Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/58a86c-b882-42ff-b743-c41b8aa2df95/1/syXTb2vdIOpOYs1zD93EPvHLWFk.roa
File:                     syXTb2vdIOpOYs1zD93EPvHLWFk.roa (raw, json)
Hash identifier:          4Lj8Ak0TwCiriJa6D7LmeSQFxb9CffyyqDRRhwZEdDQ=
Subject key identifier:   B3:25:D3:6F:6B:DD:20:EA:4E:62:CD:73:0F:DD:C4:3E:F1:CB:58:59
Certificate issuer:       /CN=7a18fcaac6c8409f24d3fa90df8e30218ee9c3ff
Certificate serial:       018CC94CE738DF645FF7CF6245987F72A1E5
Authority key identifier: 7A:18:FC:AA:C6:C8:40:9F:24:D3:FA:90:DF:8E:30:21:8E:E9:C3:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ehj8qsbIQJ8k0_qQ344wIY7pw_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/58a86c-b882-42ff-b743-c41b8aa2df95/1/syXTb2vdIOpOYs1zD93EPvHLWFk.roa
Signing time:             Tue 02 Jan 2024 08:31:49 +0000
ROA not before:           Tue 02 Jan 2024 08:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201299
IP address blocks:        45.155.136.0/22 maxlen: 24
                          45.155.136.0/24 maxlen: 24
                          45.155.139.0/24 maxlen: 24
                          45.155.137.0/24 maxlen: 24
                          45.155.138.0/24 maxlen: 24
                          2a0f:c500::/29 maxlen: 42

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/58a86c-b882-42ff-b743-c41b8aa2df95/1/ehj8qsbIQJ8k0_qQ344wIY7pw_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/58a86c-b882-42ff-b743-c41b8aa2df95/1/ehj8qsbIQJ8k0_qQ344wIY7pw_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ehj8qsbIQJ8k0_qQ344wIY7pw_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:e7:38:df:64:5f:f7:cf:62:45:98:7f:72:a1:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a18fcaac6c8409f24d3fa90df8e30218ee9c3ff
        Validity
            Not Before: Jan  2 08:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b325d36f6bdd20ea4e62cd730fddc43ef1cb5859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:85:6d:28:58:2e:b6:cb:ca:dc:57:a4:fd:e1:
                    97:83:98:e3:21:1d:ad:f4:52:f9:de:5c:d0:cd:e0:
                    69:46:34:5d:a8:ab:40:9f:04:2a:d1:14:aa:bc:91:
                    c7:76:6f:9c:30:f8:3d:86:0c:3d:66:09:91:06:57:
                    19:15:a6:6d:5e:fa:15:46:77:06:31:2b:9a:75:a8:
                    9d:b8:d9:8f:4f:ce:95:b6:c1:a7:1b:a7:f5:24:5b:
                    15:44:61:e1:d4:e1:d3:4d:78:05:7b:a5:1d:a7:44:
                    ca:d1:a1:db:7d:19:ed:ac:7b:02:43:00:80:8e:f6:
                    a1:32:15:12:8a:6b:80:5f:6d:b4:fc:02:16:35:d8:
                    c5:51:ae:58:52:a3:d4:59:1d:b4:e3:13:eb:f3:a3:
                    bc:6f:1c:15:b8:53:69:d3:cf:61:31:f7:d2:62:ff:
                    20:04:a2:b6:43:90:d7:00:be:3f:99:10:cf:e1:ad:
                    24:06:5e:69:ea:ee:42:80:90:36:8b:35:b9:0c:6f:
                    01:5b:bd:1d:2a:96:5b:da:91:62:2a:23:86:b0:d2:
                    9e:73:06:59:12:ab:1a:e4:78:16:69:e0:0a:77:62:
                    76:6e:27:89:47:d1:be:8a:bc:9c:c8:ab:61:10:4b:
                    16:f7:7c:e8:3c:5f:cf:84:5e:e3:d9:0e:40:d5:7a:
                    bf:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:25:D3:6F:6B:DD:20:EA:4E:62:CD:73:0F:DD:C4:3E:F1:CB:58:59
            X509v3 Authority Key Identifier:
                keyid:7A:18:FC:AA:C6:C8:40:9F:24:D3:FA:90:DF:8E:30:21:8E:E9:C3:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ehj8qsbIQJ8k0_qQ344wIY7pw_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/58a86c-b882-42ff-b743-c41b8aa2df95/1/syXTb2vdIOpOYs1zD93EPvHLWFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/58a86c-b882-42ff-b743-c41b8aa2df95/1/ehj8qsbIQJ8k0_qQ344wIY7pw_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.136.0/22
                IPv6:
                  2a0f:c500::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:c9:b3:7e:1d:d2:38:e9:86:16:04:73:2f:db:4e:52:5a:94:
         7c:72:72:4f:d4:f1:f8:74:71:e3:79:3a:15:10:18:58:77:e1:
         61:90:4a:ed:93:a4:f9:45:d2:9f:72:33:70:33:48:72:74:3d:
         c1:48:65:67:76:20:6d:a1:8e:5b:9d:54:24:6f:27:e4:44:b3:
         1c:0d:b7:0e:6e:d4:a7:28:c4:4d:09:bc:88:95:08:23:9a:2b:
         b2:f9:b7:ee:a4:71:27:b3:61:19:03:4e:38:4e:61:69:5e:6e:
         5e:8d:f7:f7:13:5c:3f:b2:4e:3a:f2:c7:81:14:73:64:c6:fd:
         d1:c8:5e:07:90:e0:02:05:43:27:09:dc:5b:95:42:6d:d0:1d:
         1c:ee:49:c8:b1:44:19:99:5a:67:af:ea:d9:87:7e:23:39:1f:
         5e:fc:81:75:c2:fb:8b:93:bb:3d:b3:84:0b:07:f1:86:a0:88:
         9d:9c:8b:ac:17:2e:f1:2a:c1:22:3a:4b:8e:1a:51:c5:11:cd:
         96:fc:aa:01:50:b1:86:51:8b:12:d8:1a:ee:62:a8:24:e8:ed:
         18:b4:fe:78:e1:56:00:50:47:40:62:53:7b:44:c4:5c:06:91:
         37:82:23:a5:c7:71:9a:cd:09:ac:58:f6:84:c6:cd:d7:ad:30:
         77:9a:26:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTOc432Rf989iRZh/cqHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMThmY2FhYzZjODQwOWYyNGQzZmE5MGRmOGUzMDIxOGVl
OWMzZmYwHhcNMjQwMTAyMDgzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzI1ZDM2ZjZiZGQyMGVhNGU2MmNkNzMwZmRkYzQzZWYxY2I1ODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4oVtKFgutsvK3Fek/eGXg5jjIR2t
9FL53lzQzeBpRjRdqKtAnwQq0RSqvJHHdm+cMPg9hgw9ZgmRBlcZFaZtXvoVRncG
MSuadaiduNmPT86VtsGnG6f1JFsVRGHh1OHTTXgFe6Udp0TK0aHbfRntrHsCQwCA
jvahMhUSimuAX220/AIWNdjFUa5YUqPUWR204xPr86O8bxwVuFNp089hMffSYv8g
BKK2Q5DXAL4/mRDP4a0kBl5p6u5CgJA2izW5DG8BW70dKpZb2pFiKiOGsNKecwZZ
Eqsa5HgWaeAKd2J2bieJR9G+irycyKthEEsW93zoPF/PhF7j2Q5A1Xq/2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLMl029r3SDqTmLNcw/dxD7xy1hZMB8GA1UdIwQY
MBaAFHoY/KrGyECfJNP6kN+OMCGO6cP/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWhqOHFzYklRSjhrMF9xUTM0NHdJWTdwd184LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC81OGE4NmMtYjg4Mi00MmZmLWI3NDMt
YzQxYjhhYTJkZjk1LzEvc3lYVGIydmRJT3BPWXMxekQ5M0VQdkhMV0ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC81OGE4NmMtYjg4Mi00MmZmLWI3NDMtYzQxYjhhYTJkZjk1
LzEvZWhqOHFzYklRSjhrMF9xUTM0NHdJWTdwd184LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZuIMA0E
AgACMAcDBQMqD8UAMA0GCSqGSIb3DQEBCwUAA4IBAQA7ybN+HdI46YYWBHMv205S
WpR8cnJP1PH4dHHjeToVEBhYd+FhkErtk6T5RdKfcjNwM0hydD3BSGVndiBtoY5b
nVQkbyfkRLMcDbcObtSnKMRNCbyIlQgjmiuy+bfupHEns2EZA044TmFpXm5ejff3
E1w/sk468seBFHNkxv3RyF4HkOACBUMnCdxblUJt0B0c7knIsUQZmVpnr+rZh34j
OR9e/IF1wvuLk7s9s4QLB/GGoIidnIusFy7xKsEiOkuOGlHFEc2W/KoBULGGUYsS
2BruYqgk6O0YtP544VYAUEdAYlN7RMRcBpE3giOlx3GazQmsWPaExs3XrTB3mib8
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:42:53 2024 by rpki-client on console-ams.rpki-client.org