Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/LSGM7vSXp13ydrW98bnFaLd9hUc.roa
File:                     LSGM7vSXp13ydrW98bnFaLd9hUc.roa (raw, json)
Hash identifier:          /jae2BIVvzfnsYv1M+LXz3ruqosU91IBGfDVSswFEPE=
Subject key identifier:   2D:21:8C:EE:F4:97:A7:5D:F2:76:B5:BD:F1:B9:C5:68:B7:7D:85:47
Certificate issuer:       /CN=955fcf92798a9dbb30abd2b9fa29bfa8804220f3
Certificate serial:       018CCA2A2680DA95ADBEF1BACDDE32AE656B
Authority key identifier: 95:5F:CF:92:79:8A:9D:BB:30:AB:D2:B9:FA:29:BF:A8:80:42:20:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lV_PknmKnbswq9K5-im_qIBCIPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/LSGM7vSXp13ydrW98bnFaLd9hUc.roa
Signing time:             Tue 02 Jan 2024 12:33:29 +0000
ROA not before:           Tue 02 Jan 2024 12:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21368
IP address blocks:        45.86.137.0/24 maxlen: 24
                          45.86.138.0/23 maxlen: 23
                          185.109.253.0/24 maxlen: 24
                          185.109.252.0/23 maxlen: 23
                          185.109.252.0/24 maxlen: 24
                          185.109.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/lV_PknmKnbswq9K5-im_qIBCIPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/lV_PknmKnbswq9K5-im_qIBCIPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lV_PknmKnbswq9K5-im_qIBCIPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:26:80:da:95:ad:be:f1:ba:cd:de:32:ae:65:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=955fcf92798a9dbb30abd2b9fa29bfa8804220f3
        Validity
            Not Before: Jan  2 12:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d218ceef497a75df276b5bdf1b9c568b77d8547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:76:b6:57:c8:fa:dd:46:d3:9f:33:3d:9f:5b:
                    1f:1c:a6:98:40:ee:0f:fb:bb:30:18:45:a3:c6:38:
                    15:3d:94:21:78:69:4c:1d:ba:74:3a:f1:d6:c9:7e:
                    af:b9:ba:ae:e4:d7:8b:44:b1:fc:35:93:8b:44:40:
                    8a:60:e3:de:a5:26:63:83:e6:49:07:f8:8e:78:f4:
                    14:94:51:cc:2f:c1:b7:eb:88:db:b1:d5:8b:d9:a4:
                    26:db:8c:f0:a0:ba:cd:41:1a:ec:81:33:a0:30:de:
                    d5:48:d9:2a:26:53:a7:f4:95:f8:3d:75:53:3f:61:
                    52:b9:b4:d3:2d:67:f0:22:7f:9c:ad:57:ea:e3:4d:
                    c2:ad:47:96:dd:21:51:a4:a8:19:77:0f:c8:0f:7a:
                    d8:7c:56:b2:ca:d0:9f:28:04:67:73:e1:0c:cc:0b:
                    ee:24:d4:4e:bb:a0:a1:9c:91:1f:e0:b5:70:9a:21:
                    0d:f5:0a:7b:51:aa:79:05:33:76:32:ab:67:30:b6:
                    38:6d:68:cc:48:56:b2:6e:a1:1a:d1:82:0f:02:33:
                    5a:ae:4e:ce:ee:9c:21:cf:36:d3:53:0d:79:48:5a:
                    69:4c:82:c3:3c:26:0d:55:a4:10:9c:d6:f3:32:e2:
                    7a:49:30:61:88:fd:92:bc:b7:40:b8:2c:2f:28:1a:
                    d4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:21:8C:EE:F4:97:A7:5D:F2:76:B5:BD:F1:B9:C5:68:B7:7D:85:47
            X509v3 Authority Key Identifier:
                keyid:95:5F:CF:92:79:8A:9D:BB:30:AB:D2:B9:FA:29:BF:A8:80:42:20:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lV_PknmKnbswq9K5-im_qIBCIPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/LSGM7vSXp13ydrW98bnFaLd9hUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/lV_PknmKnbswq9K5-im_qIBCIPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.137.0-45.86.139.255
                  185.109.252.0/23
                  185.109.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:24:cb:36:13:c7:5c:75:da:b3:a6:c6:c2:91:07:82:f4:95:
         95:a3:ec:19:50:34:c5:0b:fd:78:80:07:3f:7f:bd:fc:77:dc:
         99:13:94:18:54:f7:30:6b:7d:ea:6e:81:17:88:44:5f:92:e1:
         e5:0f:12:3c:52:30:de:d3:a9:ec:f8:cb:a5:90:56:50:c8:24:
         33:87:c1:2b:b5:b8:0e:fc:65:6d:15:1a:35:c0:10:88:40:21:
         99:ef:9d:d6:22:b2:14:6b:58:40:6b:71:46:2f:ef:2f:c5:74:
         a7:73:e5:4e:36:49:be:ba:c3:58:ee:70:f8:a4:4e:b9:a2:a6:
         5d:c0:f4:f6:d1:b2:15:7c:29:b3:f6:94:f1:85:96:c9:b9:c9:
         0f:70:54:6d:40:ec:f3:6c:4c:24:95:ad:9e:c5:56:a0:8f:13:
         14:1a:0e:b4:90:07:65:aa:6b:01:b0:8e:67:15:18:8a:8c:ea:
         ea:0e:c4:dd:ac:b2:e2:42:25:6e:19:10:7c:80:55:09:27:47:
         2e:b7:a1:8a:96:1c:64:dc:cf:ee:f9:48:4e:4a:04:c2:39:90:
         01:e2:05:d9:fd:61:01:6e:cf:85:9e:f1:f7:d4:0e:00:08:f2:
         cc:63:36:75:e8:d2:64:0b:64:ae:b5:f0:eb:2e:03:db:2e:a0:
         6a:be:77:8d
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzKKiaA2pWtvvG6zd4yrmVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NWZjZjkyNzk4YTlkYmIzMGFiZDJiOWZhMjliZmE4ODA0
MjIwZjMwHhcNMjQwMTAyMTIzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDIxOGNlZWY0OTdhNzVkZjI3NmI1YmRmMWI5YzU2OGI3N2Q4NTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApna2V8j63UbTnzM9n1sfHKaYQO4P
+7swGEWjxjgVPZQheGlMHbp0OvHWyX6vubqu5NeLRLH8NZOLRECKYOPepSZjg+ZJ
B/iOePQUlFHML8G364jbsdWL2aQm24zwoLrNQRrsgTOgMN7VSNkqJlOn9JX4PXVT
P2FSubTTLWfwIn+crVfq403CrUeW3SFRpKgZdw/ID3rYfFayytCfKARnc+EMzAvu
JNROu6ChnJEf4LVwmiEN9Qp7Uap5BTN2MqtnMLY4bWjMSFaybqEa0YIPAjNark7O
7pwhzzbTUw15SFppTILDPCYNVaQQnNbzMuJ6STBhiP2SvLdAuCwvKBrUAQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFC0hjO70l6dd8na1vfG5xWi3fYVHMB8GA1UdIwQY
MBaAFJVfz5J5ip27MKvSufopv6iAQiDzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFZfUGtubUtuYnN3cTlLNS1pbV9xSUJDSVBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9kZjE0MGEtMGFjMy00MTA1LWI4M2Et
MDUxODg2ZDBlZDRlLzEvTFNHTTd2U1hwMTN5ZHJXOThibkZhTGQ5aFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9kZjE0MGEtMGFjMy00MTA1LWI4M2EtMDUxODg2ZDBlZDRl
LzEvbFZfUGtubUtuYnN3cTlLNS1pbV9xSUJDSVBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAAtVokD
BAItVogDBAG5bfwDBAC5bf8wDQYJKoZIhvcNAQELBQADggEBAEokyzYTx1x12rOm
xsKRB4L0lZWj7BlQNMUL/XiABz9/vfx33JkTlBhU9zBrfepugReIRF+S4eUPEjxS
MN7Tqez4y6WQVlDIJDOHwSu1uA78ZW0VGjXAEIhAIZnvndYishRrWEBrcUYv7y/F
dKdz5U42Sb66w1jucPikTrmipl3A9PbRshV8KbP2lPGFlsm5yQ9wVG1A7PNsTCSV
rZ7FVqCPExQaDrSQB2WqawGwjmcVGIqM6uoOxN2ssuJCJW4ZEHyAVQknRy63oYqW
HGTcz+75SE5KBMI5kAHiBdn9YQFuz4We8ffUDgAI8sxjNnXo0mQLZK618OsuA9su
oGq+d40=
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:21:43 2024 by rpki-client on console-fra.rpki-client.org