Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/fD-bLV8NTjn75QM_apVXezbiyU4.roa
File:                     fD-bLV8NTjn75QM_apVXezbiyU4.roa (raw, json)
Hash identifier:          DXapwUK3M+bHTxNtkiXV/LsCjzBmVLQ1f5Hnw7MxQGM=
Subject key identifier:   7C:3F:9B:2D:5F:0D:4E:39:FB:E5:03:3F:6A:95:57:7B:36:E2:C9:4E
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FB4642D963B84C0209FC3155CFBEC
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/fD-bLV8NTjn75QM_apVXezbiyU4.roa
Signing time:             Tue 02 Jan 2024 04:30:13 +0000
ROA not before:           Tue 02 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        45.95.241.0/24 maxlen: 24
                          45.131.208.0/22 maxlen: 22
                          45.131.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b4:64:2d:96:3b:84:c0:20:9f:c3:15:5c:fb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c3f9b2d5f0d4e39fbe5033f6a95577b36e2c94e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:93:85:91:c0:05:3e:3e:84:5d:1b:80:36:1f:
                    74:0d:d5:24:06:a1:7f:2e:48:79:d8:dc:d1:ad:ea:
                    6b:a6:5a:4d:90:70:e3:52:97:53:41:0c:00:1c:db:
                    75:7c:7d:16:ff:b1:25:b1:85:a7:e9:12:91:59:50:
                    49:cc:a2:db:20:84:78:79:96:8d:3c:5f:64:92:26:
                    42:7f:96:5b:40:c0:29:3d:bf:41:77:05:ac:4b:92:
                    9b:3e:f4:29:15:38:48:7a:0d:95:f1:43:78:1f:60:
                    3a:6b:be:08:2d:3c:fa:cc:4b:16:fb:a8:d1:a6:ac:
                    a8:e3:9f:67:22:f1:66:74:36:9e:51:a3:b3:70:03:
                    a6:6c:a6:c3:c2:aa:bd:ee:a7:ac:06:73:1a:64:d7:
                    8c:0b:4a:99:9f:ea:9a:92:41:0a:61:7f:9a:06:08:
                    df:f8:70:3e:8e:3a:7c:85:05:9e:47:0f:6b:aa:3c:
                    69:da:e2:d2:96:a4:37:07:3f:3e:9f:cc:a9:a3:f0:
                    ae:79:23:c2:a4:97:fb:32:5c:be:a0:fc:7a:e0:bf:
                    2f:b6:a3:7f:c6:4b:ad:33:a2:f2:5d:4c:22:51:e8:
                    e3:88:c7:34:02:e6:3e:54:03:6b:9b:00:7f:59:54:
                    0b:2b:13:6b:b9:d4:d7:6b:66:6a:75:25:b6:d7:19:
                    75:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:3F:9B:2D:5F:0D:4E:39:FB:E5:03:3F:6A:95:57:7B:36:E2:C9:4E
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/fD-bLV8NTjn75QM_apVXezbiyU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.241.0/24
                  45.131.4.0/22
                  45.131.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:7b:33:4c:78:90:24:9b:90:18:32:d2:60:58:c7:8c:53:bf:
         a7:92:ec:09:8b:44:e6:d5:16:c8:aa:4f:89:6f:28:51:a6:11:
         fc:9c:ec:51:0b:b1:c2:38:f4:b8:10:30:30:b1:84:c9:b6:7f:
         f2:8c:24:ed:37:c2:e2:89:dc:12:9c:13:49:5f:8b:82:a2:e9:
         e0:34:19:72:9d:77:c7:2a:a6:9c:95:dc:98:80:4d:00:b8:f0:
         d1:04:c1:95:b7:25:f2:ba:bc:4c:62:41:bb:11:42:a1:bf:30:
         f4:c6:31:db:f7:09:72:5e:fd:e7:35:03:0b:67:a6:76:2c:85:
         48:62:67:f5:93:19:c3:7b:a9:c3:eb:0f:1e:f2:33:0d:a2:56:
         17:3a:ca:52:a9:ac:24:59:0d:ee:8e:c8:56:42:9d:06:0f:74:
         9d:c7:96:79:a8:fb:5f:bc:5a:32:b1:17:ac:23:f7:a4:e3:32:
         67:a5:f9:6c:1c:36:27:13:9f:ce:42:68:86:ed:93:28:cb:b0:
         66:25:f9:02:d6:2a:1d:9c:ff:f7:69:f8:e8:49:5b:5b:1c:f8:
         38:21:af:da:a7:dd:e1:3f:1f:67:4a:7c:08:15:92:5b:02:af:
         a5:e7:1e:fb:d6:16:9f:9f:4b:f5:13:c5:da:d3:8d:c9:45:5f:
         78:08:d9:fc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIb7RkLZY7hMAgn8MVXPvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzNmOWIyZDVmMGQ0ZTM5ZmJlNTAzM2Y2YTk1NTc3YjM2ZTJjOTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpOFkcAFPj6EXRuANh90DdUkBqF/
Lkh52NzRreprplpNkHDjUpdTQQwAHNt1fH0W/7ElsYWn6RKRWVBJzKLbIIR4eZaN
PF9kkiZCf5ZbQMApPb9BdwWsS5KbPvQpFThIeg2V8UN4H2A6a74ILTz6zEsW+6jR
pqyo459nIvFmdDaeUaOzcAOmbKbDwqq97qesBnMaZNeMC0qZn+qakkEKYX+aBgjf
+HA+jjp8hQWeRw9rqjxp2uLSlqQ3Bz8+n8ypo/CueSPCpJf7Mly+oPx64L8vtqN/
xkutM6LyXUwiUejjiMc0AuY+VANrmwB/WVQLKxNrudTXa2ZqdSW21xl10QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHw/my1fDU45++UDP2qVV3s24slOMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvZkQtYkxWOE5Uam43NVFNX2FwVlhlemJpeVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALV/xAwQC
LYMEAwQCLYPQMA0GCSqGSIb3DQEBCwUAA4IBAQBtezNMeJAkm5AYMtJgWMeMU7+n
kuwJi0Tm1RbIqk+JbyhRphH8nOxRC7HCOPS4EDAwsYTJtn/yjCTtN8LiidwSnBNJ
X4uCoungNBlynXfHKqacldyYgE0AuPDRBMGVtyXyurxMYkG7EUKhvzD0xjHb9wly
Xv3nNQMLZ6Z2LIVIYmf1kxnDe6nD6w8e8jMNolYXOspSqawkWQ3ujshWQp0GD3Sd
x5Z5qPtfvFoysResI/ek4zJnpflsHDYnE5/OQmiG7ZMoy7BmJfkC1iodnP/3afjo
SVtbHPg4Ia/ap93hPx9nSnwIFZJbAq+l5x771hafn0v1E8Xa043JRV94CNn8
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:26:29 2024 by rpki-client on console-ams.rpki-client.org