Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/08cda2-bebe-49a7-b46c-0a50803b0fbc/1/1-ViM19SPm6eudAY-idgummhDfuc.roa
File:                     1-ViM19SPm6eudAY-idgummhDfuc.roa (raw, json)
Hash identifier:          pT9wuHYCQ+p7DZliNYKdJZhuNd0It+fY2C6C/yEpXqA=
Subject key identifier:   F9:58:8C:D7:D4:8F:9B:A7:AE:74:06:3E:89:D8:2E:9A:68:43:7E:E7
Certificate issuer:       /CN=30055378b5d7cc0cb7943bc803379015b3485296
Certificate serial:       018CCA99486993EF9B8F9CAEB56BB240D2FA
Authority key identifier: 30:05:53:78:B5:D7:CC:0C:B7:94:3B:C8:03:37:90:15:B3:48:52:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MAVTeLXXzAy3lDvIAzeQFbNIUpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/08cda2-bebe-49a7-b46c-0a50803b0fbc/1/1-ViM19SPm6eudAY-idgummhDfuc.roa
Signing time:             Tue 02 Jan 2024 14:34:52 +0000
ROA not before:           Tue 02 Jan 2024 14:34:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204996
IP address blocks:        45.67.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/08cda2-bebe-49a7-b46c-0a50803b0fbc/1/MAVTeLXXzAy3lDvIAzeQFbNIUpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/08cda2-bebe-49a7-b46c-0a50803b0fbc/1/MAVTeLXXzAy3lDvIAzeQFbNIUpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MAVTeLXXzAy3lDvIAzeQFbNIUpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:48:69:93:ef:9b:8f:9c:ae:b5:6b:b2:40:d2:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30055378b5d7cc0cb7943bc803379015b3485296
        Validity
            Not Before: Jan  2 14:34:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9588cd7d48f9ba7ae74063e89d82e9a68437ee7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4d:0a:cc:5e:ca:97:2c:72:ac:7d:e6:00:88:
                    41:d3:4c:16:c8:6d:07:c2:e9:77:4f:54:74:11:52:
                    3e:ca:56:b2:41:0d:c0:20:48:33:f8:03:d3:12:ef:
                    4b:f0:04:a6:7d:4b:9a:d5:12:99:52:14:95:c3:75:
                    90:47:f8:c5:af:f0:5a:5a:6c:8c:56:43:8c:a0:e2:
                    0c:5d:9c:e2:8e:5a:3a:2b:b9:41:85:fa:be:3d:1d:
                    72:75:0c:0a:8d:00:bf:6d:04:30:90:6c:a3:89:6a:
                    8e:a4:0d:07:1f:1c:7b:b9:f8:e6:dd:0a:15:ea:77:
                    76:6a:ee:a9:e4:f8:a9:eb:8a:75:c2:3e:8c:af:a8:
                    c2:a5:40:81:c2:49:be:35:41:02:c2:88:3a:cc:a0:
                    b4:c0:1e:24:cc:20:c6:09:bd:04:08:5a:d9:58:d3:
                    31:11:3e:52:c4:f7:aa:47:77:3e:b6:62:62:8f:c9:
                    72:46:56:51:16:86:c1:a4:e6:83:51:f4:2a:71:fa:
                    8e:da:30:07:6d:c3:91:08:90:a4:6a:a0:fb:46:50:
                    aa:03:aa:b0:ed:e3:7c:02:c5:90:48:64:f8:5a:d4:
                    04:1b:e8:1b:21:6a:33:9a:07:5b:91:54:cf:53:b9:
                    88:28:e3:a5:7c:1c:cb:a7:d0:e2:0f:1a:75:72:5e:
                    b2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:58:8C:D7:D4:8F:9B:A7:AE:74:06:3E:89:D8:2E:9A:68:43:7E:E7
            X509v3 Authority Key Identifier:
                keyid:30:05:53:78:B5:D7:CC:0C:B7:94:3B:C8:03:37:90:15:B3:48:52:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MAVTeLXXzAy3lDvIAzeQFbNIUpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/08cda2-bebe-49a7-b46c-0a50803b0fbc/1/1-ViM19SPm6eudAY-idgummhDfuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/08cda2-bebe-49a7-b46c-0a50803b0fbc/1/MAVTeLXXzAy3lDvIAzeQFbNIUpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:fd:53:e2:ca:b2:f5:56:72:51:45:49:db:46:c6:7a:be:8f:
         cf:b3:c1:61:6d:c0:22:4d:1e:dc:5e:31:e8:07:13:5b:bf:b4:
         bc:38:22:c6:df:2e:42:cc:99:c4:27:2d:6a:7f:87:98:c6:9a:
         67:c4:ac:e6:95:5b:fa:c6:77:5b:b3:f3:e8:ba:d4:e5:d8:7f:
         a1:44:7c:d5:1b:51:11:5f:49:e7:c0:ed:e2:f7:38:2e:84:8f:
         e5:6e:08:a0:c5:4a:8d:5f:b9:cd:b4:a6:61:bf:e3:de:83:e9:
         72:a3:99:cf:1c:5e:24:bd:cd:47:74:ec:6a:e2:74:c8:eb:cf:
         6f:19:87:4a:2c:03:fc:13:03:49:f8:a3:5c:02:88:b5:96:bc:
         97:c7:d7:70:3f:66:5c:ad:f2:11:36:17:b3:ac:28:cb:00:09:
         75:ba:3e:4c:9d:31:c2:fe:91:fd:19:0e:ab:1b:15:53:d4:69:
         86:01:04:56:79:a7:e2:8c:b2:f3:ef:f9:16:5c:45:87:90:a5:
         c3:a0:db:4e:2a:8d:49:58:64:db:7f:18:7e:6e:9f:b9:d0:7e:
         fc:dc:f4:87:b4:76:53:f7:fc:55:1f:8a:e9:8a:23:0f:42:c9:
         82:3a:d0:5a:d8:76:f4:78:fb:5d:18:01:14:b1:98:a4:83:59:
         67:15:53:bf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKmUhpk++bj5yutWuyQNL6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMDU1Mzc4YjVkN2NjMGNiNzk0M2JjODAzMzc5MDE1YjM0
ODUyOTYwHhcNMjQwMTAyMTQzNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTU4OGNkN2Q0OGY5YmE3YWU3NDA2M2U4OWQ4MmU5YTY4NDM3ZWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjk0KzF7KlyxyrH3mAIhB00wWyG0H
wul3T1R0EVI+ylayQQ3AIEgz+APTEu9L8ASmfUua1RKZUhSVw3WQR/jFr/BaWmyM
VkOMoOIMXZzijlo6K7lBhfq+PR1ydQwKjQC/bQQwkGyjiWqOpA0HHxx7ufjm3QoV
6nd2au6p5Pip64p1wj6Mr6jCpUCBwkm+NUECwog6zKC0wB4kzCDGCb0ECFrZWNMx
ET5SxPeqR3c+tmJij8lyRlZRFobBpOaDUfQqcfqO2jAHbcORCJCkaqD7RlCqA6qw
7eN8AsWQSGT4WtQEG+gbIWozmgdbkVTPU7mIKOOlfBzLp9DiDxp1cl6y1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlYjNfUj5unrnQGPonYLppoQ37nMB8GA1UdIwQY
MBaAFDAFU3i118wMt5Q7yAM3kBWzSFKWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUFWVGVMWFh6QXkzbER2SUF6ZVFGYk5JVXBZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8wOGNkYTItYmViZS00OWE3LWI0NmMt
MGE1MDgwM2IwZmJjLzEvMS1WaU0xOVNQbTZldWRBWS1pZGd1bW1oRGZ1Yy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGEvMDhjZGEyLWJlYmUtNDlhNy1iNDZjLTBhNTA4MDNiMGZi
Yy8xL01BVlRlTFhYekF5M2xEdklBemVRRmJOSVVwWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1DCDAN
BgkqhkiG9w0BAQsFAAOCAQEAlf1T4sqy9VZyUUVJ20bGer6Pz7PBYW3AIk0e3F4x
6AcTW7+0vDgixt8uQsyZxCctan+HmMaaZ8Ss5pVb+sZ3W7Pz6LrU5dh/oUR81RtR
EV9J58Dt4vc4LoSP5W4IoMVKjV+5zbSmYb/j3oPpcqOZzxxeJL3NR3TsauJ0yOvP
bxmHSiwD/BMDSfijXAKItZa8l8fXcD9mXK3yETYXs6woywAJdbo+TJ0xwv6R/RkO
qxsVU9RphgEEVnmn4oyy8+/5FlxFh5Clw6DbTiqNSVhk238Yfm6fudB+/Nz0h7R2
U/f8VR+K6YojD0LJgjrQWth29Hj7XRgBFLGYpINZZxVTvw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:41:37 2024 by rpki-client on console-ams.rpki-client.org