Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/19VFNSGwkOjoKkhMp6c31_3s4m4.roa
File:                     19VFNSGwkOjoKkhMp6c31_3s4m4.roa (raw, json)
Hash identifier:          9iv2IryXVGVTamSMuPhqofLOFbWiSzxW087/Hl7gzhI=
Subject key identifier:   D7:D5:45:35:21:B0:90:E8:E8:2A:48:4C:A7:A7:37:D7:FD:EC:E2:6E
Certificate issuer:       /CN=c7671270b69cec504606b126c4ca833816af7da4
Certificate serial:       018D0D838A171EEC4ADFE8DA6400B3289C90
Authority key identifier: C7:67:12:70:B6:9C:EC:50:46:06:B1:26:C4:CA:83:38:16:AF:7D:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x2cScLac7FBGBrEmxMqDOBavfaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/19VFNSGwkOjoKkhMp6c31_3s4m4.roa
Signing time:             Mon 15 Jan 2024 14:25:40 +0000
ROA not before:           Mon 15 Jan 2024 14:25:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216323
IP address blocks:        45.11.199.0/24 maxlen: 24
                          45.131.35.0/24 maxlen: 24
                          2a12:9e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/x2cScLac7FBGBrEmxMqDOBavfaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/x2cScLac7FBGBrEmxMqDOBavfaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x2cScLac7FBGBrEmxMqDOBavfaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:83:8a:17:1e:ec:4a:df:e8:da:64:00:b3:28:9c:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7671270b69cec504606b126c4ca833816af7da4
        Validity
            Not Before: Jan 15 14:25:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7d5453521b090e8e82a484ca7a737d7fdece26e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6a:16:c4:3a:2a:ab:1a:10:e8:4d:69:8b:69:
                    43:97:9d:17:6a:0d:c0:40:56:b2:bb:e6:06:f3:fb:
                    31:f0:ba:0c:35:af:fd:62:69:5f:7a:fc:1d:f6:b2:
                    b8:e7:51:a3:1b:98:9f:91:3f:a0:3c:a0:cb:61:17:
                    de:87:63:67:97:61:e8:5a:6d:18:b6:15:44:44:0b:
                    c8:0d:f8:41:58:b7:42:b2:8a:63:50:3d:f8:4a:4a:
                    d9:5f:61:27:95:b0:65:38:a5:25:9e:28:79:ba:41:
                    48:da:24:c8:9a:01:5e:18:e5:cd:ea:eb:53:21:17:
                    78:71:ef:8b:fc:38:b1:99:4a:12:39:35:53:ca:8a:
                    d7:3c:6f:76:0e:9e:4e:af:2d:8c:78:d6:a3:9c:d1:
                    89:26:60:f3:75:77:5d:1e:b0:72:2b:4d:7b:64:8a:
                    6f:34:e0:d3:6c:83:37:37:dc:c8:29:66:3e:b2:78:
                    bb:d0:e6:1f:56:d1:f4:af:d7:5b:6f:4d:c6:c6:19:
                    31:61:6e:d3:97:89:e0:c1:2f:db:be:b5:28:3e:52:
                    ce:2a:d1:b3:0f:a5:75:48:0e:e1:94:6d:90:42:8d:
                    80:6a:35:ab:42:6a:c4:d9:d0:2e:3b:b2:f6:f3:f5:
                    70:8f:2f:9a:21:06:2a:67:57:80:e6:cc:72:3d:24:
                    4f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:D5:45:35:21:B0:90:E8:E8:2A:48:4C:A7:A7:37:D7:FD:EC:E2:6E
            X509v3 Authority Key Identifier:
                keyid:C7:67:12:70:B6:9C:EC:50:46:06:B1:26:C4:CA:83:38:16:AF:7D:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x2cScLac7FBGBrEmxMqDOBavfaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/19VFNSGwkOjoKkhMp6c31_3s4m4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/aeb70a-a3fc-4463-a7cd-986ea203f9ec/1/x2cScLac7FBGBrEmxMqDOBavfaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.199.0/24
                  45.131.35.0/24
                IPv6:
                  2a12:9e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:d2:82:b0:3e:58:d6:f1:48:0a:3a:20:52:8a:54:f7:ab:bc:
         17:12:7f:32:60:00:d7:e5:fe:f3:07:32:26:b8:b5:ea:dc:54:
         60:a5:79:8a:71:2f:27:d6:e5:01:54:3b:35:97:40:80:5f:b3:
         64:14:fb:8e:65:47:27:fb:38:97:20:c6:43:06:4d:7f:0c:3e:
         10:ec:66:36:2c:fd:4f:ff:c6:64:3d:df:49:d1:ea:44:a6:51:
         ee:ab:91:19:1d:36:0a:89:4e:9b:2c:c2:5f:d6:f4:8b:28:43:
         f0:72:d7:c8:46:18:ca:02:3b:9a:e1:7f:7c:aa:e5:20:da:24:
         c9:4b:9b:72:45:ff:fe:46:41:11:21:79:a0:af:3b:ea:7d:14:
         15:2b:92:ae:f6:3e:cb:a2:44:02:f6:46:ab:b4:4c:9a:41:1e:
         82:9e:81:fd:e1:3f:fb:ad:bd:66:c1:bb:bd:9f:a2:7a:3b:bd:
         e7:7c:24:8d:95:72:47:1f:c7:43:85:83:39:f7:d9:c7:f2:a8:
         c1:c2:81:26:f1:06:68:55:7a:60:03:b4:4d:17:35:5b:a7:ef:
         d2:f2:05:f1:0c:47:e3:0b:cc:37:5f:32:c4:e2:b4:02:a9:75:
         c2:3a:c3:69:e0:1f:34:4e:9f:d0:df:37:e0:8f:08:1b:23:72:
         74:a5:8f:d8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY0Ng4oXHuxK3+jaZACzKJyQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NjcxMjcwYjY5Y2VjNTA0NjA2YjEyNmM0Y2E4MzM4MTZh
ZjdkYTQwHhcNMjQwMTE1MTQyNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Q1NDUzNTIxYjA5MGU4ZTgyYTQ4NGNhN2E3MzdkN2ZkZWNlMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmoWxDoqqxoQ6E1pi2lDl50Xag3A
QFayu+YG8/sx8LoMNa/9Ymlfevwd9rK451GjG5ifkT+gPKDLYRfeh2Nnl2HoWm0Y
thVERAvIDfhBWLdCsopjUD34SkrZX2EnlbBlOKUlnih5ukFI2iTImgFeGOXN6utT
IRd4ce+L/DixmUoSOTVTyorXPG92Dp5Ory2MeNajnNGJJmDzdXddHrByK017ZIpv
NODTbIM3N9zIKWY+sni70OYfVtH0r9dbb03GxhkxYW7Tl4ngwS/bvrUoPlLOKtGz
D6V1SA7hlG2QQo2AajWrQmrE2dAuO7L28/Vwjy+aIQYqZ1eA5sxyPSRPgwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNfVRTUhsJDo6CpITKenN9f97OJuMB8GA1UdIwQY
MBaAFMdnEnC2nOxQRgaxJsTKgzgWr32kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDJjU2NMYWM3RkJHQnJFbXhNcURPQmF2ZmFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hZWI3MGEtYTNmYy00NDYzLWE3Y2Qt
OTg2ZWEyMDNmOWVjLzEvMTlWRk5TR3drT2pvS2toTXA2YzMxXzNzNG00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hZWI3MGEtYTNmYy00NDYzLWE3Y2QtOTg2ZWEyMDNmOWVj
LzEveDJjU2NMYWM3RkJHQnJFbXhNcURPQmF2ZmFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALQvHAwQA
LYMjMA0EAgACMAcDBQMqEp6AMA0GCSqGSIb3DQEBCwUAA4IBAQAz0oKwPljW8UgK
OiBSilT3q7wXEn8yYADX5f7zBzImuLXq3FRgpXmKcS8n1uUBVDs1l0CAX7NkFPuO
ZUcn+ziXIMZDBk1/DD4Q7GY2LP1P/8ZkPd9J0epEplHuq5EZHTYKiU6bLMJf1vSL
KEPwctfIRhjKAjua4X98quUg2iTJS5tyRf/+RkERIXmgrzvqfRQVK5Ku9j7LokQC
9kartEyaQR6CnoH94T/7rb1mwbu9n6J6O73nfCSNlXJHH8dDhYM599nH8qjBwoEm
8QZoVXpgA7RNFzVbp+/S8gXxDEfjC8w3XzLE4rQCqXXCOsNp4B80Tp/Q3zfgjwgb
I3J0pY/Y
-----END CERTIFICATE-----
Generated at Tue Nov 26 22:12:31 2024 by rpki-client on console-ams.rpki-client.org