Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/0AOj-EjsyvEXu1WvL2PT1O97D8Q.roa
File:                     0AOj-EjsyvEXu1WvL2PT1O97D8Q.roa (raw, json)
Hash identifier:          wENEWKHy8Bc1NXEJIiWw5rzRYbw2yYc96D9nrQHNHXc=
Subject key identifier:   D0:03:A3:F8:48:EC:CA:F1:17:BB:55:AF:2F:63:D3:D4:EF:7B:0F:C4
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018CC6B9319F1F3A42B342BE3F693571304F
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/0AOj-EjsyvEXu1WvL2PT1O97D8Q.roa
Signing time:             Mon 01 Jan 2024 20:31:14 +0000
ROA not before:           Mon 01 Jan 2024 20:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40065
IP address blocks:        45.142.158.0/23 maxlen: 32
                          45.142.156.0/24 maxlen: 32
                          45.142.157.0/24 maxlen: 32
                          45.145.72.0/23 maxlen: 32
                          45.150.226.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:31:9f:1f:3a:42:b3:42:be:3f:69:35:71:30:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  1 20:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d003a3f848eccaf117bb55af2f63d3d4ef7b0fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:06:6a:f7:b4:31:21:56:5a:5a:00:b3:9c:07:
                    11:34:ec:24:c4:2c:6c:d5:63:52:2b:39:36:9b:fc:
                    a5:3a:0d:8d:33:f0:4e:d8:4f:57:28:d4:3d:c1:c3:
                    a1:f5:a1:54:be:98:4c:bd:79:91:ca:43:cc:02:a4:
                    e8:15:a5:11:66:59:5f:cb:2e:78:db:fc:bd:80:8c:
                    9c:99:34:34:d7:c2:58:f0:e2:d1:69:02:da:36:b7:
                    27:0c:50:87:01:37:a4:54:f4:ff:77:89:a9:65:a0:
                    a4:83:e3:30:b5:f1:6b:6d:ce:96:dc:93:a7:8c:86:
                    5f:83:61:6a:f4:1e:b0:cb:9a:6d:1a:6d:8c:55:55:
                    4b:e1:2a:ae:cd:9f:ef:70:35:89:83:20:71:af:13:
                    b7:e8:d7:53:16:62:fe:85:a2:04:9c:79:82:88:27:
                    5c:73:c4:00:49:13:05:26:fd:51:24:83:a2:c4:4f:
                    f8:37:31:50:6c:1b:ac:86:8f:a2:e4:52:10:4b:51:
                    60:bb:09:16:8c:fe:eb:90:59:32:49:2b:f8:74:84:
                    b7:51:1b:f9:db:ca:2b:d3:fc:14:f2:66:82:60:e4:
                    16:97:b9:25:f8:1e:59:9b:5d:ac:97:e4:1a:62:51:
                    a8:cc:46:82:bf:e0:45:49:6d:0c:2f:ee:24:14:3a:
                    86:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:03:A3:F8:48:EC:CA:F1:17:BB:55:AF:2F:63:D3:D4:EF:7B:0F:C4
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/0AOj-EjsyvEXu1WvL2PT1O97D8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.156.0/22
                  45.145.72.0/23
                  45.150.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bf:38:35:74:c4:84:d7:0c:d7:ec:12:46:ae:5d:b5:69:2f:95:
         b5:9e:98:07:da:89:a8:95:c4:e8:fe:84:51:a8:bf:e9:98:8b:
         21:1b:ee:fa:12:50:4d:89:26:76:52:03:98:2f:ed:19:9d:17:
         7e:3c:74:21:13:f1:ee:3b:12:4c:6b:d1:f1:b6:b6:3a:fe:ad:
         c7:07:63:26:9b:3e:b5:b2:b7:aa:b8:99:ad:b0:ef:15:46:b7:
         fd:e9:b9:40:db:44:a2:23:e8:65:41:65:3d:a1:ff:58:d2:46:
         98:5c:43:ae:ff:7e:89:2a:1a:dc:1f:e2:28:1f:54:72:51:eb:
         3b:6d:ca:fd:f2:2d:47:0c:39:e1:1c:8f:1d:aa:e6:9a:9a:94:
         60:97:82:c6:ba:ca:34:3c:13:67:53:e1:b6:63:9c:12:6d:fe:
         1e:d5:d7:f0:e0:29:f2:86:64:93:e2:8e:77:6f:54:65:bf:fb:
         79:07:17:0b:80:27:f7:40:57:9b:aa:db:5c:97:9b:65:71:bb:
         c8:49:cd:82:9f:60:77:56:1b:9e:2c:73:7d:95:82:07:b5:6d:
         d8:aa:ac:89:ac:11:ce:ad:f0:d3:51:1b:f4:b9:4b:25:88:7f:
         54:77:6b:d1:ca:2b:a6:68:53:46:6e:2e:fc:51:46:02:40:1b:
         a5:0d:5f:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuTGfHzpCs0K+P2k1cTBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwMTAxMjAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDAzYTNmODQ4ZWNjYWYxMTdiYjU1YWYyZjYzZDNkNGVmN2IwZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4AZq97QxIVZaWgCznAcRNOwkxCxs
1WNSKzk2m/ylOg2NM/BO2E9XKNQ9wcOh9aFUvphMvXmRykPMAqToFaURZllfyy54
2/y9gIycmTQ018JY8OLRaQLaNrcnDFCHATekVPT/d4mpZaCkg+MwtfFrbc6W3JOn
jIZfg2Fq9B6wy5ptGm2MVVVL4SquzZ/vcDWJgyBxrxO36NdTFmL+haIEnHmCiCdc
c8QASRMFJv1RJIOixE/4NzFQbBusho+i5FIQS1FguwkWjP7rkFkySSv4dIS3URv5
28or0/wU8maCYOQWl7kl+B5Zm12sl+QaYlGozEaCv+BFSW0ML+4kFDqGmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNADo/hI7MrxF7tVry9j09Tvew/EMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvMEFPai1FanN5dkVYdTFXdkwyUFQxTzk3RDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLY6cAwQB
LZFIAwQBLZbiMA0GCSqGSIb3DQEBCwUAA4IBAQC/ODV0xITXDNfsEkauXbVpL5W1
npgH2omolcTo/oRRqL/pmIshG+76ElBNiSZ2UgOYL+0ZnRd+PHQhE/HuOxJMa9Hx
trY6/q3HB2Mmmz61srequJmtsO8VRrf96blA20SiI+hlQWU9of9Y0kaYXEOu/36J
KhrcH+IoH1RyUes7bcr98i1HDDnhHI8dquaampRgl4LGuso0PBNnU+G2Y5wSbf4e
1dfw4CnyhmST4o53b1Rlv/t5BxcLgCf3QFebqttcl5tlcbvISc2Cn2B3VhueLHN9
lYIHtW3YqqyJrBHOrfDTURv0uUsliH9Ud2vRyiumaFNGbi78UUYCQBulDV9c
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:54:54 2024 by rpki-client on console-ams.rpki-client.org