Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/kxmQzWugqan0M500ckn8R8o9ldA.roa
File:                     kxmQzWugqan0M500ckn8R8o9ldA.roa (raw, json)
Hash identifier:          4q9+lxButaqdJHDypR9OvpuBgB34jHQYguH/hWDYa7M=
Subject key identifier:   93:19:90:CD:6B:A0:A9:A9:F4:33:9D:34:72:49:FC:47:CA:3D:95:D0
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018D25F1F9F5F102082332DE8F726F4FA974
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/kxmQzWugqan0M500ckn8R8o9ldA.roa
Signing time:             Sat 20 Jan 2024 08:17:11 +0000
ROA not before:           Sat 20 Jan 2024 08:17:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.136.184.0/22 maxlen: 24
                          62.106.75.0/24 maxlen: 24
                          62.133.34.0/24 maxlen: 24
                          77.75.225.0/24 maxlen: 24
                          185.255.54.0/24 maxlen: 24
                          2a0b:4080::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:25:f1:f9:f5:f1:02:08:23:32:de:8f:72:6f:4f:a9:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan 20 08:17:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=931990cd6ba0a9a9f4339d347249fc47ca3d95d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ff:ef:f2:a4:5c:91:4a:ec:b6:e2:09:2f:1c:
                    3d:21:b9:fd:1b:59:58:0f:37:90:0f:e5:93:6b:36:
                    8e:5d:08:3d:77:41:10:f6:b8:51:29:0d:b5:63:61:
                    5d:64:10:f6:7a:2e:11:6a:8a:b4:8b:db:b6:50:42:
                    04:dd:05:0d:c4:d5:c0:97:9b:9c:e9:d6:87:73:4b:
                    d4:c8:45:1b:9c:cb:b8:2a:01:de:8e:c5:b9:58:e0:
                    e3:5c:6b:fb:bc:2d:52:f1:48:23:b8:bb:b5:a6:81:
                    d9:8c:3c:c5:ae:72:52:a9:90:c2:67:f3:68:7a:9e:
                    3e:37:85:0e:6f:0c:8b:b4:9c:9a:53:6b:a7:03:c8:
                    9f:7e:ff:16:03:33:b7:26:0b:e6:48:52:44:86:a5:
                    c0:e3:ff:eb:52:8b:cb:16:d7:e9:20:14:97:70:b4:
                    3a:9a:3b:70:e2:24:16:d1:b9:81:b9:86:17:9e:0b:
                    d7:56:aa:11:68:07:05:de:3b:39:ba:ed:c1:ba:31:
                    47:b7:95:83:d8:e2:9c:36:c7:d1:b7:57:55:d3:3d:
                    1e:dd:59:ce:c6:4f:ad:20:a4:be:2d:13:d0:5e:68:
                    a4:4a:d2:97:7a:10:d2:a5:35:6c:f3:71:81:12:c7:
                    41:05:52:70:81:61:61:75:38:a9:fa:90:20:4d:21:
                    b1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:19:90:CD:6B:A0:A9:A9:F4:33:9D:34:72:49:FC:47:CA:3D:95:D0
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/kxmQzWugqan0M500ckn8R8o9ldA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.184.0/22
                  62.106.75.0/24
                  62.133.34.0/24
                  77.75.225.0/24
                  185.255.54.0/24
                IPv6:
                  2a0b:4080::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:42:3d:17:c4:e4:df:08:9b:d2:72:e1:29:c8:9b:15:6d:15:
         63:f4:c1:6a:f0:af:14:0a:67:ff:c9:4e:18:1d:9e:ac:04:0c:
         00:25:a8:3f:0d:10:03:ad:61:56:8a:53:79:26:ce:e8:e6:33:
         49:07:de:38:44:05:09:49:60:de:4b:b3:f1:4c:e4:d6:a1:b1:
         7e:51:83:a4:f0:05:09:82:c7:cd:cd:e8:ef:88:6a:94:be:d9:
         60:49:bb:e3:63:5d:12:b4:f9:8a:7c:0a:45:6c:29:ea:29:ee:
         24:5c:7e:a3:3d:cc:c3:bb:04:28:c5:50:0d:0f:83:a6:84:32:
         f1:52:bc:e0:69:ab:5a:21:b1:bf:46:71:f0:f8:bf:90:18:2a:
         78:8d:6e:58:da:69:3c:5b:c8:d8:0a:f8:92:c2:ac:ff:13:c4:
         32:69:9d:42:82:3c:0b:b1:3a:e7:d1:0f:22:99:98:f0:f9:3f:
         22:f5:6d:35:56:e8:5f:73:bc:b7:7a:00:a6:26:17:96:d0:a8:
         55:36:cd:81:8f:90:7d:d3:dc:f8:2e:5a:24:92:04:2a:97:db:
         74:61:45:fb:65:34:f2:2d:8a:32:12:da:e4:f1:28:59:23:0e:
         7e:a4:11:e8:36:50:a0:33:49:01:5f:65:9b:5b:77:9a:ac:19:
         ce:f3:7a:87
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAY0l8fn18QIIIzLej3JvT6l0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTIwMDgxNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzE5OTBjZDZiYTBhOWE5ZjQzMzlkMzQ3MjQ5ZmM0N2NhM2Q5NWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmv/v8qRckUrstuIJLxw9Ibn9G1lY
DzeQD+WTazaOXQg9d0EQ9rhRKQ21Y2FdZBD2ei4Raoq0i9u2UEIE3QUNxNXAl5uc
6daHc0vUyEUbnMu4KgHejsW5WODjXGv7vC1S8UgjuLu1poHZjDzFrnJSqZDCZ/No
ep4+N4UObwyLtJyaU2unA8iffv8WAzO3JgvmSFJEhqXA4//rUovLFtfpIBSXcLQ6
mjtw4iQW0bmBuYYXngvXVqoRaAcF3js5uu3BujFHt5WD2OKcNsfRt1dV0z0e3VnO
xk+tIKS+LRPQXmikStKXehDSpTVs83GBEsdBBVJwgWFhdTip+pAgTSGxzQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJMZkM1roKmp9DOdNHJJ/EfKPZXQMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEva3htUXpXdWdxYW4wTTUwMGNrbjhSOG85bGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCLYi4AwQA
PmpLAwQAPoUiAwQATUvhAwQAuf82MA0EAgACMAcDBQAqC0CAMA0GCSqGSIb3DQEB
CwUAA4IBAQBMQj0XxOTfCJvScuEpyJsVbRVj9MFq8K8UCmf/yU4YHZ6sBAwAJag/
DRADrWFWilN5Js7o5jNJB944RAUJSWDeS7PxTOTWobF+UYOk8AUJgsfNzejviGqU
vtlgSbvjY10StPmKfApFbCnqKe4kXH6jPczDuwQoxVAND4OmhDLxUrzgaataIbG/
RnHw+L+QGCp4jW5Y2mk8W8jYCviSwqz/E8QyaZ1CgjwLsTrn0Q8imZjw+T8i9W01
Vuhfc7y3egCmJheW0KhVNs2Bj5B909z4LlokkgQql9t0YUX7ZTTyLYoyEtrk8ShZ
Iw5+pBHoNlCgM0kBX2WbW3earBnO83qH
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:55:50 2024 by rpki-client on console-ams.rpki-client.org