Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/eb7a65-f9e6-4784-8ff7-4b4f0f6f7522/1/1-UnNwIT3v8D1EAaEM8yvu01Q9h0.roa
File:                     1-UnNwIT3v8D1EAaEM8yvu01Q9h0.roa (raw, json)
Hash identifier:          N9fzNrogbOrRV0b4rW+HPbAJFig1Jq+hBgd+lHjdqyk=
Subject key identifier:   F9:49:CD:C0:84:F7:BF:C0:F5:10:06:84:33:CC:AF:BB:4D:50:F6:1D
Certificate issuer:       /CN=afdac241f3010b1ae484bc31f584ad0f9d206734
Certificate serial:       018CC425578F226C3EDE47796D251079629D
Authority key identifier: AF:DA:C2:41:F3:01:0B:1A:E4:84:BC:31:F5:84:AD:0F:9D:20:67:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r9rCQfMBCxrkhLwx9YStD50gZzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/eb7a65-f9e6-4784-8ff7-4b4f0f6f7522/1/1-UnNwIT3v8D1EAaEM8yvu01Q9h0.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44407
IP address blocks:        45.138.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/eb7a65-f9e6-4784-8ff7-4b4f0f6f7522/1/r9rCQfMBCxrkhLwx9YStD50gZzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/eb7a65-f9e6-4784-8ff7-4b4f0f6f7522/1/r9rCQfMBCxrkhLwx9YStD50gZzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r9rCQfMBCxrkhLwx9YStD50gZzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:57:8f:22:6c:3e:de:47:79:6d:25:10:79:62:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afdac241f3010b1ae484bc31f584ad0f9d206734
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f949cdc084f7bfc0f510068433ccafbb4d50f61d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2a:f1:ee:ca:61:64:bd:72:92:8f:6b:17:2b:
                    6c:a6:e7:1e:ec:c0:f4:6d:e2:cc:08:40:64:f9:b9:
                    77:18:ca:a9:58:63:5a:c4:bb:13:49:e0:07:cd:52:
                    c8:85:39:f1:dc:a0:92:49:f8:6e:7b:5c:39:c9:49:
                    97:a7:33:1c:12:cd:d8:36:88:d4:cc:d2:d7:a0:0b:
                    a8:5b:2d:bf:a6:a7:68:b9:37:c2:d6:46:78:fe:2f:
                    17:af:9e:3f:41:65:30:ec:a2:50:78:53:bf:07:5d:
                    7e:92:15:fb:3c:f2:24:8d:57:02:d2:ec:67:6c:28:
                    67:f8:7c:f8:73:cd:6a:ec:8a:73:e5:57:69:67:e5:
                    7c:34:22:fc:6f:07:56:5f:f2:50:48:5f:32:3d:bf:
                    4b:e7:ea:f0:8e:59:bf:40:4c:3e:81:90:f2:cb:c8:
                    4e:f9:45:fb:f6:13:4d:51:67:8d:6a:ef:45:54:64:
                    c3:8a:96:73:e2:ce:5e:5f:e7:31:11:56:f4:9f:62:
                    db:e0:10:6f:20:dd:57:69:a8:b1:a6:ad:1e:88:46:
                    46:e7:3c:5d:5e:e9:18:a8:14:c6:4d:fc:6b:83:83:
                    dc:36:80:f8:1a:1d:e0:82:5b:6f:ad:f9:a4:50:13:
                    75:a5:71:99:e1:10:38:49:31:66:53:74:82:04:19:
                    bb:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:49:CD:C0:84:F7:BF:C0:F5:10:06:84:33:CC:AF:BB:4D:50:F6:1D
            X509v3 Authority Key Identifier:
                keyid:AF:DA:C2:41:F3:01:0B:1A:E4:84:BC:31:F5:84:AD:0F:9D:20:67:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r9rCQfMBCxrkhLwx9YStD50gZzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/eb7a65-f9e6-4784-8ff7-4b4f0f6f7522/1/1-UnNwIT3v8D1EAaEM8yvu01Q9h0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/eb7a65-f9e6-4784-8ff7-4b4f0f6f7522/1/r9rCQfMBCxrkhLwx9YStD50gZzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:0f:a2:4e:7b:a7:98:3b:e1:cc:1f:e7:cc:b9:9d:2e:f0:be:
         49:23:3a:6d:32:6a:0d:b9:de:e6:77:6d:39:5a:d3:57:f5:6f:
         8f:90:0a:05:52:c1:ff:d2:ae:cc:35:2b:b2:d0:d8:f2:8d:7c:
         6b:74:a3:f8:4c:37:b5:d4:fb:ca:fa:98:85:d7:12:3c:5a:4a:
         a6:7f:ce:fc:c2:02:b4:32:43:4b:b6:5d:ce:fd:1d:8a:a8:dd:
         95:aa:6e:0f:0c:74:bc:98:4c:63:b1:d7:35:04:6f:0f:dc:a6:
         16:bb:88:ac:32:32:74:aa:65:ef:6b:a1:3c:39:8a:09:e7:2b:
         7f:5f:57:aa:07:fc:a1:c8:40:52:81:c4:18:91:fc:c3:4c:0d:
         53:f7:79:87:67:73:49:ca:df:da:06:d5:d3:db:8a:03:97:48:
         c3:7d:5d:aa:eb:f1:30:25:cd:72:98:2b:52:52:19:a2:8f:5a:
         66:1e:e6:04:e2:4c:9a:85:ae:86:0c:96:61:c8:e1:bb:5a:19:
         07:16:43:5f:c7:71:6e:8d:45:95:52:66:29:cd:8a:f7:fc:e0:
         ad:3f:be:a9:3f:1c:3a:db:62:e9:66:1c:db:1b:b3:7b:fa:87:
         2f:b2:cf:55:c4:95:43:24:d6:20:98:fc:87:d1:db:8f:a8:18:
         a4:2b:46:48
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJVePImw+3kd5bSUQeWKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZGFjMjQxZjMwMTBiMWFlNDg0YmMzMWY1ODRhZDBmOWQy
MDY3MzQwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTQ5Y2RjMDg0ZjdiZmMwZjUxMDA2ODQzM2NjYWZiYjRkNTBmNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhirx7sphZL1yko9rFytspuce7MD0
beLMCEBk+bl3GMqpWGNaxLsTSeAHzVLIhTnx3KCSSfhue1w5yUmXpzMcEs3YNojU
zNLXoAuoWy2/pqdouTfC1kZ4/i8Xr54/QWUw7KJQeFO/B11+khX7PPIkjVcC0uxn
bChn+Hz4c81q7Ipz5VdpZ+V8NCL8bwdWX/JQSF8yPb9L5+rwjlm/QEw+gZDyy8hO
+UX79hNNUWeNau9FVGTDipZz4s5eX+cxEVb0n2Lb4BBvIN1Xaaixpq0eiEZG5zxd
XukYqBTGTfxrg4PcNoD4Gh3ggltvrfmkUBN1pXGZ4RA4STFmU3SCBBm7uwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlJzcCE97/A9RAGhDPMr7tNUPYdMB8GA1UdIwQY
MBaAFK/awkHzAQsa5IS8MfWErQ+dIGc0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjlyQ1FmTUJDeHJraEx3eDlZU3RENTBnWnpRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9lYjdhNjUtZjllNi00Nzg0LThmZjct
NGI0ZjBmNmY3NTIyLzEvMS1Vbk53SVQzdjhEMUVBYUVNOHl2dTAxUTloMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODEvZWI3YTY1LWY5ZTYtNDc4NC04ZmY3LTRiNGYwZjZmNzUy
Mi8xL3I5ckNRZk1CQ3hya2hMd3g5WVN0RDUwZ1p6US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2KcDAN
BgkqhkiG9w0BAQsFAAOCAQEAlw+iTnunmDvhzB/nzLmdLvC+SSM6bTJqDbne5ndt
OVrTV/Vvj5AKBVLB/9KuzDUrstDY8o18a3Sj+Ew3tdT7yvqYhdcSPFpKpn/O/MIC
tDJDS7Zdzv0diqjdlapuDwx0vJhMY7HXNQRvD9ymFruIrDIydKpl72uhPDmKCecr
f19Xqgf8ochAUoHEGJH8w0wNU/d5h2dzScrf2gbV09uKA5dIw31dquvxMCXNcpgr
UlIZoo9aZh7mBOJMmoWuhgyWYcjhu1oZBxZDX8dxbo1FlVJmKc2K9/zgrT++qT8c
Otti6WYc2xuze/qHL7LPVcSVQyTWIJj8h9Hbj6gYpCtGSA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:12:17 2024 by rpki-client on console-ams.rpki-client.org