Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/4MrTlfPATwtxzMqfdTJmbUxs_Ws.roa
File:                     4MrTlfPATwtxzMqfdTJmbUxs_Ws.roa (raw, json)
Hash identifier:          1bpZpw6rksfx3v9fH7vGTw0fZkS7zML6xv7Z0kxDq1c=
Subject key identifier:   E0:CA:D3:95:F3:C0:4F:0B:71:CC:CA:9F:75:32:66:6D:4C:6C:FD:6B
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018CC348AA54E8EE2354A1BE46B60C353AE9
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/4MrTlfPATwtxzMqfdTJmbUxs_Ws.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        45.138.79.0/24 maxlen: 24
                          45.135.11.0/24 maxlen: 24
                          45.135.9.0/24 maxlen: 24
                          45.136.217.0/24 maxlen: 24
                          45.136.219.0/24 maxlen: 24
                          45.139.33.0/24 maxlen: 24
                          45.139.35.0/24 maxlen: 24
                          45.138.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:aa:54:e8:ee:23:54:a1:be:46:b6:0c:35:3a:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0cad395f3c04f0b71ccca9f7532666d4c6cfd6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:65:d6:d4:6e:22:63:99:f3:1b:01:6c:27:99:
                    d0:8f:62:9c:2e:26:56:c5:d8:03:5d:cc:7e:b9:e8:
                    4d:93:21:07:74:33:f3:62:1a:d8:7e:f8:c9:1e:df:
                    d9:a8:c3:e8:6d:df:41:3b:c2:e8:7f:da:6c:40:88:
                    73:91:d9:a5:22:57:94:05:98:41:c8:44:d5:29:39:
                    8e:70:17:27:3d:3f:75:36:54:26:dc:3b:51:fc:a2:
                    8b:55:7c:59:d8:ef:78:e7:1c:64:a7:1a:df:52:43:
                    0b:99:28:61:bf:49:71:05:d6:5d:2e:1f:c3:4e:fc:
                    9e:76:3e:c1:d4:f4:c9:13:53:65:de:43:46:fe:de:
                    22:0e:86:8f:ec:c0:94:ad:49:80:88:b3:cc:14:01:
                    b4:dd:ae:3a:a9:87:6e:05:58:97:db:4b:71:48:b4:
                    8a:89:c5:4f:06:04:ed:2d:f7:5c:c5:01:2a:1f:d2:
                    9c:47:db:90:4a:83:fa:c0:85:56:20:6c:91:c1:c0:
                    47:51:1f:f4:64:14:5a:0a:37:19:c6:37:5a:43:79:
                    27:df:62:58:97:3e:c1:10:d5:1a:c3:24:31:48:2d:
                    57:f6:7a:2a:11:8e:f2:90:d1:10:eb:9c:63:b0:70:
                    9d:34:d2:8a:ff:11:d6:3a:cf:f7:65:94:dd:7f:4d:
                    4b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CA:D3:95:F3:C0:4F:0B:71:CC:CA:9F:75:32:66:6D:4C:6C:FD:6B
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/4MrTlfPATwtxzMqfdTJmbUxs_Ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.9.0/24
                  45.135.11.0/24
                  45.136.217.0/24
                  45.136.219.0/24
                  45.138.77.0/24
                  45.138.79.0/24
                  45.139.33.0/24
                  45.139.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:08:b8:49:a0:41:eb:d6:4a:92:1a:9b:41:32:41:88:65:55:
         1b:3f:5e:2b:b9:ef:20:b9:ac:18:c6:19:8b:f3:4e:16:dc:25:
         b4:99:44:35:81:16:95:e8:12:79:48:96:d8:42:3f:b1:f9:80:
         04:0e:a9:0b:64:0a:98:9e:ae:cb:31:e2:f7:00:cf:af:de:4c:
         ad:b5:06:e8:f5:8d:fd:58:da:ea:e1:f5:c0:7a:6d:db:5d:91:
         fc:c4:02:21:b9:f7:ae:bc:54:83:c6:1f:27:3c:74:1d:d4:3c:
         56:8b:b7:be:63:31:ea:ae:a8:6b:d6:c4:47:12:7c:18:13:c3:
         68:e1:68:7f:e9:1c:61:db:30:a5:98:63:dc:42:a6:61:d9:ff:
         4b:c5:e0:47:c8:97:98:bb:c6:ed:2b:d6:73:03:7d:8a:35:c2:
         ae:26:00:f7:b3:7d:89:24:e6:75:9d:87:20:e9:5b:ee:09:d2:
         bf:84:4b:8d:de:74:ea:ba:7e:39:b7:ad:56:a2:d1:d8:a4:43:
         33:43:a6:ad:7a:b8:50:55:c6:94:77:2b:3b:86:fa:23:50:13:
         c6:c5:c4:f1:cf:da:ae:67:3a:3a:4f:d4:49:d2:35:c0:3e:d7:
         3b:aa:9c:8e:c6:2d:dc:da:40:c1:b3:de:9a:2c:eb:c3:54:08:
         12:c9:f5:4b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzDSKpU6O4jVKG+RrYMNTrpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGNhZDM5NWYzYzA0ZjBiNzFjY2NhOWY3NTMyNjY2ZDRjNmNmZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimXW1G4iY5nzGwFsJ5nQj2KcLiZW
xdgDXcx+uehNkyEHdDPzYhrYfvjJHt/ZqMPobd9BO8Lof9psQIhzkdmlIleUBZhB
yETVKTmOcBcnPT91NlQm3DtR/KKLVXxZ2O945xxkpxrfUkMLmShhv0lxBdZdLh/D
Tvyedj7B1PTJE1Nl3kNG/t4iDoaP7MCUrUmAiLPMFAG03a46qYduBViX20txSLSK
icVPBgTtLfdcxQEqH9KcR9uQSoP6wIVWIGyRwcBHUR/0ZBRaCjcZxjdaQ3kn32JY
lz7BENUawyQxSC1X9noqEY7ykNEQ65xjsHCdNNKK/xHWOs/3ZZTdf01L2QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFODK05XzwE8LcczKn3UyZm1MbP1rMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvNE1yVGxmUEFUd3R4ek1xZmRUSm1iVXhzX1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALYcJAwQA
LYcLAwQALYjZAwQALYjbAwQALYpNAwQALYpPAwQALYshAwQALYsjMA0GCSqGSIb3
DQEBCwUAA4IBAQCvCLhJoEHr1kqSGptBMkGIZVUbP14rue8guawYxhmL804W3CW0
mUQ1gRaV6BJ5SJbYQj+x+YAEDqkLZAqYnq7LMeL3AM+v3kyttQbo9Y39WNrq4fXA
em3bXZH8xAIhufeuvFSDxh8nPHQd1DxWi7e+YzHqrqhr1sRHEnwYE8No4Wh/6Rxh
2zClmGPcQqZh2f9LxeBHyJeYu8btK9ZzA32KNcKuJgD3s32JJOZ1nYcg6VvuCdK/
hEuN3nTqun45t61WotHYpEMzQ6aterhQVcaUdys7hvojUBPGxcTxz9quZzo6T9RJ
0jXAPtc7qpyOxi3c2kDBs96aLOvDVAgSyfVL
-----END CERTIFICATE-----
Generated at Mon Nov 25 20:26:51 2024 by rpki-client on console-fra.rpki-client.org