Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/d2e14e-f900-4ab0-93fd-fdebf125b48e/1/7YydcanuV8r2kOzg0awFYdnXVf8.roa
File:                     7YydcanuV8r2kOzg0awFYdnXVf8.roa (raw, json)
Hash identifier:          UBJKM21NN3psV+GgDJbyKK5iQmeUadxfLRWhXVMR/cA=
Subject key identifier:   ED:8C:9D:71:A9:EE:57:CA:F6:90:EC:E0:D1:AC:05:61:D9:D7:55:FF
Certificate issuer:       /CN=1644e6c50cb692dfb640f6f88e228a2d9b06c679
Certificate serial:       018CC726FDDF47A0290CD47FE8C5149825ED
Authority key identifier: 16:44:E6:C5:0C:B6:92:DF:B6:40:F6:F8:8E:22:8A:2D:9B:06:C6:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FkTmxQy2kt-2QPb4jiKKLZsGxnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/d2e14e-f900-4ab0-93fd-fdebf125b48e/1/7YydcanuV8r2kOzg0awFYdnXVf8.roa
Signing time:             Mon 01 Jan 2024 22:31:10 +0000
ROA not before:           Mon 01 Jan 2024 22:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208776
IP address blocks:        45.14.58.0/24 maxlen: 24
                          45.14.57.0/24 maxlen: 24
                          45.14.56.0/23 maxlen: 23
                          45.14.56.0/24 maxlen: 24
                          45.14.56.0/22 maxlen: 22
                          45.14.58.0/23 maxlen: 23
                          45.14.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/d2e14e-f900-4ab0-93fd-fdebf125b48e/1/FkTmxQy2kt-2QPb4jiKKLZsGxnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/d2e14e-f900-4ab0-93fd-fdebf125b48e/1/FkTmxQy2kt-2QPb4jiKKLZsGxnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FkTmxQy2kt-2QPb4jiKKLZsGxnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:fd:df:47:a0:29:0c:d4:7f:e8:c5:14:98:25:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1644e6c50cb692dfb640f6f88e228a2d9b06c679
        Validity
            Not Before: Jan  1 22:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed8c9d71a9ee57caf690ece0d1ac0561d9d755ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5c:8f:ff:0d:48:ed:d3:b7:1e:36:6d:aa:40:
                    ed:33:79:3b:59:cc:09:7f:c9:d4:93:11:86:dc:1e:
                    04:f7:9d:e3:c2:85:0b:16:a9:22:46:28:3a:f8:3c:
                    4e:4d:32:ac:d7:3b:3a:b9:56:94:2a:c9:72:f7:83:
                    53:fb:93:4a:90:b6:ad:cd:75:3d:6e:0d:68:e4:a2:
                    5b:69:48:ed:32:67:94:30:de:b5:4e:3a:4f:6e:a1:
                    10:20:d2:ad:73:d7:c6:35:2c:0d:54:b4:45:e4:7b:
                    eb:d1:c6:b4:42:29:3c:86:8b:b1:c2:11:bf:bb:f0:
                    f7:a4:aa:14:96:85:b6:19:f7:4c:63:0d:be:1c:39:
                    6e:71:3d:31:3b:4c:33:01:7d:d5:60:5a:5d:c2:64:
                    2d:18:21:0a:1c:7f:8a:8d:97:23:ce:64:9d:38:53:
                    15:a8:37:ea:b6:27:92:64:17:01:86:5f:2e:d6:c7:
                    37:a2:99:1e:e3:ff:18:32:27:c4:d3:68:3f:ee:3d:
                    bf:0a:34:c1:26:5d:57:ad:48:91:5f:bc:e4:e2:ae:
                    07:d2:c4:f0:df:ec:01:aa:4c:bd:e0:2b:75:b2:25:
                    e4:41:1b:4f:fe:47:35:34:09:f8:af:a4:74:c6:03:
                    a9:cc:04:4b:3e:89:0a:ff:4c:6f:13:94:89:70:79:
                    5b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:8C:9D:71:A9:EE:57:CA:F6:90:EC:E0:D1:AC:05:61:D9:D7:55:FF
            X509v3 Authority Key Identifier:
                keyid:16:44:E6:C5:0C:B6:92:DF:B6:40:F6:F8:8E:22:8A:2D:9B:06:C6:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FkTmxQy2kt-2QPb4jiKKLZsGxnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/d2e14e-f900-4ab0-93fd-fdebf125b48e/1/7YydcanuV8r2kOzg0awFYdnXVf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/d2e14e-f900-4ab0-93fd-fdebf125b48e/1/FkTmxQy2kt-2QPb4jiKKLZsGxnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:b7:59:5e:46:bc:26:2c:32:17:b7:f3:2e:f5:6d:9d:33:d9:
         b6:81:c5:94:a6:c7:eb:cf:d5:d1:6f:67:13:f4:1a:19:37:bb:
         c5:49:02:36:8d:3d:13:7b:bf:9f:4b:91:5e:29:b7:5e:d6:0b:
         c0:61:8c:2f:73:1b:cd:25:c1:51:1f:78:26:ca:f2:06:e1:ee:
         12:ef:72:da:a6:77:71:65:06:61:de:47:db:24:2d:bb:d2:5b:
         8f:78:6f:f3:c2:6d:3d:d5:29:0d:26:74:b2:f3:30:f2:ec:02:
         07:cb:df:5a:79:42:fc:fa:e0:83:b2:c1:86:53:f8:45:4d:4f:
         02:42:11:1e:8e:26:41:0d:e5:b9:0e:d2:10:2f:19:25:9d:20:
         5e:01:3c:bc:32:8f:61:42:32:ae:0a:92:77:7b:00:99:f2:19:
         72:2c:23:55:3e:be:fa:3f:de:85:38:4d:5f:12:7e:1b:35:ad:
         68:83:3f:bc:c1:78:32:5c:82:d6:93:8b:42:99:ec:90:fc:02:
         97:49:96:f7:c1:92:b8:7a:6c:4d:61:71:91:78:a7:59:99:cc:
         1b:77:88:f5:d0:fb:49:86:5d:da:ea:61:4f:0b:34:e3:eb:86:
         9b:fc:7b:c8:b7:41:88:4b:c5:c4:96:f6:a1:cf:1f:d3:3d:d3:
         e0:af:eb:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJv3fR6ApDNR/6MUUmCXtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NDRlNmM1MGNiNjkyZGZiNjQwZjZmODhlMjI4YTJkOWIw
NmM2NzkwHhcNMjQwMTAxMjIzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDhjOWQ3MWE5ZWU1N2NhZjY5MGVjZTBkMWFjMDU2MWQ5ZDc1NWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulyP/w1I7dO3HjZtqkDtM3k7WcwJ
f8nUkxGG3B4E953jwoULFqkiRig6+DxOTTKs1zs6uVaUKsly94NT+5NKkLatzXU9
bg1o5KJbaUjtMmeUMN61TjpPbqEQINKtc9fGNSwNVLRF5Hvr0ca0Qik8houxwhG/
u/D3pKoUloW2GfdMYw2+HDlucT0xO0wzAX3VYFpdwmQtGCEKHH+KjZcjzmSdOFMV
qDfqtieSZBcBhl8u1sc3opke4/8YMifE02g/7j2/CjTBJl1XrUiRX7zk4q4H0sTw
3+wBqky94Ct1siXkQRtP/kc1NAn4r6R0xgOpzARLPokK/0xvE5SJcHlbVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2MnXGp7lfK9pDs4NGsBWHZ11X/MB8GA1UdIwQY
MBaAFBZE5sUMtpLftkD2+I4iii2bBsZ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmtUbXhReTJrdC0yUVBiNGppS0tMWnNHeG5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9kMmUxNGUtZjkwMC00YWIwLTkzZmQt
ZmRlYmYxMjViNDhlLzEvN1l5ZGNhbnVWOHIya096ZzBhd0ZZZG5YVmY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9kMmUxNGUtZjkwMC00YWIwLTkzZmQtZmRlYmYxMjViNDhl
LzEvRmtUbXhReTJrdC0yUVBiNGppS0tMWnNHeG5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ44MA0G
CSqGSIb3DQEBCwUAA4IBAQA/t1leRrwmLDIXt/Mu9W2dM9m2gcWUpsfrz9XRb2cT
9BoZN7vFSQI2jT0Te7+fS5FeKbde1gvAYYwvcxvNJcFRH3gmyvIG4e4S73Lapndx
ZQZh3kfbJC270luPeG/zwm091SkNJnSy8zDy7AIHy99aeUL8+uCDssGGU/hFTU8C
QhEejiZBDeW5DtIQLxklnSBeATy8Mo9hQjKuCpJ3ewCZ8hlyLCNVPr76P96FOE1f
En4bNa1ogz+8wXgyXILWk4tCmeyQ/AKXSZb3wZK4emxNYXGReKdZmcwbd4j10PtJ
hl3a6mFPCzTj64ab/HvIt0GIS8XElvahzx/TPdPgr+tZ
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:59:05 2024 by rpki-client on console-fra.rpki-client.org