Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/VBWv9MJ5-DEaWCYHjJKxWWZoiE8.roa
File:                     VBWv9MJ5-DEaWCYHjJKxWWZoiE8.roa (raw, json)
Hash identifier:          yz5xqEu+4HneAfhEPyyan79ZYuiTwuV+DmZoOMzvt1o=
Subject key identifier:   54:15:AF:F4:C2:79:F8:31:1A:58:26:07:8C:92:B1:59:66:68:88:4F
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018CC94E12B14BCA13EAE73704A818ABF881
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/VBWv9MJ5-DEaWCYHjJKxWWZoiE8.roa
Signing time:             Tue 02 Jan 2024 08:33:06 +0000
ROA not before:           Tue 02 Jan 2024 08:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58212
IP address blocks:        37.114.35.0/24 maxlen: 24
                          37.114.43.0/24 maxlen: 24
                          37.114.44.0/23 maxlen: 24
                          103.252.89.0/24 maxlen: 24
                          103.252.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:12:b1:4b:ca:13:ea:e7:37:04:a8:18:ab:f8:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  2 08:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5415aff4c279f8311a5826078c92b1596668884f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:10:5b:40:04:a9:db:d6:94:85:fe:d2:71:c4:
                    28:99:09:24:01:b2:c2:37:94:30:e4:8e:45:b9:92:
                    f0:62:3d:6f:e3:78:3d:17:ab:ea:eb:71:ca:91:65:
                    f4:5e:6d:a0:81:9a:a3:fa:ed:50:89:e3:b2:01:f2:
                    f1:e8:4b:58:b2:25:4c:23:35:92:d7:7e:4b:b2:18:
                    ea:95:5d:68:10:21:6e:0c:d0:70:be:6a:12:92:8c:
                    a1:e3:45:5d:68:6b:7e:41:74:d5:d1:17:9f:80:cb:
                    cf:d0:33:a0:d9:e9:30:b9:0c:0d:de:31:77:10:1f:
                    d9:c8:a7:8b:5c:7a:39:96:f6:a6:8d:64:8d:4e:fc:
                    08:a7:4c:4a:fd:af:90:8b:ef:f3:76:6e:33:be:30:
                    c2:77:69:42:ad:b5:52:5a:3f:2d:dd:74:7b:bd:4c:
                    5b:b7:8d:56:26:3c:6d:e7:60:4f:77:83:93:2f:9f:
                    76:83:c7:22:74:7e:13:e5:ff:19:a8:4e:84:4d:cf:
                    4c:66:5c:31:75:70:93:18:73:80:73:85:63:67:8e:
                    8b:66:9c:d1:e5:d8:c9:d4:a1:b6:f0:56:cf:77:a2:
                    d5:bc:14:62:f8:80:0d:b4:c6:37:d6:dd:98:31:2d:
                    07:3f:a9:bf:7a:29:c5:39:0b:62:13:4e:fc:ec:46:
                    a8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:15:AF:F4:C2:79:F8:31:1A:58:26:07:8C:92:B1:59:66:68:88:4F
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/VBWv9MJ5-DEaWCYHjJKxWWZoiE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.35.0/24
                  37.114.43.0-37.114.45.255
                  103.252.89.0-103.252.90.255

    Signature Algorithm: sha256WithRSAEncryption
         25:01:8b:db:bf:e5:98:ca:cc:a0:c9:ad:b3:cc:74:6d:a0:7b:
         75:3d:73:de:bb:7c:96:47:57:3b:e6:af:93:fa:4d:57:38:c1:
         23:cc:3e:1f:c1:e1:ed:0b:55:46:64:3c:dc:42:e6:51:99:27:
         21:51:fb:54:93:e5:f1:f7:96:c8:d0:8f:be:5c:a0:28:6d:26:
         c9:29:2e:17:2a:db:e9:48:21:8c:6f:da:dd:30:a0:86:e9:53:
         12:11:0c:df:7b:2e:1e:91:16:9e:86:23:bf:0b:1a:25:90:74:
         57:b4:a8:18:fb:fc:69:5e:fc:58:f4:0b:0e:cd:5b:66:4b:0b:
         97:9c:ef:94:12:34:0c:35:a0:8c:71:68:9a:05:eb:ba:19:5b:
         22:fc:d2:4a:c2:e3:10:3d:ba:84:8f:01:fe:fa:c4:78:82:06:
         94:71:31:d7:15:b7:44:47:27:36:66:3d:b4:66:f5:21:de:f9:
         39:3b:1c:1e:62:3a:c1:46:f1:aa:4f:2e:6a:98:bd:84:de:63:
         98:24:35:c8:a5:2a:0c:27:76:01:9b:bf:66:e2:79:9b:68:fa:
         d2:c5:7a:9a:ce:44:71:96:b7:52:6c:b3:32:82:4b:da:0b:77:
         a8:37:5b:92:8e:74:8d:67:5b:4d:af:4d:2d:b4:f4:61:18:cb:
         dd:75:93:72
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzJThKxS8oT6uc3BKgYq/iBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwMTAyMDgzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDE1YWZmNGMyNzlmODMxMWE1ODI2MDc4YzkyYjE1OTY2Njg4ODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixBbQASp29aUhf7SccQomQkkAbLC
N5Qw5I5FuZLwYj1v43g9F6vq63HKkWX0Xm2ggZqj+u1QieOyAfLx6EtYsiVMIzWS
135LshjqlV1oECFuDNBwvmoSkoyh40VdaGt+QXTV0RefgMvP0DOg2ekwuQwN3jF3
EB/ZyKeLXHo5lvamjWSNTvwIp0xK/a+Qi+/zdm4zvjDCd2lCrbVSWj8t3XR7vUxb
t41WJjxt52BPd4OTL592g8cidH4T5f8ZqE6ETc9MZlwxdXCTGHOAc4VjZ46LZpzR
5djJ1KG28FbPd6LVvBRi+IANtMY31t2YMS0HP6m/einFOQtiE0787EaoCwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFFQVr/TCefgxGlgmB4ySsVlmaIhPMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvVkJXdjlNSjUtREVhV0NZSGpKS3hXV1pvaUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQAJXIjMAwD
BAAlcisDBAElciwwDAMEAGf8WQMEAGf8WjANBgkqhkiG9w0BAQsFAAOCAQEAJQGL
27/lmMrMoMmts8x0baB7dT1z3rt8lkdXO+avk/pNVzjBI8w+H8Hh7QtVRmQ83ELm
UZknIVH7VJPl8feWyNCPvlygKG0mySkuFyrb6UghjG/a3TCghulTEhEM33suHpEW
noYjvwsaJZB0V7SoGPv8aV78WPQLDs1bZksLl5zvlBI0DDWgjHFomgXruhlbIvzS
SsLjED26hI8B/vrEeIIGlHEx1xW3REcnNmY9tGb1Id75OTscHmI6wUbxqk8uapi9
hN5jmCQ1yKUqDCd2AZu/ZuJ5m2j60sV6ms5EcZa3UmyzMoJL2gt3qDdbko50jWdb
Ta9NLbT0YRjL3XWTcg==
-----END CERTIFICATE-----
Generated at Mon Nov 25 14:03:29 2024 by rpki-client on console-ams.rpki-client.org