22 maxlen: 22
                          152.89.244.0/22 maxlen: 22
                          152.89.247.0/24 maxlen: 24
                          91.200.100.0/22 maxlen: 22
                          45.147.228.0/22 maxlen: 22
                          45.138.172.0/24 maxlen: 24
                          45.138.172.0/22 maxlen: 22
                          45.138.174.0/24 maxlen: 24
                          45.138.175.0/24 maxlen: 24
                          45.138.173.0/24 maxlen: 24
                          2a0c:6a41:f230::/48 maxlen: 48
                          2a0e:b540:ff03::/48 maxlen: 48
                          2a0e:b540::/29 maxlen: 29
                          2a0c:6a40::/29 maxlen: 29
                          2a09:38c0::/29 maxlen: 29
                          2a0d:4cc0::/29 maxlen: 29
                          2a10:9c00::/29 maxlen: 29
                          2a0e:5100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/l0Zhyxw45jvXi9aysdaGhqVBW_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/l0Zhyxw45jvXi9aysdaGhqVBW_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l0Zhyxw45jvXi9aysdaGhqVBW_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d9:c9:26:ab:af:12:8b:be:e4:6b:cf:04:16:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=974661cb1c38e63bd78bd6b2b1d68686a5415bf5
        Validity
            Not Before: Jan  2 08:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a1391b32dd053f26c2959a801f0ff95231bace3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d6:9c:34:e7:54:c0:c3:80:10:d0:48:1d:0a:
                    c5:9c:ba:3c:55:7d:8f:79:2b:f3:3b:25:fe:f8:20:
                    fb:1e:57:9f:c0:91:ec:bc:6e:04:41:52:e2:26:01:
                    84:d2:20:7c:7f:e4:4f:18:1d:6f:1a:9c:22:58:de:
                    e2:5a:36:d9:bb:a1:5e:83:34:41:54:1a:e6:28:c8:
                    b4:2c:35:95:a7:7b:8f:6e:23:70:78:53:37:34:28:
                    29:48:e0:3e:9f:0c:9c:29:8e:5a:2a:33:f5:81:93:
                    3e:54:c1:8a:fa:74:54:c0:64:98:52:9b:f5:7d:da:
                    c3:e1:bf:f3:db:16:ee:60:44:de:ea:d3:17:ba:2a:
                    df:ed:5d:23:9c:29:5b:60:c1:09:c6:3f:be:4d:55:
                    08:3b:14:c2:27:e0:4c:d8:ce:6f:4c:af:08:4e:43:
                    f9:03:6d:10:3d:53:d5:3d:dd:60:00:90:cf:c5:4d:
                    bd:44:9c:b4:67:f1:f0:c7:e2:9a:76:46:98:3a:48:
                    59:60:01:ea:f6:74:2d:1b:6b:b9:08:8b:82:3c:00:
                    f1:92:2a:72:16:2d:82:cd:a3:ab:63:9d:e3:ac:26:
                    0c:dd:97:f1:15:ce:31:6e:9d:3b:61:9a:79:7d:55:
                    7f:cd:6a:ee:2d:ae:e6:9e:21:58:0f:a2:f1:d8:0b:
                    4f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:13:91:B3:2D:D0:53:F2:6C:29:59:A8:01:F0:FF:95:23:1B:AC:E3
            X509v3 Authority Key Identifier:
                keyid:97:46:61:CB:1C:38:E6:3B:D7:8B:D6:B2:B1:D6:86:86:A5:41:5B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l0Zhyxw45jvXi9aysdaGhqVBW_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/ChORsy3QU_JsKVmoAfD_lSMbrOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/l0Zhyxw45jvXi9aysdaGhqVBW_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.16.0/22
                  45.138.172.0/22
                  45.147.228.0/22
                  45.153.240.0/22
                  91.200.100.0/22
                  152.89.244.0/22
                  160.20.144.0/22
                IPv6:
                  2a09:38c0::/29
                  2a0c:6a40::/29
                  2a0d:4cc0::/29
                  2a0e:5100::/29
                  2a0e:b540::/29
                  2a10:9c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:a4:2f:10:04:c1:e9:9b:70:68:8d:c9:46:18:d6:f6:c0:6f:
         e1:f6:4b:0a:86:00:7c:6b:c2:c2:8e:70:79:bc:89:44:cf:14:
         d5:d8:ce:d9:e7:00:82:db:98:f7:01:0d:dc:88:75:1f:9b:ce:
         0d:0a:84:3d:95:3e:40:8a:2c:fc:96:86:1b:d0:20:c9:67:f3:
         65:7d:c7:e9:8f:79:90:b5:f3:86:bf:e1:31:12:bf:3a:69:31:
         17:d3:8b:ec:9d:35:98:27:cd:64:c4:b2:c3:e0:6a:6c:76:6c:
         cc:26:e4:b3:0d:7d:00:92:2a:fb:90:68:06:ab:4c:22:6b:7a:
         02:58:12:72:f4:5f:ee:19:97:0b:92:fd:a9:e6:49:2b:24:60:
         d1:5e:e4:db:1a:dd:b1:81:c3:23:e9:73:ee:bf:c2:bd:31:aa:
         ca:d4:8f:f7:0d:94:66:b1:c9:f1:c1:92:21:89:25:54:30:0c:
         3a:40:3b:1e:07:99:ef:a5:20:33:0b:c3:8d:f3:52:da:de:51:
         67:a1:aa:59:fe:e7:34:55:7e:4a:f3:78:77:51:fd:43:a3:1b:
         0f:cd:49:4c:8a:8c:ed:bd:e3:8e:b8:b6:94:bc:0c:7d:d8:75:
         c9:37:ed:54:dd:37:19:60:b5:d9:05:16:e7:85:bb:ea:85:05:
         cf:56:6c:c3
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYzJTdnJJquvEou+5GvPBBbwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NDY2MWNiMWMzOGU2M2JkNzhiZDZiMmIxZDY4Njg2YTU0
MTViZjUwHhcNMjQwMTAyMDgzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTEzOTFiMzJkZDA1M2YyNmMyOTU5YTgwMWYwZmY5NTIzMWJhY2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdacNOdUwMOAENBIHQrFnLo8VX2P
eSvzOyX++CD7HlefwJHsvG4EQVLiJgGE0iB8f+RPGB1vGpwiWN7iWjbZu6FegzRB
VBrmKMi0LDWVp3uPbiNweFM3NCgpSOA+nwycKY5aKjP1gZM+VMGK+nRUwGSYUpv1
fdrD4b/z2xbuYETe6tMXuirf7V0jnClbYMEJxj++TVUIOxTCJ+BM2M5vTK8ITkP5
A20QPVPVPd1gAJDPxU29RJy0Z/Hwx+KadkaYOkhZYAHq9nQtG2u5CIuCPADxkipy
Fi2CzaOrY53jrCYM3ZfxFc4xbp07YZp5fVV/zWruLa7mniFYD6Lx2AtPUQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFAoTkbMt0FPybClZqAHw/5UjG6zjMB8GA1UdIwQY
MBaAFJdGYcscOOY714vWsrHWhoalQVv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDBaaHl4dzQ1anZYaTlheXNkYUdocVZCV19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hMGJmM2UtMzY0NS00ZTE2LWJjYTkt
OGFkYWMxN2U5MGFlLzEvQ2hPUnN5M1FVX0pzS1Ztb0FmRF9sU01ick9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hMGJmM2UtMzY0NS00ZTE2LWJjYTktOGFkYWMxN2U5MGFl
LzEvbDBaaHl4dzQ1anZYaTlheXNkYUdocVZCV19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDAwBAIAATAqAwQCLQsQAwQC
LYqsAwQCLZPkAwQCLZnwAwQCW8hkAwQCmFn0AwQCoBSQMDAEAgACMCoDBQMqCTjA
AwUDKgxqQAMFAyoNTMADBQMqDlEAAwUDKg61QAMFAyoQnAAwDQYJKoZIhvcNAQEL
BQADggEBAHykLxAEwembcGiNyUYY1vbAb+H2SwqGAHxrwsKOcHm8iUTPFNXYztnn
AILbmPcBDdyIdR+bzg0KhD2VPkCKLPyWhhvQIMln82V9x+mPeZC184a/4TESvzpp
MRfTi+ydNZgnzWTEssPgamx2bMwm5LMNfQCSKvuQaAarTCJregJYEnL0X+4ZlwuS
/anmSSskYNFe5Nsa3bGBwyPpc+6/wr0xqsrUj/cNlGaxyfHBkiGJJVQwDDpAOx4H
me+lIDMLw43zUtreUWehqln+5zRVfkrzeHdR/UOjGw/NSUyKjO294464tpS8DH3Y
dck37VTdNxlgtdkFFueFu+qFBc9WbMM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:33:26 2024 by rpki-client on console-fra.rpki-client.org