Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/lIccS9k73j0f0Le_eHcLCzO0wek.roa
File:                     lIccS9k73j0f0Le_eHcLCzO0wek.roa (raw, json)
Hash identifier:          Xlkmn0iuFMASSScE/1zdXXgpClQ2UQSNPZ20hxOX3Fs=
Subject key identifier:   94:87:1C:4B:D9:3B:DE:3D:1F:D0:B7:BF:78:77:0B:0B:33:B4:C1:E9
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       018CC50152331E779BC5FA1274D6586082F5
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/lIccS9k73j0f0Le_eHcLCzO0wek.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61390
IP address blocks:        45.130.70.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:52:33:1e:77:9b:c5:fa:12:74:d6:58:60:82:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94871c4bd93bde3d1fd0b7bf78770b0b33b4c1e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:57:54:a0:99:3b:d8:96:38:b4:90:30:51:e5:
                    c4:19:b1:a6:93:8b:9f:f4:87:7c:38:4b:b9:3d:ce:
                    a4:b1:b4:67:8a:f9:98:78:5c:b7:fa:33:c8:fa:9b:
                    f4:0a:0d:3c:e8:78:44:45:38:29:03:69:1d:af:23:
                    f4:d9:8a:c3:bf:31:88:74:7e:54:c3:c9:a0:f5:55:
                    1f:7f:35:cf:3d:f1:7f:2e:dc:72:40:93:44:c9:a3:
                    2b:d8:95:97:0c:eb:2d:21:ea:91:57:c4:d5:4a:02:
                    d0:7a:42:ea:5d:b2:9d:78:1c:0f:9f:0a:b5:88:88:
                    f8:38:1a:7b:38:95:2e:9c:7e:01:eb:86:57:80:1d:
                    df:f0:a1:d8:ed:96:ef:70:a4:56:16:0d:53:c3:25:
                    d2:d8:95:7d:3e:83:83:4b:5a:83:3b:18:19:28:08:
                    3e:c7:c0:b0:13:0a:b9:f8:63:b6:45:3a:99:03:b5:
                    49:d2:37:6e:eb:37:d1:9b:b3:39:1d:f5:3c:68:6d:
                    bf:2e:e8:22:fd:b2:1a:90:26:6f:c7:70:d6:2a:0c:
                    57:e0:6a:e2:38:9e:30:e4:98:4d:c4:5d:64:70:d3:
                    8c:40:21:bd:8a:fb:c1:24:9f:71:03:0e:6b:c6:80:
                    29:95:85:ca:21:20:ac:a8:f9:86:9b:b0:e3:0a:04:
                    95:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:87:1C:4B:D9:3B:DE:3D:1F:D0:B7:BF:78:77:0B:0B:33:B4:C1:E9
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/lIccS9k73j0f0Le_eHcLCzO0wek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:b4:4d:dc:2b:79:6b:f7:b2:ec:f5:4b:a5:aa:e2:85:67:fc:
         cf:6a:90:e1:79:d1:e5:a4:a5:39:68:56:a9:e8:04:1e:ae:bc:
         40:cf:24:05:c3:a3:c9:40:33:97:a4:45:07:f4:c4:38:c3:dc:
         af:6e:98:a0:47:97:a3:4d:47:3e:44:d9:1c:9f:98:cc:af:a1:
         8f:e9:9b:21:05:23:9a:5b:8b:11:90:bf:72:df:93:ba:95:f8:
         5e:6f:6c:f1:31:e0:52:c3:89:de:53:4c:2a:20:39:a6:48:ae:
         99:ab:11:06:b1:5d:97:d2:28:79:b0:0d:64:d8:bc:fc:fd:8f:
         40:9a:1f:0c:12:9f:f8:92:4f:72:d4:00:ca:c7:d7:a6:11:a9:
         4f:91:f9:d1:5d:5d:ce:3e:5f:7a:7c:cf:9d:c6:15:38:34:e9:
         8f:89:7f:cf:dc:49:5d:5d:b8:02:58:7b:56:c7:23:21:6d:76:
         1d:e5:2c:b0:cd:c3:f4:dc:7d:7e:08:26:9d:53:d9:09:45:77:
         f7:dd:57:b7:45:c0:04:9e:78:9e:80:c1:fb:c7:d6:82:66:48:
         d9:18:63:66:57:9f:fb:a4:a0:cf:47:c5:0b:f9:76:c1:45:63:
         6a:a3:cc:06:0d:8c:d1:dd:70:32:c5:af:a6:bb:45:9f:89:62:
         f2:a4:da:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVIzHnebxfoSdNZYYIL1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDg3MWM0YmQ5M2JkZTNkMWZkMGI3YmY3ODc3MGIwYjMzYjRjMWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsldUoJk72JY4tJAwUeXEGbGmk4uf
9Id8OEu5Pc6ksbRnivmYeFy3+jPI+pv0Cg086HhERTgpA2kdryP02YrDvzGIdH5U
w8mg9VUffzXPPfF/LtxyQJNEyaMr2JWXDOstIeqRV8TVSgLQekLqXbKdeBwPnwq1
iIj4OBp7OJUunH4B64ZXgB3f8KHY7ZbvcKRWFg1TwyXS2JV9PoODS1qDOxgZKAg+
x8CwEwq5+GO2RTqZA7VJ0jdu6zfRm7M5HfU8aG2/Lugi/bIakCZvx3DWKgxX4Gri
OJ4w5JhNxF1kcNOMQCG9ivvBJJ9xAw5rxoAplYXKISCsqPmGm7DjCgSVTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSHHEvZO949H9C3v3h3CwsztMHpMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvbEljY1M5azczajBmMExlX2VIY0xDek8wd2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYJGMA0G
CSqGSIb3DQEBCwUAA4IBAQAEtE3cK3lr97Ls9UulquKFZ/zPapDhedHlpKU5aFap
6AQerrxAzyQFw6PJQDOXpEUH9MQ4w9yvbpigR5ejTUc+RNkcn5jMr6GP6ZshBSOa
W4sRkL9y35O6lfheb2zxMeBSw4neU0wqIDmmSK6ZqxEGsV2X0ih5sA1k2Lz8/Y9A
mh8MEp/4kk9y1ADKx9emEalPkfnRXV3OPl96fM+dxhU4NOmPiX/P3EldXbgCWHtW
xyMhbXYd5SywzcP03H1+CCadU9kJRXf33Ve3RcAEnniegMH7x9aCZkjZGGNmV5/7
pKDPR8UL+XbBRWNqo8wGDYzR3XAyxa+mu0WfiWLypNpo
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:14:37 2024 by rpki-client on console-fra.rpki-client.org