Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/KD70Gp1D_lkzDLC-EM7MzoplRbc.roa
File:                     KD70Gp1D_lkzDLC-EM7MzoplRbc.roa (raw, json)
Hash identifier:          jQ+EI3Vf5fimNk6bLwzNjKtkAJUR0oxNu2zQ6HA7rwc=
Subject key identifier:   28:3E:F4:1A:9D:43:FE:59:33:0C:B0:BE:10:CE:CC:CE:8A:65:45:B7
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018FAB5D808786AC473C7A1FF0748C09C5AF
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/KD70Gp1D_lkzDLC-EM7MzoplRbc.roa
Signing time:             Fri 24 May 2024 16:09:42 +0000
ROA not before:           Fri 24 May 2024 16:09:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196695
IP address blocks:        45.147.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 21:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ab:5d:80:87:86:ac:47:3c:7a:1f:f0:74:8c:09:c5:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: May 24 16:09:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=283ef41a9d43fe59330cb0be10ceccce8a6545b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:cc:03:b9:61:b6:e2:50:3e:d9:f5:76:8d:a4:
                    38:03:d2:f1:2a:54:ec:74:e7:92:d5:f1:f8:b9:e1:
                    0a:0c:f2:b2:4a:9d:8b:ee:ed:19:a0:4e:09:c1:07:
                    ed:f6:42:f7:ed:21:f5:db:be:9c:36:8b:fd:21:9a:
                    7b:ad:98:c3:bf:c6:bb:d7:cc:a2:6c:e9:7a:6c:c2:
                    c9:2f:0c:41:4c:b6:f5:23:b5:4f:51:af:f7:72:1b:
                    b4:97:32:22:ea:3e:8c:1a:67:67:c1:ff:9b:b7:00:
                    e6:f0:28:63:e7:30:28:a6:91:89:a7:43:32:bd:5e:
                    8e:bd:1a:eb:20:a9:3b:2d:49:0e:7f:69:bb:e2:33:
                    b7:36:8f:79:eb:19:b3:89:6f:d3:ed:df:96:10:8d:
                    c0:3b:cf:7e:f8:93:89:26:32:32:b1:32:f9:8e:3e:
                    15:f5:5b:da:d2:1f:ca:db:51:d8:77:d1:95:52:e6:
                    35:75:18:42:17:ff:24:9d:22:21:77:58:cf:ce:3d:
                    8a:e9:53:01:66:7a:5d:47:81:81:7b:e9:2a:5d:70:
                    bd:9d:01:19:55:6a:3f:d6:f4:d9:72:4b:e9:2e:00:
                    8d:d6:30:2d:32:b8:c8:c1:04:f1:ac:1c:98:a7:1f:
                    b3:6c:14:99:76:9e:98:b7:7e:df:2f:f5:de:6a:2b:
                    6d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:3E:F4:1A:9D:43:FE:59:33:0C:B0:BE:10:CE:CC:CE:8A:65:45:B7
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/KD70Gp1D_lkzDLC-EM7MzoplRbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:f3:3a:a9:fc:57:88:62:3e:5b:23:e6:36:14:07:0e:61:7a:
         c5:a8:f0:f4:e9:84:0e:ea:54:94:3b:d4:aa:80:30:f0:f5:18:
         38:0e:e1:7c:97:46:fe:c0:3a:c6:2c:d4:c5:49:74:65:03:2e:
         f6:be:fe:1d:ac:74:8d:44:15:99:c5:9b:ba:5a:4b:4f:92:b0:
         97:62:80:34:3f:85:94:65:85:79:28:63:28:44:11:24:29:b0:
         6a:6d:55:26:66:1e:a0:54:29:02:93:67:7e:b4:7c:64:2f:8e:
         d1:ac:a3:28:53:71:8a:4c:01:d1:48:3e:ff:49:cb:64:b7:7e:
         9d:56:e2:69:20:f3:2a:c1:ad:16:6d:ca:80:4a:b5:ae:4f:66:
         0d:cd:70:a6:e3:83:43:f8:70:68:5d:b6:71:e0:64:f2:d4:ec:
         b1:c5:6b:d7:35:ca:ea:01:17:e6:8d:cc:dc:89:24:a9:0d:95:
         ec:09:c7:10:70:14:6c:26:1b:a0:08:a2:fd:f0:b9:c0:72:fd:
         20:ea:25:35:1e:22:62:34:98:ce:43:b0:4c:e2:96:96:f3:f4:
         05:72:bc:36:1a:ec:ed:44:20:31:7f:9e:19:26:e9:62:d5:a6:
         5a:f4:1f:1a:0a:15:f3:f6:a3:b3:0b:a5:15:8d:90:8d:0f:bc:
         19:a0:18:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+rXYCHhqxHPHof8HSMCcWvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwNTI0MTYwOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODNlZjQxYTlkNDNmZTU5MzMwY2IwYmUxMGNlY2NjZThhNjU0NWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7MwDuWG24lA+2fV2jaQ4A9LxKlTs
dOeS1fH4ueEKDPKySp2L7u0ZoE4JwQft9kL37SH1276cNov9IZp7rZjDv8a718yi
bOl6bMLJLwxBTLb1I7VPUa/3chu0lzIi6j6MGmdnwf+btwDm8Chj5zAoppGJp0My
vV6OvRrrIKk7LUkOf2m74jO3No956xmziW/T7d+WEI3AO89++JOJJjIysTL5jj4V
9Vva0h/K21HYd9GVUuY1dRhCF/8knSIhd1jPzj2K6VMBZnpdR4GBe+kqXXC9nQEZ
VWo/1vTZckvpLgCN1jAtMrjIwQTxrByYpx+zbBSZdp6Yt37fL/XeaittzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCg+9BqdQ/5ZMwywvhDOzM6KZUW3MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvS0Q3MEdwMURfbGt6RExDLUVNN016b3BsUmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZMDMA0G
CSqGSIb3DQEBCwUAA4IBAQBU8zqp/FeIYj5bI+Y2FAcOYXrFqPD06YQO6lSUO9Sq
gDDw9Rg4DuF8l0b+wDrGLNTFSXRlAy72vv4drHSNRBWZxZu6WktPkrCXYoA0P4WU
ZYV5KGMoRBEkKbBqbVUmZh6gVCkCk2d+tHxkL47RrKMoU3GKTAHRSD7/Sctkt36d
VuJpIPMqwa0WbcqASrWuT2YNzXCm44ND+HBoXbZx4GTy1OyxxWvXNcrqARfmjczc
iSSpDZXsCccQcBRsJhugCKL98LnAcv0g6iU1HiJiNJjOQ7BM4paW8/QFcrw2Guzt
RCAxf54ZJuli1aZa9B8aChXz9qOzC6UVjZCND7wZoBhk
-----END CERTIFICATE-----
Generated at Mon Jun 17 06:23:29 2024 by rpki-client on console-ams.rpki-client.org