Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/TU4Po_2sbCdyzoNxR3LKOCyzxXQ.roa
File:                     TU4Po_2sbCdyzoNxR3LKOCyzxXQ.roa (raw, json)
Hash identifier:          xC71jQ4jxuaBhP+ABtaFSUl6aoyWqwQQVgt2QxGXubE=
Subject key identifier:   4D:4E:0F:A3:FD:AC:6C:27:72:CE:83:71:47:72:CA:38:2C:B3:C5:74
Certificate issuer:       /CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
Certificate serial:       018CC8DCF74E69BF41B40D96E9DA31D74778
Authority key identifier: C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/TU4Po_2sbCdyzoNxR3LKOCyzxXQ.roa
Signing time:             Tue 02 Jan 2024 06:29:33 +0000
ROA not before:           Tue 02 Jan 2024 06:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208341
IP address blocks:        45.143.29.0/24 maxlen: 24
                          45.143.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:f7:4e:69:bf:41:b4:0d:96:e9:da:31:d7:47:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
        Validity
            Not Before: Jan  2 06:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d4e0fa3fdac6c2772ce83714772ca382cb3c574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b4:a3:2b:75:8f:e2:6c:af:c8:53:e7:ff:15:
                    d8:bf:bc:3d:c7:21:bb:a1:f3:96:2e:b4:2d:f5:e9:
                    8f:6f:51:2b:29:ab:2e:6b:fb:9d:93:fd:fd:35:ef:
                    01:87:e5:cd:27:af:da:78:8e:74:e6:fe:2b:b5:98:
                    ca:c0:20:82:f7:37:fd:2b:fb:7c:95:0c:68:26:e3:
                    c3:31:8f:60:d0:37:4e:7e:e1:f9:d8:dc:b5:1f:6a:
                    31:ef:9c:06:e6:b8:97:dd:6f:f7:1b:97:f8:14:26:
                    50:b9:c3:78:d6:30:5d:28:eb:16:70:c7:f4:cd:d9:
                    ff:21:98:89:fb:8c:ed:ce:ec:4e:c6:d9:82:01:1e:
                    69:7e:df:c5:30:ac:d9:3e:90:55:2c:f8:4c:00:9c:
                    8c:09:ac:12:88:ce:cb:07:84:56:db:b0:cf:2c:45:
                    7c:d1:25:8d:66:fe:33:eb:6d:3a:ae:69:99:5a:ac:
                    39:1f:04:9a:c0:07:cd:81:b2:0d:98:0e:1a:e2:7d:
                    04:9d:1e:2e:69:21:1f:67:05:26:e2:eb:66:97:86:
                    f8:b3:26:d1:b4:04:aa:62:8c:d2:25:c9:d0:5d:33:
                    49:b7:1f:de:38:cf:5f:bc:85:63:01:8e:c9:4b:af:
                    9e:d8:a5:bb:89:c5:90:bb:21:79:92:9d:21:e2:66:
                    87:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:4E:0F:A3:FD:AC:6C:27:72:CE:83:71:47:72:CA:38:2C:B3:C5:74
            X509v3 Authority Key Identifier:
                keyid:C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/TU4Po_2sbCdyzoNxR3LKOCyzxXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:7b:50:bf:e4:66:83:1e:70:77:51:cd:16:f4:b7:0b:2c:65:
         2e:eb:7a:b6:73:87:f0:63:69:b0:db:80:3c:73:39:bf:2e:93:
         dc:50:5d:a2:11:e1:22:c0:93:78:31:f6:30:b4:7b:10:40:9b:
         c0:53:1f:18:e4:23:9e:e0:af:e9:ed:c4:f3:7a:6e:87:71:84:
         78:95:1c:17:5a:0a:0a:ea:8a:9f:ae:b8:e2:54:a0:3b:dd:c8:
         82:f6:cc:63:a0:e8:54:e3:4f:fc:28:e7:7a:4a:dc:ff:0e:7c:
         1c:a3:a4:53:17:12:74:04:d4:1d:49:59:b4:82:ae:93:49:20:
         88:2f:eb:39:95:85:75:ec:63:ae:f0:c7:fa:46:14:0c:0d:db:
         be:85:a8:6e:d0:84:16:69:d1:6f:39:33:c8:7a:9f:dd:eb:d6:
         60:9b:98:34:b3:eb:ab:6b:d4:3d:e9:bc:60:64:94:3a:34:8e:
         e5:a9:eb:6f:0b:b2:3e:78:d7:23:c3:cf:1b:1d:83:0c:6c:d6:
         bf:36:59:60:d6:4c:ad:2a:17:b1:98:cf:8f:3f:30:0e:c6:bb:
         0d:ac:5b:f7:ba:0a:ed:d6:36:94:20:5c:e7:c3:c5:21:bc:d8:
         cd:d4:73:01:a9:4c:40:81:9c:fa:ad:cd:61:46:cf:ac:33:7c:
         31:4f:3e:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3PdOab9BtA2W6dox10d4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMmFjOWIxNGZkMjYxYThkMjc2M2FhZDQxNzQzMmJlYmM0
OWEwZDYwHhcNMjQwMTAyMDYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDRlMGZhM2ZkYWM2YzI3NzJjZTgzNzE0NzcyY2EzODJjYjNjNTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLSjK3WP4myvyFPn/xXYv7w9xyG7
ofOWLrQt9emPb1ErKasua/udk/39Ne8Bh+XNJ6/aeI505v4rtZjKwCCC9zf9K/t8
lQxoJuPDMY9g0DdOfuH52Ny1H2ox75wG5riX3W/3G5f4FCZQucN41jBdKOsWcMf0
zdn/IZiJ+4ztzuxOxtmCAR5pft/FMKzZPpBVLPhMAJyMCawSiM7LB4RW27DPLEV8
0SWNZv4z6206rmmZWqw5HwSawAfNgbINmA4a4n0EnR4uaSEfZwUm4utml4b4sybR
tASqYozSJcnQXTNJtx/eOM9fvIVjAY7JS6+e2KW7icWQuyF5kp0h4maH5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1OD6P9rGwncs6DcUdyyjgss8V0MB8GA1UdIwQY
MBaAFMEqybFP0mGo0nY6rUF0Mr68SaDWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYt
MjE2N2NmMDFjZjRhLzEvVFU0UG9fMnNiQ2R5em9OeFIzTEtPQ3l6eFhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYtMjE2N2NmMDFjZjRh
LzEvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY8cMA0G
CSqGSIb3DQEBCwUAA4IBAQA9e1C/5GaDHnB3Uc0W9LcLLGUu63q2c4fwY2mw24A8
czm/LpPcUF2iEeEiwJN4MfYwtHsQQJvAUx8Y5COe4K/p7cTzem6HcYR4lRwXWgoK
6oqfrrjiVKA73ciC9sxjoOhU40/8KOd6Stz/Dnwco6RTFxJ0BNQdSVm0gq6TSSCI
L+s5lYV17GOu8Mf6RhQMDdu+hahu0IQWadFvOTPIep/d69Zgm5g0s+ura9Q96bxg
ZJQ6NI7lqetvC7I+eNcjw88bHYMMbNa/Nllg1kytKhexmM+PPzAOxrsNrFv3ugrt
1jaUIFznw8UhvNjN1HMBqUxAgZz6rc1hRs+sM3wxTz6r
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:22:12 2024 by rpki-client on console-fra.rpki-client.org