Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/15afe5-42b3-4ce6-9d9d-87c3368cb3fa/1/2kGGUyup1BQauD1cNvNMeXHGDQ8.roa
File:                     2kGGUyup1BQauD1cNvNMeXHGDQ8.roa (raw, json)
Hash identifier:          EkLnpf6TXt7V28SLKvEJDz/oi9kZ70p3mkXOtdBCo9Y=
Subject key identifier:   DA:41:86:53:2B:A9:D4:14:1A:B8:3D:5C:36:F3:4C:79:71:C6:0D:0F
Certificate issuer:       /CN=b5745bb8ef0088cb519a4095d651719ef51ee354
Certificate serial:       018CC8DF37F0F54D2B6094FA7CB295D08179
Authority key identifier: B5:74:5B:B8:EF:00:88:CB:51:9A:40:95:D6:51:71:9E:F5:1E:E3:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tXRbuO8AiMtRmkCV1lFxnvUe41Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/15afe5-42b3-4ce6-9d9d-87c3368cb3fa/1/2kGGUyup1BQauD1cNvNMeXHGDQ8.roa
Signing time:             Tue 02 Jan 2024 06:32:01 +0000
ROA not before:           Tue 02 Jan 2024 06:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48437
IP address blocks:        45.14.28.0/22 maxlen: 22
                          195.22.140.0/23 maxlen: 23
                          185.175.244.0/22 maxlen: 22
                          91.200.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/15afe5-42b3-4ce6-9d9d-87c3368cb3fa/1/tXRbuO8AiMtRmkCV1lFxnvUe41Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/15afe5-42b3-4ce6-9d9d-87c3368cb3fa/1/tXRbuO8AiMtRmkCV1lFxnvUe41Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tXRbuO8AiMtRmkCV1lFxnvUe41Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:37:f0:f5:4d:2b:60:94:fa:7c:b2:95:d0:81:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5745bb8ef0088cb519a4095d651719ef51ee354
        Validity
            Not Before: Jan  2 06:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da4186532ba9d4141ab83d5c36f34c7971c60d0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f4:4b:fd:d9:58:1a:f8:4b:fc:0b:c1:f3:94:
                    da:42:b3:71:b7:05:88:a3:00:6e:04:97:22:72:d6:
                    d3:f2:86:bf:ca:58:84:84:6f:24:d2:1d:2f:f0:9f:
                    6a:40:42:a5:86:02:36:67:d7:40:a3:7a:a0:5e:67:
                    0c:14:ef:5c:0e:f3:8b:f0:8e:b3:97:fe:c4:87:80:
                    97:00:a2:53:0f:fd:42:c6:c2:36:76:ce:74:19:f7:
                    45:bd:68:c4:5e:67:d4:8a:b6:be:2f:05:ed:e2:ec:
                    89:0b:1f:64:6a:97:ef:3b:85:ad:c6:b2:ba:39:6c:
                    aa:b8:09:34:7e:b5:fd:09:7c:30:46:02:0a:e9:f7:
                    b4:53:d0:a6:83:ae:32:0e:d8:db:0a:80:5a:63:61:
                    e8:b8:44:bf:6b:65:40:2f:e6:de:56:05:db:35:74:
                    4a:31:ca:dd:9e:86:8c:a5:c5:88:1f:30:db:90:bb:
                    ee:8a:cc:93:d0:2b:dc:23:22:c0:78:59:e7:f2:f8:
                    7e:a8:fe:d0:ff:cf:9e:24:bb:95:ed:61:5e:f3:f3:
                    45:27:9c:7c:19:bc:f7:72:60:6d:73:67:ec:dd:a4:
                    83:c3:8e:ee:ad:7a:d8:c0:c7:2a:a2:b7:69:a6:88:
                    af:0d:8a:64:e5:42:44:66:a9:ab:0e:b7:68:63:24:
                    e2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:41:86:53:2B:A9:D4:14:1A:B8:3D:5C:36:F3:4C:79:71:C6:0D:0F
            X509v3 Authority Key Identifier:
                keyid:B5:74:5B:B8:EF:00:88:CB:51:9A:40:95:D6:51:71:9E:F5:1E:E3:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tXRbuO8AiMtRmkCV1lFxnvUe41Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/15afe5-42b3-4ce6-9d9d-87c3368cb3fa/1/2kGGUyup1BQauD1cNvNMeXHGDQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/15afe5-42b3-4ce6-9d9d-87c3368cb3fa/1/tXRbuO8AiMtRmkCV1lFxnvUe41Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.28.0/22
                  91.200.8.0/22
                  185.175.244.0/22
                  195.22.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:cc:e6:75:87:93:fd:14:03:b2:3e:5a:ca:57:fd:18:8b:00:
         48:fe:97:5f:f1:bf:9b:52:9b:22:ea:8e:4e:82:98:ee:34:a2:
         1a:c5:80:9e:9b:55:5f:e8:02:8d:22:81:a0:e6:d9:e8:b6:91:
         1a:54:96:63:79:46:0d:d9:c7:ec:08:d1:64:d0:0b:2e:43:94:
         d1:93:a5:a6:3c:f5:33:62:25:4d:8a:47:b5:4a:72:ef:3a:b8:
         50:1a:53:16:08:d2:37:ae:b8:76:57:d7:ff:27:6f:9b:9b:e6:
         4c:eb:87:dd:db:e6:16:68:b5:4c:67:b6:43:0c:3f:d5:39:58:
         d4:39:c9:75:17:e5:da:f0:a7:62:1d:5b:0c:5d:86:58:64:22:
         79:bc:f8:ea:06:c4:fc:4e:f4:64:71:e5:2b:9f:a1:d2:55:e9:
         e2:82:9e:e5:ec:99:38:f5:7f:c7:1f:00:18:88:a3:e5:23:2a:
         28:4d:1d:75:f2:ed:b5:69:e8:d4:20:05:30:17:3b:a9:ff:f6:
         a4:95:e7:84:bf:a6:4b:6e:f6:66:67:63:90:66:ae:6b:d4:f6:
         5c:14:32:a7:a5:4f:a3:e9:cb:fe:21:ff:b9:50:08:25:77:07:
         19:ee:8e:a7:c3:8b:fc:e7:a5:d2:a2:13:71:7e:3a:9e:24:c7:
         37:95:65:e9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzI3zfw9U0rYJT6fLKV0IF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NzQ1YmI4ZWYwMDg4Y2I1MTlhNDA5NWQ2NTE3MTllZjUx
ZWUzNTQwHhcNMjQwMTAyMDYzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTQxODY1MzJiYTlkNDE0MWFiODNkNWMzNmYzNGM3OTcxYzYwZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/RL/dlYGvhL/AvB85TaQrNxtwWI
owBuBJcictbT8oa/yliEhG8k0h0v8J9qQEKlhgI2Z9dAo3qgXmcMFO9cDvOL8I6z
l/7Eh4CXAKJTD/1CxsI2ds50GfdFvWjEXmfUira+LwXt4uyJCx9kapfvO4WtxrK6
OWyquAk0frX9CXwwRgIK6fe0U9Cmg64yDtjbCoBaY2HouES/a2VAL+beVgXbNXRK
McrdnoaMpcWIHzDbkLvuisyT0CvcIyLAeFnn8vh+qP7Q/8+eJLuV7WFe8/NFJ5x8
Gbz3cmBtc2fs3aSDw47urXrYwMcqordppoivDYpk5UJEZqmrDrdoYyTidwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNpBhlMrqdQUGrg9XDbzTHlxxg0PMB8GA1UdIwQY
MBaAFLV0W7jvAIjLUZpAldZRcZ71HuNUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFhSYnVPOEFpTXRSbWtDVjFsRnhudlVlNDFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8xNWFmZTUtNDJiMy00Y2U2LTlkOWQt
ODdjMzM2OGNiM2ZhLzEvMmtHR1V5dXAxQlFhdUQxY052Tk1lWEhHRFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8xNWFmZTUtNDJiMy00Y2U2LTlkOWQtODdjMzM2OGNiM2Zh
LzEvdFhSYnVPOEFpTXRSbWtDVjFsRnhudlVlNDFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLQ4cAwQC
W8gIAwQCua/0AwQBwxaMMA0GCSqGSIb3DQEBCwUAA4IBAQBOzOZ1h5P9FAOyPlrK
V/0YiwBI/pdf8b+bUpsi6o5OgpjuNKIaxYCem1Vf6AKNIoGg5tnotpEaVJZjeUYN
2cfsCNFk0AsuQ5TRk6WmPPUzYiVNike1SnLvOrhQGlMWCNI3rrh2V9f/J2+bm+ZM
64fd2+YWaLVMZ7ZDDD/VOVjUOcl1F+Xa8KdiHVsMXYZYZCJ5vPjqBsT8TvRkceUr
n6HSVenigp7l7Jk49X/HHwAYiKPlIyooTR118u21aejUIAUwFzup//akleeEv6ZL
bvZmZ2OQZq5r1PZcFDKnpU+j6cv+If+5UAgldwcZ7o6nw4v856XSohNxfjqeJMc3
lWXp
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:15:50 2024 by rpki-client on console-fra.rpki-client.org