Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/g3i57TOI_fin9KYWvXWR-253wKU.roa
File:                     g3i57TOI_fin9KYWvXWR-253wKU.roa (raw, json)
Hash identifier:          51F5hCiin6mMWNtwtMkbB4jP5Bs2TXtyU/UkVZmj9eU=
Subject key identifier:   83:78:B9:ED:33:88:FD:F8:A7:F4:A6:16:BD:75:91:FB:6E:77:C0:A5
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       018CC8DE4987595EE513A092428DAC5291D5
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/g3i57TOI_fin9KYWvXWR-253wKU.roa
Signing time:             Tue 02 Jan 2024 06:31:00 +0000
ROA not before:           Tue 02 Jan 2024 06:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48031
IP address blocks:        45.134.158.0/24 maxlen: 24
                          45.134.159.0/24 maxlen: 24
                          185.232.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:49:87:59:5e:e5:13:a0:92:42:8d:ac:52:91:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jan  2 06:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8378b9ed3388fdf8a7f4a616bd7591fb6e77c0a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:61:97:1d:2f:06:32:ea:1c:60:05:19:be:2b:
                    07:16:24:dd:4b:b7:3a:d2:8d:7a:ff:fd:db:b6:3a:
                    b1:c6:5c:d7:b5:76:91:62:e6:db:d2:55:25:cc:37:
                    78:24:36:51:f3:ad:b4:72:f7:e5:27:12:45:f8:49:
                    72:ec:43:73:e5:78:92:95:26:8f:45:c2:91:16:f3:
                    3b:94:d2:71:af:39:52:28:98:93:4d:7d:01:c0:fe:
                    29:0c:d5:6f:32:7f:95:5d:85:53:25:24:69:70:b2:
                    f3:bc:51:f8:a1:5e:67:af:76:c6:8f:19:c0:a9:bf:
                    a9:07:d4:29:73:1e:ea:1e:d4:5b:e3:58:87:a3:7b:
                    ad:3c:19:87:a7:30:d7:f7:ef:7d:4c:a6:77:f3:22:
                    f8:f6:28:df:0f:be:fe:f4:f5:76:58:03:12:85:8e:
                    59:36:ce:b4:45:7f:8b:bd:95:3d:6b:4a:26:ba:ab:
                    c9:26:ad:60:87:d6:f3:0e:ac:a4:12:06:06:15:9f:
                    73:c8:9a:97:2b:43:30:5c:db:db:16:4c:d5:a1:a2:
                    8b:37:e7:fb:86:69:ec:ab:01:d5:06:5e:ec:fe:45:
                    a6:92:6a:7b:e9:72:40:4f:1b:de:d3:4c:03:20:94:
                    80:ea:7c:6b:0f:f5:25:73:8b:a0:5d:db:14:58:07:
                    30:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:78:B9:ED:33:88:FD:F8:A7:F4:A6:16:BD:75:91:FB:6E:77:C0:A5
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/g3i57TOI_fin9KYWvXWR-253wKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.158.0/23
                  185.232.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:fa:87:0f:a6:3d:30:eb:f0:5a:f0:f3:22:d8:eb:e4:64:dd:
         c6:85:9b:d3:b1:94:1d:28:54:e1:67:08:8f:00:34:cc:92:c5:
         52:5f:fd:ee:45:ad:da:c5:bd:df:c3:80:f4:5d:66:ab:56:34:
         4c:d7:2c:1d:d8:2d:ca:47:6f:7d:5e:d5:d7:b9:c0:10:11:2c:
         f7:02:4c:c2:fc:64:a7:5b:9d:45:6e:d8:5b:dc:10:40:4d:73:
         37:07:4b:38:ab:69:58:67:26:8d:48:4a:70:60:86:cb:bd:44:
         59:c2:8a:41:de:59:58:a5:4c:de:1f:09:7c:2a:74:65:81:36:
         68:9b:fd:8c:a3:14:e4:d4:1f:a9:da:64:fb:4e:f2:3e:60:49:
         d0:0e:fe:12:12:49:ec:43:15:80:1a:59:54:fe:8d:9c:62:df:
         4c:af:0c:05:9a:ff:5a:34:40:65:78:eb:f1:c1:fc:b2:d6:80:
         1d:d2:c2:63:76:a4:4d:7e:1f:d3:67:32:e9:7a:4c:7f:6a:9b:
         63:f8:47:1c:9a:1c:6d:8e:5d:57:60:ef:41:ba:8b:fa:90:a7:
         b7:8a:6d:f2:07:8b:51:34:2d:2f:55:74:30:5b:49:da:2b:22:
         28:b9:8b:f6:c5:9b:c2:49:32:c0:a5:25:5a:24:6b:2f:a1:2e:
         0d:7b:07:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3kmHWV7lE6CSQo2sUpHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjQwMTAyMDYzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzc4YjllZDMzODhmZGY4YTdmNGE2MTZiZDc1OTFmYjZlNzdjMGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2GXHS8GMuocYAUZvisHFiTdS7c6
0o16//3btjqxxlzXtXaRYubb0lUlzDd4JDZR8620cvflJxJF+Ely7ENz5XiSlSaP
RcKRFvM7lNJxrzlSKJiTTX0BwP4pDNVvMn+VXYVTJSRpcLLzvFH4oV5nr3bGjxnA
qb+pB9Qpcx7qHtRb41iHo3utPBmHpzDX9+99TKZ38yL49ijfD77+9PV2WAMShY5Z
Ns60RX+LvZU9a0omuqvJJq1gh9bzDqykEgYGFZ9zyJqXK0MwXNvbFkzVoaKLN+f7
hmnsqwHVBl7s/kWmkmp76XJATxve00wDIJSA6nxrD/Ulc4ugXdsUWAcwbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIN4ue0ziP34p/SmFr11kftud8ClMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvZzNpNTdUT0lfZmluOUtZV3ZYV1ItMjUzd0tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLYaeAwQA
uegQMA0GCSqGSIb3DQEBCwUAA4IBAQBR+ocPpj0w6/Ba8PMi2OvkZN3GhZvTsZQd
KFThZwiPADTMksVSX/3uRa3axb3fw4D0XWarVjRM1ywd2C3KR299XtXXucAQESz3
AkzC/GSnW51Fbthb3BBATXM3B0s4q2lYZyaNSEpwYIbLvURZwopB3llYpUzeHwl8
KnRlgTZom/2MoxTk1B+p2mT7TvI+YEnQDv4SEknsQxWAGllU/o2cYt9MrwwFmv9a
NEBleOvxwfyy1oAd0sJjdqRNfh/TZzLpekx/aptj+Eccmhxtjl1XYO9Buov6kKe3
im3yB4tRNC0vVXQwW0naKyIouYv2xZvCSTLApSVaJGsvoS4NewcZ
-----END CERTIFICATE-----
Generated at Fri Nov 22 05:51:45 2024 by rpki-client on console-fra.rpki-client.org