Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/iaXJ_u2DVKwl831-maG2U9ABlPE.roa
File:                     iaXJ_u2DVKwl831-maG2U9ABlPE.roa (raw, json)
Hash identifier:          eTQCLLEaLGv6ktHB6hlnJL6AA7MuxU5yu7dVNLjsXXA=
Subject key identifier:   89:A5:C9:FE:ED:83:54:AC:25:F3:7D:7E:99:A1:B6:53:D0:01:94:F1
Certificate issuer:       /CN=c8d5e37178d8524c72660a1d796165999e586622
Certificate serial:       018CC3B67DD17C08E14F6D6618D7AF309971
Authority key identifier: C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/iaXJ_u2DVKwl831-maG2U9ABlPE.roa
Signing time:             Mon 01 Jan 2024 06:29:26 +0000
ROA not before:           Mon 01 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59456
IP address blocks:        195.244.18.0/24 maxlen: 24
                          91.239.15.0/24 maxlen: 24
                          45.152.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7d:d1:7c:08:e1:4f:6d:66:18:d7:af:30:99:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8d5e37178d8524c72660a1d796165999e586622
        Validity
            Not Before: Jan  1 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89a5c9feed8354ac25f37d7e99a1b653d00194f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e2:a3:8f:48:67:ec:e0:5c:ef:19:e1:24:84:
                    75:98:b4:64:cf:db:e9:f9:dd:80:10:49:0b:da:61:
                    b9:80:e4:96:fa:62:15:2c:d8:52:11:d0:d4:32:3e:
                    5d:37:70:a9:9c:c8:09:f0:fc:49:73:da:05:a5:fd:
                    58:66:1a:23:00:7f:ed:57:17:fb:74:43:d5:89:f0:
                    cc:6f:f3:1a:43:1b:d2:c9:88:69:7b:05:81:26:74:
                    10:2b:f3:62:1d:1e:d9:81:a9:b9:55:14:ff:38:a2:
                    c5:cd:2b:7a:9e:7d:34:9f:92:c2:08:e9:7c:a8:7c:
                    d9:59:6f:7d:df:21:f5:3a:5b:2c:da:8c:99:e1:75:
                    6d:a3:e7:00:03:8e:7b:5f:a5:dc:6b:84:a3:f0:3d:
                    81:c7:53:aa:e9:26:84:5c:65:04:02:4a:c2:f6:f9:
                    72:14:e1:af:52:3d:06:bd:79:48:65:ec:f3:dd:7c:
                    c7:bd:7c:08:2e:6a:38:b8:de:e1:06:36:62:6b:90:
                    5f:59:40:7a:bb:b4:43:09:36:90:92:25:6a:d0:62:
                    4e:64:07:e9:6b:5a:f9:ba:d9:c4:c0:94:03:d2:ad:
                    9a:d9:68:4e:64:67:b2:45:25:80:7f:5c:63:4d:61:
                    18:72:54:6c:60:61:16:78:ab:48:9d:34:e7:70:5e:
                    ef:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A5:C9:FE:ED:83:54:AC:25:F3:7D:7E:99:A1:B6:53:D0:01:94:F1
            X509v3 Authority Key Identifier:
                keyid:C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/iaXJ_u2DVKwl831-maG2U9ABlPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.40.0/22
                  91.239.15.0/24
                  195.244.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:5c:48:a0:79:21:3e:0a:91:87:58:a5:52:63:04:a3:cf:ab:
         39:2b:ae:59:ad:18:d6:d3:ee:ef:ff:ed:27:e6:bc:2f:15:88:
         5b:f5:a5:f9:0e:9a:95:fc:36:19:37:9e:97:75:1d:0d:7d:cd:
         2f:94:26:00:8b:19:fe:31:41:4f:aa:1a:07:3c:3a:93:78:b6:
         85:e9:b3:58:e5:9d:ed:b8:7b:51:bb:05:23:75:68:00:d6:2e:
         7d:9d:73:00:e5:0b:b9:40:9c:82:69:3a:9c:83:10:7e:ac:ad:
         46:f9:20:73:7f:f7:ef:8e:61:d6:35:45:c6:f8:01:88:2d:02:
         4b:7c:8f:d5:26:47:e5:84:0f:d1:c5:50:ca:13:8f:44:8c:07:
         01:ea:39:4e:10:c9:e9:0c:f0:68:8b:c2:d1:4f:e5:c3:ce:67:
         c1:fa:ee:48:53:34:98:d6:7d:e5:32:2c:4b:f9:11:55:96:bd:
         2d:a4:0a:d9:1f:7d:f8:09:8c:cb:75:4c:76:7a:ee:cf:8a:ec:
         81:0e:18:01:5e:12:34:83:12:9d:a4:71:0d:d9:70:85:54:c5:
         e8:8b:61:8c:31:45:13:18:bd:79:9a:6a:82:9e:ed:82:29:0d:
         14:38:ec:1c:90:44:5c:fc:f0:6e:3d:60:86:ac:9b:12:45:ac:
         5d:43:04:00
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtn3RfAjhT21mGNevMJlxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVlMzcxNzhkODUyNGM3MjY2MGExZDc5NjE2NTk5OWU1
ODY2MjIwHhcNMjQwMTAxMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWE1YzlmZWVkODM1NGFjMjVmMzdkN2U5OWExYjY1M2QwMDE5NGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOKjj0hn7OBc7xnhJIR1mLRkz9vp
+d2AEEkL2mG5gOSW+mIVLNhSEdDUMj5dN3CpnMgJ8PxJc9oFpf1YZhojAH/tVxf7
dEPVifDMb/MaQxvSyYhpewWBJnQQK/NiHR7Zgam5VRT/OKLFzSt6nn00n5LCCOl8
qHzZWW993yH1Olss2oyZ4XVto+cAA457X6Xca4Sj8D2Bx1Oq6SaEXGUEAkrC9vly
FOGvUj0GvXlIZezz3XzHvXwILmo4uN7hBjZia5BfWUB6u7RDCTaQkiVq0GJOZAfp
a1r5utnEwJQD0q2a2WhOZGeyRSWAf1xjTWEYclRsYGEWeKtInTTncF7vbwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFImlyf7tg1SsJfN9fpmhtlPQAZTxMB8GA1UdIwQY
MBaAFMjV43F42FJMcmYKHXlhZZmeWGYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODIt
OWUwYWVkMmZiOGVjLzEvaWFYSl91MkRWS3dsODMxLW1hRzJVOUFCbFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODItOWUwYWVkMmZiOGVj
LzEveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZgoAwQA
W+8PAwQAw/QSMA0GCSqGSIb3DQEBCwUAA4IBAQA7XEigeSE+CpGHWKVSYwSjz6s5
K65ZrRjW0+7v/+0n5rwvFYhb9aX5DpqV/DYZN56XdR0Nfc0vlCYAixn+MUFPqhoH
PDqTeLaF6bNY5Z3tuHtRuwUjdWgA1i59nXMA5Qu5QJyCaTqcgxB+rK1G+SBzf/fv
jmHWNUXG+AGILQJLfI/VJkflhA/RxVDKE49EjAcB6jlOEMnpDPBoi8LRT+XDzmfB
+u5IUzSY1n3lMixL+RFVlr0tpArZH334CYzLdUx2eu7PiuyBDhgBXhI0gxKdpHEN
2XCFVMXoi2GMMUUTGL15mmqCnu2CKQ0UOOwckERc/PBuPWCGrJsSRaxdQwQA
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:53:10 2024 by rpki-client on console-ams.rpki-client.org