Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/384f29-fd4d-436a-b85b-00403b64055a/1/VxQVxhC7GGFfqObxyWDExl-tdAg.roa
File:                     VxQVxhC7GGFfqObxyWDExl-tdAg.roa (raw, json)
Hash identifier:          4KByHrX9k5UwoavSziIU4H7Znt0p4r8UmEYZ1DaC0Kc=
Subject key identifier:   57:14:15:C6:10:BB:18:61:5F:A8:E6:F1:C9:60:C4:C6:5F:AD:74:08
Certificate issuer:       /CN=498fe5b282b1c7db00f67bb4a13d9f79520508b7
Certificate serial:       018D0FE372A51DB39FA142B67897EE28C082
Authority key identifier: 49:8F:E5:B2:82:B1:C7:DB:00:F6:7B:B4:A1:3D:9F:79:52:05:08:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SY_lsoKxx9sA9nu0oT2feVIFCLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/384f29-fd4d-436a-b85b-00403b64055a/1/VxQVxhC7GGFfqObxyWDExl-tdAg.roa
Signing time:             Tue 16 Jan 2024 01:29:40 +0000
ROA not before:           Tue 16 Jan 2024 01:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51889
IP address blocks:        45.147.76.0/24 maxlen: 24
                          45.147.77.0/24 maxlen: 24
                          45.147.78.0/23 maxlen: 23
                          45.147.78.0/24 maxlen: 24
                          45.147.76.0/22 maxlen: 22
                          45.147.76.0/23 maxlen: 23
                          45.147.79.0/24 maxlen: 24
                          91.226.246.0/24 maxlen: 24
                          2a13:1740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/384f29-fd4d-436a-b85b-00403b64055a/1/SY_lsoKxx9sA9nu0oT2feVIFCLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/384f29-fd4d-436a-b85b-00403b64055a/1/SY_lsoKxx9sA9nu0oT2feVIFCLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SY_lsoKxx9sA9nu0oT2feVIFCLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0f:e3:72:a5:1d:b3:9f:a1:42:b6:78:97:ee:28:c0:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=498fe5b282b1c7db00f67bb4a13d9f79520508b7
        Validity
            Not Before: Jan 16 01:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=571415c610bb18615fa8e6f1c960c4c65fad7408
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:05:f9:2a:6a:72:58:0a:22:db:94:c9:50:3d:
                    93:fb:3b:4b:47:ee:fd:13:a9:12:9b:21:3b:15:80:
                    94:2a:21:c4:c4:84:73:fd:7f:db:1f:ce:c7:d7:e1:
                    08:73:af:a8:95:3b:38:fd:b6:bb:6f:12:1b:4d:5b:
                    98:bd:f3:aa:31:c3:0f:63:13:28:b8:9d:f5:99:e5:
                    4b:a2:e2:02:91:d0:5b:5e:1e:7f:a4:a8:5a:71:42:
                    8f:25:98:2c:9e:b6:ec:cc:d3:95:20:b8:16:8b:f7:
                    66:69:b0:f7:5d:5a:df:eb:0a:b4:47:5b:d5:07:4b:
                    df:89:66:12:d5:80:df:7e:09:3f:a7:7c:2d:37:fa:
                    19:e2:69:4a:42:31:b6:7e:c5:25:e0:bb:89:22:58:
                    10:a7:0f:35:81:a4:64:96:5c:98:3a:d7:b6:33:ad:
                    a2:d8:28:1d:fc:79:5e:0e:a6:70:44:2d:f8:5c:a4:
                    6d:4d:57:d1:0d:1a:3d:a6:5a:cc:da:34:64:3c:be:
                    49:95:dc:5b:6f:ca:44:75:85:b6:5a:e2:9b:77:5e:
                    d0:01:f8:02:8b:f8:02:d5:9a:1e:ee:6b:60:4b:c8:
                    78:8d:fb:cc:e6:05:f9:8d:a7:40:5f:4e:bd:bf:d6:
                    52:bb:c6:47:ea:17:bd:ef:c2:94:ef:6a:db:e0:0e:
                    b3:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:14:15:C6:10:BB:18:61:5F:A8:E6:F1:C9:60:C4:C6:5F:AD:74:08
            X509v3 Authority Key Identifier:
                keyid:49:8F:E5:B2:82:B1:C7:DB:00:F6:7B:B4:A1:3D:9F:79:52:05:08:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SY_lsoKxx9sA9nu0oT2feVIFCLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/384f29-fd4d-436a-b85b-00403b64055a/1/VxQVxhC7GGFfqObxyWDExl-tdAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/384f29-fd4d-436a-b85b-00403b64055a/1/SY_lsoKxx9sA9nu0oT2feVIFCLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.76.0/22
                  91.226.246.0/24
                IPv6:
                  2a13:1740::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:89:8f:ee:73:b2:c8:85:76:eb:eb:91:a6:cc:d5:db:b8:66:
         4d:93:c5:fe:c4:5a:0b:de:9d:2e:02:1c:de:d0:e8:75:0f:60:
         3a:09:4a:49:78:4c:24:8f:cb:f0:a7:d3:d4:52:94:78:1e:12:
         da:4e:6c:4c:27:fa:bd:3b:2e:d7:7f:8d:71:88:7f:a7:f7:08:
         3f:73:ff:d8:85:54:74:87:86:cd:7e:f0:8d:ef:27:ae:69:6b:
         03:6a:df:70:1c:0b:5f:c3:05:04:93:b6:22:43:40:f9:8f:bb:
         66:39:9d:5e:94:b1:8c:4a:81:a0:1c:4f:b3:b5:e3:56:4e:2f:
         12:85:aa:0f:ad:f2:c2:80:9e:ed:52:22:94:08:dc:41:27:f5:
         6b:1e:92:fd:81:70:72:55:3d:57:ce:89:24:95:11:82:b6:be:
         04:51:c4:6d:58:bb:ef:14:b6:65:4a:a0:2e:10:5f:88:d5:cd:
         d4:52:92:71:d7:95:90:8b:a6:0c:ce:a8:75:56:12:43:56:72:
         b2:5e:21:08:25:ce:d5:2c:69:c3:b8:58:f4:49:87:78:40:9c:
         c4:ab:a3:c2:cf:8c:8f:23:5e:82:9e:1c:aa:32:a0:31:aa:65:
         bf:19:73:e0:0b:41:ec:af:48:24:f1:63:9f:cb:d5:42:d5:91:
         50:18:f5:d1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY0P43KlHbOfoUK2eJfuKMCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5OGZlNWIyODJiMWM3ZGIwMGY2N2JiNGExM2Q5Zjc5NTIw
NTA4YjcwHhcNMjQwMTE2MDEyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzE0MTVjNjEwYmIxODYxNWZhOGU2ZjFjOTYwYzRjNjVmYWQ3NDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgX5KmpyWAoi25TJUD2T+ztLR+79
E6kSmyE7FYCUKiHExIRz/X/bH87H1+EIc6+olTs4/ba7bxIbTVuYvfOqMcMPYxMo
uJ31meVLouICkdBbXh5/pKhacUKPJZgsnrbszNOVILgWi/dmabD3XVrf6wq0R1vV
B0vfiWYS1YDffgk/p3wtN/oZ4mlKQjG2fsUl4LuJIlgQpw81gaRkllyYOte2M62i
2Cgd/HleDqZwRC34XKRtTVfRDRo9plrM2jRkPL5Jldxbb8pEdYW2WuKbd17QAfgC
i/gC1Zoe7mtgS8h4jfvM5gX5jadAX069v9ZSu8ZH6he978KU72rb4A6z+QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFcUFcYQuxhhX6jm8clgxMZfrXQIMB8GA1UdIwQY
MBaAFEmP5bKCscfbAPZ7tKE9n3lSBQi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1lfbHNvS3h4OXNBOW51MG9UMmZlVklGQ0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zODRmMjktZmQ0ZC00MzZhLWI4NWIt
MDA0MDNiNjQwNTVhLzEvVnhRVnhoQzdHR0ZmcU9ieHlXREV4bC10ZEFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zODRmMjktZmQ0ZC00MzZhLWI4NWItMDA0MDNiNjQwNTVh
LzEvU1lfbHNvS3h4OXNBOW51MG9UMmZlVklGQ0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLZNMAwQA
W+L2MA0EAgACMAcDBQMqExdAMA0GCSqGSIb3DQEBCwUAA4IBAQCfiY/uc7LIhXbr
65GmzNXbuGZNk8X+xFoL3p0uAhze0Oh1D2A6CUpJeEwkj8vwp9PUUpR4HhLaTmxM
J/q9Oy7Xf41xiH+n9wg/c//YhVR0h4bNfvCN7yeuaWsDat9wHAtfwwUEk7YiQ0D5
j7tmOZ1elLGMSoGgHE+zteNWTi8ShaoPrfLCgJ7tUiKUCNxBJ/VrHpL9gXByVT1X
zokklRGCtr4EUcRtWLvvFLZlSqAuEF+I1c3UUpJx15WQi6YMzqh1VhJDVnKyXiEI
Jc7VLGnDuFj0SYd4QJzEq6PCz4yPI16CnhyqMqAxqmW/GXPgC0Hsr0gk8WOfy9VC
1ZFQGPXR
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:04:34 2024 by rpki-client on console-ams.rpki-client.org