Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/767119-28aa-4339-b741-4eeed8a4308b/1/GfPZ79CqI6uL0Vu8keenviPkWGs.roa
File:                     GfPZ79CqI6uL0Vu8keenviPkWGs.roa (raw, json)
Hash identifier:          pqPx4BmkozRUAjFSLwg6Nx3lNxhdB+12GQsb7BfStTM=
Subject key identifier:   19:F3:D9:EF:D0:AA:23:AB:8B:D1:5B:BC:91:E7:A7:BE:23:E4:58:6B
Certificate issuer:       /CN=4e5aa38eea324e2bd7ab6427e7596a9fa41db0e3
Certificate serial:       018CC6B91DB180780B931DF92C4EB99F3264
Authority key identifier: 4E:5A:A3:8E:EA:32:4E:2B:D7:AB:64:27:E7:59:6A:9F:A4:1D:B0:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TlqjjuoyTivXq2Qn51lqn6QdsOM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/767119-28aa-4339-b741-4eeed8a4308b/1/GfPZ79CqI6uL0Vu8keenviPkWGs.roa
Signing time:             Mon 01 Jan 2024 20:31:09 +0000
ROA not before:           Mon 01 Jan 2024 20:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60798
IP address blocks:        45.138.201.0/24 maxlen: 24
                          45.138.200.0/22 maxlen: 22
                          45.138.200.0/24 maxlen: 24
                          45.14.184.0/22 maxlen: 24
                          185.229.236.0/22 maxlen: 24
                          185.25.204.0/22 maxlen: 24
                          2a00:82e0::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/767119-28aa-4339-b741-4eeed8a4308b/1/TlqjjuoyTivXq2Qn51lqn6QdsOM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/767119-28aa-4339-b741-4eeed8a4308b/1/TlqjjuoyTivXq2Qn51lqn6QdsOM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TlqjjuoyTivXq2Qn51lqn6QdsOM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:1d:b1:80:78:0b:93:1d:f9:2c:4e:b9:9f:32:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5aa38eea324e2bd7ab6427e7596a9fa41db0e3
        Validity
            Not Before: Jan  1 20:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19f3d9efd0aa23ab8bd15bbc91e7a7be23e4586b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:79:da:74:01:57:36:39:b2:2c:52:42:24:4c:
                    34:d1:12:61:71:de:62:18:b8:95:18:a7:dd:c2:cc:
                    dd:d0:2e:6b:8c:ff:49:64:96:de:20:07:6f:31:a9:
                    22:ca:bd:68:80:5e:52:87:b4:56:0a:cf:b2:f3:48:
                    55:a1:9d:04:4a:3c:42:a1:86:e7:0b:71:70:75:6b:
                    31:47:2f:42:f3:c7:a4:41:97:2c:5a:38:45:c9:86:
                    2f:b3:1e:3a:ca:ca:2a:a9:b8:53:58:95:a3:b3:43:
                    d5:cb:33:61:d9:a0:aa:d6:35:ab:70:96:15:4a:d1:
                    42:d4:51:67:f6:af:aa:8c:d8:b6:d7:b6:90:12:2f:
                    24:46:80:6a:cf:9e:6f:d0:17:17:7a:73:1b:fe:7e:
                    16:22:78:c7:a7:68:82:72:b1:0d:1b:e3:07:8c:af:
                    c3:e6:05:31:67:10:75:f3:c2:4c:4d:b6:f6:d0:7d:
                    da:e8:ee:3b:bb:d4:35:d9:2d:bc:ed:58:6d:5a:45:
                    73:00:20:ae:df:ba:94:67:df:3b:7e:57:6d:b4:80:
                    27:f6:c0:f6:db:e9:f6:5c:ca:39:c3:e5:d7:f2:95:
                    b6:ca:7d:b5:74:b0:74:5b:09:b6:e7:42:27:03:b4:
                    23:dd:c3:84:f8:80:64:60:70:3b:46:44:70:70:36:
                    51:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F3:D9:EF:D0:AA:23:AB:8B:D1:5B:BC:91:E7:A7:BE:23:E4:58:6B
            X509v3 Authority Key Identifier:
                keyid:4E:5A:A3:8E:EA:32:4E:2B:D7:AB:64:27:E7:59:6A:9F:A4:1D:B0:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlqjjuoyTivXq2Qn51lqn6QdsOM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/767119-28aa-4339-b741-4eeed8a4308b/1/GfPZ79CqI6uL0Vu8keenviPkWGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/767119-28aa-4339-b741-4eeed8a4308b/1/TlqjjuoyTivXq2Qn51lqn6QdsOM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.184.0/22
                  45.138.200.0/22
                  185.25.204.0/22
                  185.229.236.0/22
                IPv6:
                  2a00:82e0::/40

    Signature Algorithm: sha256WithRSAEncryption
         70:c7:f4:a3:8d:c5:8b:87:3a:1d:3d:92:ed:c9:d1:9f:d0:89:
         6f:18:23:8d:2a:d8:26:b3:9c:e8:31:6f:dc:40:a2:e4:99:be:
         c3:70:9f:7c:1b:2d:98:f6:3c:1b:e2:c9:fa:b3:8e:7d:a2:62:
         95:e4:9a:57:79:b1:46:4e:36:ba:96:27:b5:ea:8e:6b:df:1e:
         49:a4:2e:d5:20:a9:87:ce:8a:59:21:9c:a9:86:5a:1d:e3:2a:
         e2:d3:b1:78:83:56:99:eb:4d:7f:58:fa:09:1b:cf:96:ca:4d:
         fd:ac:5b:f4:82:ce:95:2a:8f:f4:45:96:b9:8b:55:b4:d3:33:
         f5:cc:49:09:18:b2:8f:6a:86:9b:10:ae:86:61:30:f8:eb:05:
         30:90:90:14:49:46:a5:46:35:1e:e9:fd:d1:39:b7:e6:e4:5d:
         6e:c4:33:a8:18:30:5e:ed:85:5d:d7:28:70:d0:50:ff:e2:82:
         83:47:92:19:56:23:3e:14:aa:7a:d2:92:2b:dd:13:cd:8f:79:
         fd:1b:6f:eb:31:13:ee:be:aa:41:83:ca:74:3b:4c:fa:39:9e:
         10:95:23:7c:97:77:77:5a:71:9d:2f:bc:39:85:bc:1b:28:ae:
         1f:1b:f5:5b:32:22:3e:a1:cf:d2:60:13:71:02:c9:c6:46:6f:
         66:75:db:53
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzGuR2xgHgLkx35LE65nzJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWFhMzhlZWEzMjRlMmJkN2FiNjQyN2U3NTk2YTlmYTQx
ZGIwZTMwHhcNMjQwMTAxMjAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWYzZDllZmQwYWEyM2FiOGJkMTViYmM5MWU3YTdiZTIzZTQ1ODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XnadAFXNjmyLFJCJEw00RJhcd5i
GLiVGKfdwszd0C5rjP9JZJbeIAdvMakiyr1ogF5Sh7RWCs+y80hVoZ0ESjxCoYbn
C3FwdWsxRy9C88ekQZcsWjhFyYYvsx46ysoqqbhTWJWjs0PVyzNh2aCq1jWrcJYV
StFC1FFn9q+qjNi217aQEi8kRoBqz55v0BcXenMb/n4WInjHp2iCcrENG+MHjK/D
5gUxZxB188JMTbb20H3a6O47u9Q12S287VhtWkVzACCu37qUZ987fldttIAn9sD2
2+n2XMo5w+XX8pW2yn21dLB0Wwm250InA7Qj3cOE+IBkYHA7RkRwcDZRAQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFBnz2e/QqiOri9FbvJHnp74j5FhrMB8GA1UdIwQY
MBaAFE5ao47qMk4r16tkJ+dZap+kHbDjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGxxamp1b3lUaXZYcTJRbjUxbHFuNlFkc09NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83NjcxMTktMjhhYS00MzM5LWI3NDEt
NGVlZWQ4YTQzMDhiLzEvR2ZQWjc5Q3FJNnVMMFZ1OGtlZW52aVBrV0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83NjcxMTktMjhhYS00MzM5LWI3NDEtNGVlZWQ4YTQzMDhi
LzEvVGxxamp1b3lUaXZYcTJRbjUxbHFuNlFkc09NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQCLQ64AwQC
LYrIAwQCuRnMAwQCueXsMA4EAgACMAgDBgAqAILgADANBgkqhkiG9w0BAQsFAAOC
AQEAcMf0o43Fi4c6HT2S7cnRn9CJbxgjjSrYJrOc6DFv3ECi5Jm+w3CffBstmPY8
G+LJ+rOOfaJileSaV3mxRk42upYnteqOa98eSaQu1SCph86KWSGcqYZaHeMq4tOx
eINWmetNf1j6CRvPlspN/axb9ILOlSqP9EWWuYtVtNMz9cxJCRiyj2qGmxCuhmEw
+OsFMJCQFElGpUY1Hun90Tm35uRdbsQzqBgwXu2FXdcocNBQ/+KCg0eSGVYjPhSq
etKSK90TzY95/Rtv6zET7r6qQYPKdDtM+jmeEJUjfJd3d1pxnS+8OYW8GyiuHxv1
WzIiPqHP0mATcQLJxkZvZnXbUw==
-----END CERTIFICATE-----
Generated at Tue Nov 26 10:02:27 2024 by rpki-client on console-ams.rpki-client.org