Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/9aNsXl7GCkoeU58Cf6cCUuTB3Kg.roa
File:                     9aNsXl7GCkoeU58Cf6cCUuTB3Kg.roa (raw, json)
Hash identifier:          ZvRXKflRnthHxcEMQVrwwuCB2mlI36d0kdIXl89vqVk=
Subject key identifier:   F5:A3:6C:5E:5E:C6:0A:4A:1E:53:9F:02:7F:A7:02:52:E4:C1:DC:A8
Certificate issuer:       /CN=03d8024188491a319c5276721f940efae7fc21af
Certificate serial:       018CC87141EDE0E628997D60EE2542FB6916
Authority key identifier: 03:D8:02:41:88:49:1A:31:9C:52:76:72:1F:94:0E:FA:E7:FC:21:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/9aNsXl7GCkoeU58Cf6cCUuTB3Kg.roa
Signing time:             Tue 02 Jan 2024 04:31:54 +0000
ROA not before:           Tue 02 Jan 2024 04:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61397
IP address blocks:        45.12.156.0/22 maxlen: 22
                          185.105.180.0/22 maxlen: 22
                          185.9.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:41:ed:e0:e6:28:99:7d:60:ee:25:42:fb:69:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03d8024188491a319c5276721f940efae7fc21af
        Validity
            Not Before: Jan  2 04:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5a36c5e5ec60a4a1e539f027fa70252e4c1dca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:58:3e:c9:78:bc:ab:c1:2b:ba:33:75:b5:32:
                    fc:7b:4d:45:d4:2a:b7:f3:fe:e8:0a:a0:25:99:01:
                    96:9a:86:82:0b:e0:b2:aa:61:23:d7:6c:3a:4b:f4:
                    9c:3b:92:6e:eb:51:52:51:e8:77:31:2c:bf:e5:e0:
                    d0:36:0e:7d:ea:55:c2:a9:9b:ee:0f:bb:7d:a1:b5:
                    73:52:5f:46:bf:2d:0f:1e:cf:cd:71:7c:8c:fc:87:
                    70:83:ac:ce:75:e3:37:f2:d2:4d:40:74:5b:ef:27:
                    23:88:6d:a5:bc:ae:07:f3:d0:7c:a4:51:f3:5e:da:
                    ab:a1:06:39:94:64:1b:ec:eb:89:fc:92:b7:94:75:
                    d3:52:1b:3f:70:de:3d:4b:96:62:f9:fd:45:6c:a7:
                    f1:12:34:ea:c0:01:d4:38:4f:6a:12:4d:d9:ad:78:
                    38:77:fd:ba:87:6e:3c:4e:24:09:b6:e2:3e:3a:4b:
                    e7:dd:9c:04:0b:e0:72:03:8d:de:df:40:bd:11:fe:
                    72:21:96:d1:94:d7:32:ea:18:c3:70:3f:90:c0:62:
                    cc:68:b8:fe:91:dc:a9:46:55:12:f0:07:df:96:a8:
                    3f:d1:b5:0a:59:35:75:4d:81:c3:af:bc:d2:e7:5a:
                    d4:c2:54:bc:04:dc:d3:54:a3:9f:ef:37:c3:8c:ed:
                    b4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:A3:6C:5E:5E:C6:0A:4A:1E:53:9F:02:7F:A7:02:52:E4:C1:DC:A8
            X509v3 Authority Key Identifier:
                keyid:03:D8:02:41:88:49:1A:31:9C:52:76:72:1F:94:0E:FA:E7:FC:21:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/9aNsXl7GCkoeU58Cf6cCUuTB3Kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/2097dd-c396-48f6-be87-7bbac8cc2783/1/A9gCQYhJGjGcUnZyH5QO-uf8Ia8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.156.0/22
                  185.9.4.0/22
                  185.105.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:59:fa:51:ed:ff:06:18:7c:44:11:16:8c:87:1f:ff:64:4f:
         13:14:ed:5f:cf:72:1d:8d:3d:00:b6:26:18:3f:ac:cd:4e:c5:
         20:e5:8c:a6:23:94:cc:e5:ff:d8:39:99:80:a5:ee:33:46:d8:
         da:e3:8e:89:5a:58:02:98:8b:35:66:95:85:df:8a:49:02:1a:
         c8:be:03:f1:63:0b:a9:e8:50:46:82:54:ba:04:b0:d6:68:ad:
         7a:39:2c:8a:44:8d:dd:df:85:ea:93:db:ec:e6:d7:1f:e7:7e:
         33:e5:0c:c5:3a:36:88:1d:95:45:50:44:e4:3d:dd:ed:cd:3f:
         fc:98:bd:4a:aa:f8:92:fa:20:f6:e7:44:f4:44:05:77:f5:5f:
         40:4b:2d:5a:c1:0b:b1:1d:9c:f9:0f:c0:6f:d7:d4:64:de:e7:
         ee:a7:63:98:ce:ee:57:af:52:f3:65:50:49:4d:b1:c4:b3:c9:
         f9:dd:f9:a8:ba:09:1a:03:ed:34:aa:0c:c6:64:53:62:3b:bd:
         61:aa:0e:b8:f4:d6:70:10:aa:98:37:ab:5f:37:a4:4b:55:9d:
         c3:74:b5:20:b8:fa:d1:c7:be:19:6a:f6:cd:8e:50:9b:39:c1:
         c0:a5:8f:4a:5b:c7:b2:e0:47:51:05:12:07:3a:42:8c:ee:6d:
         47:8d:3a:ed
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIcUHt4OYomX1g7iVC+2kWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZDgwMjQxODg0OTFhMzE5YzUyNzY3MjFmOTQwZWZhZTdm
YzIxYWYwHhcNMjQwMTAyMDQzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWEzNmM1ZTVlYzYwYTRhMWU1MzlmMDI3ZmE3MDI1MmU0YzFkY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFg+yXi8q8ErujN1tTL8e01F1Cq3
8/7oCqAlmQGWmoaCC+CyqmEj12w6S/ScO5Ju61FSUeh3MSy/5eDQNg596lXCqZvu
D7t9obVzUl9Gvy0PHs/NcXyM/Idwg6zOdeM38tJNQHRb7ycjiG2lvK4H89B8pFHz
XtqroQY5lGQb7OuJ/JK3lHXTUhs/cN49S5Zi+f1FbKfxEjTqwAHUOE9qEk3ZrXg4
d/26h248TiQJtuI+Okvn3ZwEC+ByA43e30C9Ef5yIZbRlNcy6hjDcD+QwGLMaLj+
kdypRlUS8Afflqg/0bUKWTV1TYHDr7zS51rUwlS8BNzTVKOf7zfDjO20qwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPWjbF5exgpKHlOfAn+nAlLkwdyoMB8GA1UdIwQY
MBaAFAPYAkGISRoxnFJ2ch+UDvrn/CGvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTlnQ1FZaEpHakdjVW5aeUg1UU8tdWY4SWE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8yMDk3ZGQtYzM5Ni00OGY2LWJlODct
N2JiYWM4Y2MyNzgzLzEvOWFOc1hsN0dDa29lVTU4Q2Y2Y0NVdVRCM0tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8yMDk3ZGQtYzM5Ni00OGY2LWJlODctN2JiYWM4Y2MyNzgz
LzEvQTlnQ1FZaEpHakdjVW5aeUg1UU8tdWY4SWE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLQycAwQC
uQkEAwQCuWm0MA0GCSqGSIb3DQEBCwUAA4IBAQBwWfpR7f8GGHxEERaMhx//ZE8T
FO1fz3IdjT0AtiYYP6zNTsUg5YymI5TM5f/YOZmApe4zRtja446JWlgCmIs1ZpWF
34pJAhrIvgPxYwup6FBGglS6BLDWaK16OSyKRI3d34Xqk9vs5tcf534z5QzFOjaI
HZVFUETkPd3tzT/8mL1KqviS+iD250T0RAV39V9ASy1awQuxHZz5D8Bv19Rk3ufu
p2OYzu5Xr1LzZVBJTbHEs8n53fmougkaA+00qgzGZFNiO71hqg649NZwEKqYN6tf
N6RLVZ3DdLUguPrRx74ZavbNjlCbOcHApY9KW8ey4EdRBRIHOkKM7m1HjTrt
-----END CERTIFICATE-----
Generated at Wed Nov 27 06:00:38 2024 by rpki-client on console-fra.rpki-client.org