Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/yAQi_JmZBYvY9Knr3ls8S3CRUls.roa
File:                     yAQi_JmZBYvY9Knr3ls8S3CRUls.roa (raw, json)
Hash identifier:          A7usJXlUxK6zOrYK5gG5oqFRotiVPH23BXEtQz+qTh4=
Subject key identifier:   C8:04:22:FC:99:99:05:8B:D8:F4:A9:EB:DE:5B:3C:4B:70:91:52:5B
Certificate issuer:       /CN=7292226567da72dd86883cadd5f3de6ffd5b3573
Certificate serial:       018CC2DB0454AF6B20D7273DC11DD1486A7A
Authority key identifier: 72:92:22:65:67:DA:72:DD:86:88:3C:AD:D5:F3:DE:6F:FD:5B:35:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cpIiZWfact2GiDyt1fPeb_1bNXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/yAQi_JmZBYvY9Knr3ls8S3CRUls.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56911
IP address blocks:        176.119.217.0/24 maxlen: 24
                          45.117.232.0/22 maxlen: 22
                          2a07:9340::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/cpIiZWfact2GiDyt1fPeb_1bNXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/cpIiZWfact2GiDyt1fPeb_1bNXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cpIiZWfact2GiDyt1fPeb_1bNXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:04:54:af:6b:20:d7:27:3d:c1:1d:d1:48:6a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7292226567da72dd86883cadd5f3de6ffd5b3573
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c80422fc9999058bd8f4a9ebde5b3c4b7091525b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3b:cf:df:fa:9c:8a:51:9c:d3:02:09:67:8b:
                    8d:a2:b2:d6:1d:44:68:c4:67:10:d9:5f:35:c7:0a:
                    6d:49:7c:15:bc:6a:ba:95:6a:b4:b4:ba:31:08:c9:
                    f9:88:10:b2:26:f0:08:3a:d6:cf:cf:a1:bc:40:e7:
                    9e:e5:21:a0:de:eb:8f:c5:db:19:d0:e1:0e:a6:4b:
                    5b:df:00:af:bf:cb:85:0c:43:0a:3d:64:bc:da:37:
                    4b:2b:fd:4d:b7:0c:73:8d:2e:87:1c:e5:71:31:60:
                    66:45:06:25:b7:a0:8a:19:23:e2:6e:9b:14:a4:ff:
                    26:5d:80:42:19:c0:12:e3:9f:4c:2e:61:6a:18:65:
                    b1:81:0d:7a:d0:9f:ad:18:0a:15:9c:5f:f9:d0:ed:
                    94:fe:3b:fe:2a:72:51:55:5b:01:69:86:2b:c7:a9:
                    8a:0c:a0:32:d5:36:0a:b4:7b:54:93:7a:fd:24:0d:
                    3f:3e:f2:6a:72:6f:47:b2:0d:79:a7:e6:19:cc:3d:
                    7c:03:49:b0:bf:a8:a8:3f:a3:f3:24:18:28:71:93:
                    b0:dc:5d:94:37:bb:7e:ef:3d:25:f6:42:2e:35:f0:
                    70:0d:94:8b:63:ca:af:9f:df:83:4e:24:3e:9e:d4:
                    37:77:66:34:af:d5:28:e4:47:06:0a:e6:cd:99:b3:
                    f0:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:04:22:FC:99:99:05:8B:D8:F4:A9:EB:DE:5B:3C:4B:70:91:52:5B
            X509v3 Authority Key Identifier:
                keyid:72:92:22:65:67:DA:72:DD:86:88:3C:AD:D5:F3:DE:6F:FD:5B:35:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cpIiZWfact2GiDyt1fPeb_1bNXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/yAQi_JmZBYvY9Knr3ls8S3CRUls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/4ec217-e8d7-4e80-87cd-039de784d941/1/cpIiZWfact2GiDyt1fPeb_1bNXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.232.0/22
                  176.119.217.0/24
                IPv6:
                  2a07:9340::/32

    Signature Algorithm: sha256WithRSAEncryption
         c1:70:0b:3e:19:42:8e:6e:83:6b:fd:54:1a:56:39:31:8f:dc:
         7c:5a:20:6d:84:49:1c:83:45:1c:57:7c:90:ab:45:8f:75:a8:
         3e:6e:ef:51:cd:b6:73:17:c9:96:30:bc:30:b3:0b:40:73:d7:
         28:2d:88:f0:62:81:84:79:51:03:27:24:a4:6e:58:ad:8b:2b:
         db:a2:db:1b:55:c3:e1:72:f6:1f:5f:7f:23:b4:1d:f9:a9:66:
         e2:83:65:16:94:0f:56:2b:c6:43:3a:c5:10:f0:1e:5c:23:5e:
         4c:1a:79:fa:84:dd:2b:99:c5:a0:0f:fb:89:e6:01:34:b1:f7:
         c4:6e:be:53:c6:bf:07:02:3f:aa:f1:98:07:0c:c0:18:18:f3:
         e4:b0:5f:f4:95:98:75:23:7d:83:d3:29:5e:b3:4d:0f:b1:b4:
         ea:a5:ff:aa:29:18:50:e3:0a:76:99:76:53:db:43:72:f7:ae:
         9d:14:e0:06:8d:0a:a9:9c:92:dc:fb:2e:52:c4:68:47:57:63:
         2b:5d:70:4b:d1:89:38:b4:99:3d:29:1b:87:9e:d6:7b:3a:b9:
         01:7b:6e:a4:a6:11:81:68:40:b1:a6:25:72:55:67:51:e7:40:
         65:96:ef:3f:11:1c:60:1e:03:28:ba:57:2a:63:69:e9:89:a4:
         01:80:93:47
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2wRUr2sg1yc9wR3RSGp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOTIyMjY1NjdkYTcyZGQ4Njg4M2NhZGQ1ZjNkZTZmZmQ1
YjM1NzMwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODA0MjJmYzk5OTkwNThiZDhmNGE5ZWJkZTViM2M0YjcwOTE1MjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjvP3/qcilGc0wIJZ4uNorLWHURo
xGcQ2V81xwptSXwVvGq6lWq0tLoxCMn5iBCyJvAIOtbPz6G8QOee5SGg3uuPxdsZ
0OEOpktb3wCvv8uFDEMKPWS82jdLK/1NtwxzjS6HHOVxMWBmRQYlt6CKGSPibpsU
pP8mXYBCGcAS459MLmFqGGWxgQ160J+tGAoVnF/50O2U/jv+KnJRVVsBaYYrx6mK
DKAy1TYKtHtUk3r9JA0/PvJqcm9Hsg15p+YZzD18A0mwv6ioP6PzJBgocZOw3F2U
N7t+7z0l9kIuNfBwDZSLY8qvn9+DTiQ+ntQ3d2Y0r9Uo5EcGCubNmbPwIQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMgEIvyZmQWL2PSp695bPEtwkVJbMB8GA1UdIwQY
MBaAFHKSImVn2nLdhog8rdXz3m/9WzVzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3BJaVpXZmFjdDJHaUR5dDFmUGViXzFiTlhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC80ZWMyMTctZThkNy00ZTgwLTg3Y2Qt
MDM5ZGU3ODRkOTQxLzEveUFRaV9KbVpCWXZZOUtucjNsczhTM0NSVWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC80ZWMyMTctZThkNy00ZTgwLTg3Y2QtMDM5ZGU3ODRkOTQx
LzEvY3BJaVpXZmFjdDJHaUR5dDFmUGViXzFiTlhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLXXoAwQA
sHfZMA0EAgACMAcDBQAqB5NAMA0GCSqGSIb3DQEBCwUAA4IBAQDBcAs+GUKOboNr
/VQaVjkxj9x8WiBthEkcg0UcV3yQq0WPdag+bu9RzbZzF8mWMLwwswtAc9coLYjw
YoGEeVEDJySkblitiyvbotsbVcPhcvYfX38jtB35qWbig2UWlA9WK8ZDOsUQ8B5c
I15MGnn6hN0rmcWgD/uJ5gE0sffEbr5Txr8HAj+q8ZgHDMAYGPPksF/0lZh1I32D
0yles00PsbTqpf+qKRhQ4wp2mXZT20Ny966dFOAGjQqpnJLc+y5SxGhHV2MrXXBL
0Yk4tJk9KRuHntZ7OrkBe26kphGBaECxpiVyVWdR50Bllu8/ERxgHgMoulcqY2np
iaQBgJNH
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:06:16 2024 by rpki-client on console-ams.rpki-client.org