Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/PUuFE1rC8BfLjq3Js3zFgFUZpAI.roa
File:                     PUuFE1rC8BfLjq3Js3zFgFUZpAI.roa (raw, json)
Hash identifier:          viWhLObqvAvlBYUGfTcG9ZaxwfuA+gsRisb6+4IBKn4=
Subject key identifier:   3D:4B:85:13:5A:C2:F0:17:CB:8E:AD:C9:B3:7C:C5:80:55:19:A4:02
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       018CC5014FBD3964877D05BDCC8DAC7F137C
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/PUuFE1rC8BfLjq3Js3zFgFUZpAI.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41745
IP address blocks:        45.89.63.0/24 maxlen: 32
                          45.144.232.0/24 maxlen: 32
                          45.144.233.0/24 maxlen: 32
                          45.144.235.0/24 maxlen: 32
                          45.144.234.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4f:bd:39:64:87:7d:05:bd:cc:8d:ac:7f:13:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d4b85135ac2f017cb8eadc9b37cc5805519a402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f5:06:af:f6:bd:4f:51:87:4f:a7:c4:e1:2c:
                    3d:d3:a0:a1:fe:19:5c:02:fb:7d:88:aa:db:29:50:
                    12:ce:7b:6e:ea:cb:1c:47:c8:e0:98:27:21:fb:cc:
                    a3:a9:53:b1:69:a8:96:cd:3a:30:06:40:4f:0f:d3:
                    31:75:cd:4f:2a:34:99:23:b7:63:f2:72:e1:b0:5c:
                    97:a5:17:de:93:3d:b2:2d:57:73:8a:15:f0:c3:48:
                    ba:bc:69:66:65:24:56:54:01:aa:b8:cf:0e:09:89:
                    70:3c:c8:09:a9:86:b2:23:3f:4f:ac:ad:4a:99:6b:
                    99:bf:ce:98:54:88:e4:93:18:b2:56:df:0c:71:87:
                    51:ff:91:ee:23:7e:9b:72:33:3d:18:d1:77:5d:30:
                    00:10:c3:a4:38:07:51:29:27:2d:1a:15:5c:dd:93:
                    38:a8:34:10:9e:a1:6a:bd:e1:22:de:bb:8f:12:9b:
                    8d:31:f3:31:49:de:5f:29:f9:d1:47:22:cb:ac:53:
                    19:0d:61:8c:5f:a5:cf:a9:1a:9e:c7:79:5f:dc:a2:
                    44:38:aa:ac:07:36:51:97:e4:e8:92:06:c6:6b:2f:
                    55:16:49:77:6c:a1:c7:af:e1:32:e9:6c:dd:11:92:
                    64:da:3c:e7:7e:31:74:a5:34:da:db:51:39:78:a9:
                    fe:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:4B:85:13:5A:C2:F0:17:CB:8E:AD:C9:B3:7C:C5:80:55:19:A4:02
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/PUuFE1rC8BfLjq3Js3zFgFUZpAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.63.0/24
                  45.144.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cd:e5:02:26:c8:e2:f8:42:dd:42:47:85:fd:01:65:01:9a:98:
         cd:09:bc:9a:b9:a8:f3:3c:9f:e9:3e:32:75:97:76:c5:4f:10:
         02:98:29:ce:b2:4f:f0:19:fe:d4:40:37:f7:7d:ff:29:66:ca:
         f6:5e:53:54:d3:31:7e:1f:ee:fd:84:7d:4f:cc:cc:d3:25:98:
         5d:a8:6e:d3:52:7d:96:f6:b3:76:51:4e:c0:32:eb:1d:5a:70:
         05:6a:e7:67:a1:5a:51:69:21:af:f1:75:fa:a9:02:a8:ab:9b:
         dd:62:3a:8f:40:ef:ea:db:84:00:2d:a3:88:9e:21:57:49:21:
         20:d0:db:e4:38:b3:aa:4b:92:27:e6:65:a0:77:db:12:e3:f8:
         69:b0:87:9c:ec:4f:81:9b:17:f3:9e:0f:e7:8d:7b:6d:db:dd:
         90:f9:1f:aa:92:a8:f2:85:89:fc:2d:f2:ed:4d:88:fd:5d:28:
         cf:db:8a:c5:a1:46:42:5f:18:86:b3:7d:4a:9c:9a:38:95:dc:
         fb:9d:ec:7d:78:36:b9:32:7f:40:4a:36:ca:6c:ff:52:aa:f0:
         95:66:a7:f0:9a:90:09:fb:39:50:5c:be:b0:47:20:4f:cc:54:
         e4:a7:f7:d2:ae:aa:15:58:af:ae:27:e8:22:48:61:b2:e8:fe:
         f2:1f:d1:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAU+9OWSHfQW9zI2sfxN8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDRiODUxMzVhYzJmMDE3Y2I4ZWFkYzliMzdjYzU4MDU1MTlhNDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PUGr/a9T1GHT6fE4Sw906Ch/hlc
Avt9iKrbKVASzntu6sscR8jgmCch+8yjqVOxaaiWzTowBkBPD9Mxdc1PKjSZI7dj
8nLhsFyXpRfekz2yLVdzihXww0i6vGlmZSRWVAGquM8OCYlwPMgJqYayIz9PrK1K
mWuZv86YVIjkkxiyVt8McYdR/5HuI36bcjM9GNF3XTAAEMOkOAdRKSctGhVc3ZM4
qDQQnqFqveEi3ruPEpuNMfMxSd5fKfnRRyLLrFMZDWGMX6XPqRqex3lf3KJEOKqs
BzZRl+TokgbGay9VFkl3bKHHr+Ey6WzdEZJk2jznfjF0pTTa21E5eKn+RQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD1LhRNawvAXy46tybN8xYBVGaQCMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvUFV1RkUxckM4QmZManEzSnMzekZnRlVacEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVk/AwQC
LZDoMA0GCSqGSIb3DQEBCwUAA4IBAQDN5QImyOL4Qt1CR4X9AWUBmpjNCbyauajz
PJ/pPjJ1l3bFTxACmCnOsk/wGf7UQDf3ff8pZsr2XlNU0zF+H+79hH1PzMzTJZhd
qG7TUn2W9rN2UU7AMusdWnAFaudnoVpRaSGv8XX6qQKoq5vdYjqPQO/q24QALaOI
niFXSSEg0NvkOLOqS5In5mWgd9sS4/hpsIec7E+Bmxfzng/njXtt292Q+R+qkqjy
hYn8LfLtTYj9XSjP24rFoUZCXxiGs31KnJo4ldz7nex9eDa5Mn9ASjbKbP9SqvCV
ZqfwmpAJ+zlQXL6wRyBPzFTkp/fSrqoVWK+uJ+giSGGy6P7yH9EO
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:02:30 2024 by rpki-client on console-ams.rpki-client.org