Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/z9Im3DvFiXpIAeZw9GV_Dliuhx0.roa
File:                     z9Im3DvFiXpIAeZw9GV_Dliuhx0.roa (raw, json)
Hash identifier:          SYc/IhIbASoFRi4niVgu+Uo3Cjz2Rm++iDk+G7qsKDo=
Subject key identifier:   CF:D2:26:DC:3B:C5:89:7A:48:01:E6:70:F4:65:7F:0E:58:AE:87:1D
Certificate issuer:       /CN=899241a00348315c02c0e2a9150b863087d1c857
Certificate serial:       0190357CE075C5BBE4000644EB72FE25B203
Authority key identifier: 89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/z9Im3DvFiXpIAeZw9GV_Dliuhx0.roa
Signing time:             Thu 20 Jun 2024 11:51:34 +0000
ROA not before:           Thu 20 Jun 2024 11:51:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59705
IP address blocks:        5.45.16.0/23 maxlen: 23
                          5.45.18.0/24 maxlen: 24
                          2a01:6c8:2000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:35:7c:e0:75:c5:bb:e4:00:06:44:eb:72:fe:25:b2:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=899241a00348315c02c0e2a9150b863087d1c857
        Validity
            Not Before: Jun 20 11:51:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfd226dc3bc5897a4801e670f4657f0e58ae871d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:85:32:95:9a:83:2b:51:bc:a3:37:6f:32:36:
                    13:ef:10:1a:9b:b9:70:f3:de:0e:ff:dc:54:fd:cf:
                    a3:a8:87:05:b4:dc:c9:9d:c2:2c:0b:27:6e:8b:3f:
                    e0:89:c8:31:dd:a2:32:7f:24:dc:8f:ef:ac:c8:b1:
                    83:a2:c4:42:a9:fa:ca:e4:a1:c4:87:44:35:53:41:
                    a1:8f:32:f9:da:5a:27:9f:2b:2f:df:a6:0f:ed:2f:
                    0d:94:b1:24:38:37:4a:35:87:51:0b:41:36:84:6c:
                    84:09:bb:52:1d:65:5c:88:32:7d:40:b8:29:68:56:
                    27:33:26:30:d6:59:28:35:86:f2:4f:2c:b2:cb:46:
                    68:b1:45:3e:cf:60:d7:3b:78:72:60:82:62:19:d1:
                    5d:91:fa:80:89:47:4d:32:ed:25:2b:3e:07:10:17:
                    7c:af:81:a9:b4:5b:ae:8e:2a:bf:8b:44:05:1f:82:
                    07:b2:10:f8:e2:55:a6:58:a5:57:c7:ea:4d:6a:95:
                    ea:a8:02:d4:bd:f7:41:6e:53:8a:b8:ed:4e:50:e1:
                    8d:e3:d9:62:7e:e3:4f:10:83:45:05:cf:d4:81:38:
                    e6:53:13:10:1c:60:e6:4f:e0:75:4d:07:93:0d:81:
                    33:c0:1d:59:79:92:dc:20:43:e7:8e:0f:eb:1a:e8:
                    e0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:D2:26:DC:3B:C5:89:7A:48:01:E6:70:F4:65:7F:0E:58:AE:87:1D
            X509v3 Authority Key Identifier:
                keyid:89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/z9Im3DvFiXpIAeZw9GV_Dliuhx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.16.0-5.45.18.255
                IPv6:
                  2a01:6c8:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         43:e6:f0:ac:6d:d7:25:49:05:20:48:5b:c3:12:88:67:0b:72:
         4a:8d:6e:17:e6:fd:c8:13:9b:16:f3:e0:53:c9:bf:cb:be:81:
         35:9d:98:4d:4c:d5:90:63:d8:23:0d:42:98:45:66:3f:fe:92:
         ce:9f:0f:60:92:c4:b4:6f:1f:74:e1:67:22:47:91:97:5b:e6:
         38:17:fb:15:65:22:69:f3:99:77:11:0c:b0:aa:fb:d2:4a:02:
         ff:ca:7f:39:a4:c7:6c:8a:bf:66:cd:00:16:a6:3b:7b:87:e2:
         af:b2:a4:62:cb:cc:79:25:c9:9f:6b:7d:5e:f5:69:85:92:f3:
         33:2e:3d:ad:a9:05:3b:df:1c:a8:e9:46:a2:76:21:11:d1:84:
         61:b4:2a:67:9c:9c:5a:85:22:05:eb:b4:1a:d2:c8:f1:92:00:
         b3:41:ef:f4:e5:b8:7f:d4:70:9e:c3:d8:90:fe:fa:ba:94:08:
         ee:ad:9c:b5:71:37:cd:7f:a9:c2:12:50:4d:6a:ba:ee:bb:78:
         aa:87:04:67:48:46:a7:de:cd:78:98:a9:18:54:9c:92:cd:6b:
         f7:d8:58:43:59:6f:9b:5e:b8:64:6b:54:53:40:e0:49:40:d5:
         26:19:05:8a:a5:5a:03:7c:af:f6:97:64:ba:cd:c5:ca:50:4e:
         9f:71:ad:1d
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZA1fOB1xbvkAAZE63L+JbIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5OTI0MWEwMDM0ODMxNWMwMmMwZTJhOTE1MGI4NjMwODdk
MWM4NTcwHhcNMjQwNjIwMTE1MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQyMjZkYzNiYzU4OTdhNDgwMWU2NzBmNDY1N2YwZTU4YWU4NzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7YUylZqDK1G8ozdvMjYT7xAam7lw
894O/9xU/c+jqIcFtNzJncIsCyduiz/gicgx3aIyfyTcj++syLGDosRCqfrK5KHE
h0Q1U0GhjzL52lonnysv36YP7S8NlLEkODdKNYdRC0E2hGyECbtSHWVciDJ9QLgp
aFYnMyYw1lkoNYbyTyyyy0ZosUU+z2DXO3hyYIJiGdFdkfqAiUdNMu0lKz4HEBd8
r4GptFuujiq/i0QFH4IHshD44lWmWKVXx+pNapXqqALUvfdBblOKuO1OUOGN49li
fuNPEINFBc/UgTjmUxMQHGDmT+B1TQeTDYEzwB1ZeZLcIEPnjg/rGujgSwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFM/SJtw7xYl6SAHmcPRlfw5YrocdMB8GA1UdIwQY
MBaAFImSQaADSDFcAsDiqRULhjCH0chXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzIt
OTllNzgwYmYzYjk4LzEvejlJbTNEdkZpWHBJQWVadzlHVl9EbGl1aHgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzItOTllNzgwYmYzYjk4
LzEvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBAQFLRAD
BAAFLRIwDgQCAAIwCAMGBCoBBsggMA0GCSqGSIb3DQEBCwUAA4IBAQBD5vCsbdcl
SQUgSFvDEohnC3JKjW4X5v3IE5sW8+BTyb/LvoE1nZhNTNWQY9gjDUKYRWY//pLO
nw9gksS0bx904WciR5GXW+Y4F/sVZSJp85l3EQywqvvSSgL/yn85pMdsir9mzQAW
pjt7h+KvsqRiy8x5Jcmfa31e9WmFkvMzLj2tqQU73xyo6UaidiER0YRhtCpnnJxa
hSIF67Qa0sjxkgCzQe/05bh/1HCew9iQ/vq6lAjurZy1cTfNf6nCElBNarruu3iq
hwRnSEan3s14mKkYVJySzWv32FhDWW+bXrhka1RTQOBJQNUmGQWKpVoDfK/2l2S6
zcXKUE6fca0d
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:29:45 2024 by rpki-client on console-fra.rpki-client.org