Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/1-joSiX3Htc7Df9RSA41Wko1aDtY.roa
File:                     1-joSiX3Htc7Df9RSA41Wko1aDtY.roa (raw, json)
Hash identifier:          3J+h0D0T/u1pF4YOsKgMI+bNU/7c/+60BYmvVflamq4=
Subject key identifier:   FA:3A:12:89:7D:C7:B5:CE:C3:7F:D4:52:03:8D:56:92:8D:5A:0E:D6
Certificate issuer:       /CN=8b0d81f3e0f2d18f3b590dcc536d5e94cfe07012
Certificate serial:       018E5178A5F8F15D1701D9B2366EA8867B92
Authority key identifier: 8B:0D:81:F3:E0:F2:D1:8F:3B:59:0D:CC:53:6D:5E:94:CF:E0:70:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iw2B8-Dy0Y87WQ3MU21elM_gcBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/1-joSiX3Htc7Df9RSA41Wko1aDtY.roa
Signing time:             Mon 18 Mar 2024 12:10:45 +0000
ROA not before:           Mon 18 Mar 2024 12:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204995
IP address blocks:        45.13.220.0/22 maxlen: 24
                          45.13.220.0/24 maxlen: 24
                          185.184.8.0/24 maxlen: 24
                          185.184.9.0/24 maxlen: 24
                          185.184.11.0/24 maxlen: 24
                          2a0b:2180:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/iw2B8-Dy0Y87WQ3MU21elM_gcBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/iw2B8-Dy0Y87WQ3MU21elM_gcBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iw2B8-Dy0Y87WQ3MU21elM_gcBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:78:a5:f8:f1:5d:17:01:d9:b2:36:6e:a8:86:7b:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b0d81f3e0f2d18f3b590dcc536d5e94cfe07012
        Validity
            Not Before: Mar 18 12:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa3a12897dc7b5cec37fd452038d56928d5a0ed6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d9:8e:4a:01:13:99:98:04:ae:ea:d4:be:e1:
                    9f:ad:c4:60:d3:08:cf:3f:c3:f9:73:e7:c3:a4:67:
                    00:76:b2:e4:fb:54:d7:4d:ba:aa:df:ec:f7:1b:52:
                    c7:c7:65:6c:06:10:04:c7:9b:e7:72:5e:aa:8a:b2:
                    48:43:3c:b6:55:55:62:8c:b3:bc:e0:4b:38:66:22:
                    73:44:ad:19:fe:fc:9e:00:b8:76:44:f2:dd:84:aa:
                    02:c9:fe:69:b9:1b:f4:7a:85:cb:bb:c1:42:db:2a:
                    22:84:41:fe:71:63:ff:fa:d9:6b:3d:0c:99:f0:70:
                    81:0a:43:fd:ed:9d:fc:dd:db:68:4d:fc:92:12:ad:
                    34:87:6b:5a:b8:1c:90:de:6b:2c:97:30:94:69:85:
                    59:a5:96:da:50:21:51:59:12:e2:90:c3:e0:fc:e0:
                    98:ff:aa:d2:ab:d1:ca:4a:ca:d2:2f:22:12:fb:7d:
                    7c:67:0d:6e:b7:ff:1f:9f:5f:92:95:64:5b:bf:2b:
                    4f:10:b4:c3:1a:79:50:e9:b2:61:07:a2:07:75:65:
                    fc:4c:82:ed:8b:a2:be:6e:c7:6e:3b:17:b7:34:20:
                    03:64:8c:79:cb:39:ee:cc:40:eb:6a:4d:65:14:b2:
                    24:3a:b4:92:31:a9:1b:84:a7:7a:0e:c4:1f:66:7e:
                    cf:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:3A:12:89:7D:C7:B5:CE:C3:7F:D4:52:03:8D:56:92:8D:5A:0E:D6
            X509v3 Authority Key Identifier:
                keyid:8B:0D:81:F3:E0:F2:D1:8F:3B:59:0D:CC:53:6D:5E:94:CF:E0:70:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iw2B8-Dy0Y87WQ3MU21elM_gcBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/1-joSiX3Htc7Df9RSA41Wko1aDtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/iw2B8-Dy0Y87WQ3MU21elM_gcBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.220.0/22
                  185.184.8.0/23
                  185.184.11.0/24
                IPv6:
                  2a0b:2180:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:3d:b6:02:89:93:49:ba:09:24:c7:40:97:65:cf:b2:91:82:
         f4:2a:4a:c9:0c:81:48:b2:2b:e4:9f:3a:da:45:55:e9:68:da:
         99:03:f2:d8:72:b1:77:e6:0c:f9:03:6e:15:16:3e:0b:e7:93:
         46:0c:28:08:55:b4:3f:99:e4:af:cc:51:75:d8:55:92:6c:23:
         fb:5f:15:39:e3:26:bf:60:35:be:79:6f:56:00:d9:b0:92:ce:
         f5:3f:88:8c:ed:fc:65:35:69:5a:9d:74:bd:55:85:33:e7:2d:
         7f:07:19:ed:91:78:52:8f:03:74:88:94:e3:a0:ed:21:fc:8a:
         f4:08:a1:56:99:12:44:0b:22:00:2b:d8:8c:97:e9:74:ed:45:
         2f:e2:c8:5c:17:7b:36:42:f3:d0:64:d7:43:87:4d:a6:e3:fa:
         20:24:51:e9:82:64:2b:96:d9:0e:62:3c:53:8c:f2:37:f7:75:
         f7:cf:53:c1:7a:53:9d:e9:1b:f1:52:af:f1:b8:8f:2a:ac:53:
         54:36:53:84:55:d0:f4:56:b8:ad:44:bb:16:47:98:a1:3c:dc:
         fb:0a:20:61:9b:d6:b8:53:9a:d2:22:4a:c6:9a:e6:f5:57:b3:
         3c:f1:df:b2:b3:0d:3f:be:16:45:09:c9:ff:74:d5:e1:df:ff:
         4c:aa:0a:89
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY5ReKX48V0XAdmyNm6ohnuSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMGQ4MWYzZTBmMmQxOGYzYjU5MGRjYzUzNmQ1ZTk0Y2Zl
MDcwMTIwHhcNMjQwMzE4MTIxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTNhMTI4OTdkYzdiNWNlYzM3ZmQ0NTIwMzhkNTY5MjhkNWEwZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9mOSgETmZgErurUvuGfrcRg0wjP
P8P5c+fDpGcAdrLk+1TXTbqq3+z3G1LHx2VsBhAEx5vncl6qirJIQzy2VVVijLO8
4Es4ZiJzRK0Z/vyeALh2RPLdhKoCyf5puRv0eoXLu8FC2yoihEH+cWP/+tlrPQyZ
8HCBCkP97Z383dtoTfySEq00h2tauByQ3msslzCUaYVZpZbaUCFRWRLikMPg/OCY
/6rSq9HKSsrSLyIS+318Zw1ut/8fn1+SlWRbvytPELTDGnlQ6bJhB6IHdWX8TILt
i6K+bsduOxe3NCADZIx5yznuzEDrak1lFLIkOrSSMakbhKd6DsQfZn7PowIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPo6Eol9x7XOw3/UUgONVpKNWg7WMB8GA1UdIwQY
MBaAFIsNgfPg8tGPO1kNzFNtXpTP4HASMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXcyQjgtRHkwWTg3V1EzTVUyMWVsTV9nY0JJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8wNTE3ZjktOWExZS00NjAwLWIwNDMt
ZjY1NDFmNzc4NTg1LzEvMS1qb1NpWDNIdGM3RGY5UlNBNDFXa28xYUR0WS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjQvMDUxN2Y5LTlhMWUtNDYwMC1iMDQzLWY2NTQxZjc3ODU4
NS8xL2l3MkI4LUR5MFk4N1dRM01VMjFlbE1fZ2NCSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA8BggrBgEFBQcBBwEB/wQtMCswGAQCAAEwEgMEAi0N3AME
Abm4CAMEALm4CzAPBAIAAjAJAwcAKgshgAABMA0GCSqGSIb3DQEBCwUAA4IBAQB1
PbYCiZNJugkkx0CXZc+ykYL0KkrJDIFIsivknzraRVXpaNqZA/LYcrF35gz5A24V
Fj4L55NGDCgIVbQ/meSvzFF12FWSbCP7XxU54ya/YDW+eW9WANmwks71P4iM7fxl
NWlanXS9VYUz5y1/BxntkXhSjwN0iJTjoO0h/Ir0CKFWmRJECyIAK9iMl+l07UUv
4shcF3s2QvPQZNdDh02m4/ogJFHpgmQrltkOYjxTjPI393X3z1PBelOd6RvxUq/x
uI8qrFNUNlOEVdD0VritRLsWR5ihPNz7CiBhm9a4U5rSIkrGmub1V7M88d+ysw0/
vhZFCcn/dNXh3/9MqgqJ
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:01:05 2024 by rpki-client on console-fra.rpki-client.org