Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/5tgvBqAn45q56volhgsie_7CV2M.roa
File:                     5tgvBqAn45q56volhgsie_7CV2M.roa (raw, json)
Hash identifier:          mOVCJg54wvWm5Bo6SQOd2fn6Aprl0DBUEjycsY1KAFo=
Subject key identifier:   E6:D8:2F:06:A0:27:E3:9A:B9:EA:FA:25:86:0B:22:7B:FE:C2:57:63
Certificate issuer:       /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial:       018CC64AAEEB25710C2F25788066305511E5
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/5tgvBqAn45q56volhgsie_7CV2M.roa
Signing time:             Mon 01 Jan 2024 18:30:32 +0000
ROA not before:           Mon 01 Jan 2024 18:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198192
IP address blocks:        45.131.54.0/23 maxlen: 23
                          45.131.52.0/23 maxlen: 23
                          185.92.237.0/24 maxlen: 24
                          158.255.236.0/23 maxlen: 23
                          45.10.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ae:eb:25:71:0c:2f:25:78:80:66:30:55:11:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
        Validity
            Not Before: Jan  1 18:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6d82f06a027e39ab9eafa25860b227bfec25763
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7a:69:a5:74:6f:c1:29:bc:4e:ab:30:37:10:
                    56:36:35:b5:75:e0:ba:41:31:17:62:39:2a:09:6f:
                    bf:a2:44:c9:11:b5:7b:bb:0e:d0:d6:1f:8c:be:45:
                    a1:f7:52:aa:ae:32:5c:21:0b:f1:bc:2a:01:60:b3:
                    d0:07:43:65:0c:2e:ce:fb:2d:66:8b:38:c9:b2:a3:
                    0a:30:d3:3c:e9:8a:8a:13:2d:de:21:70:6d:5e:b0:
                    f3:62:e8:02:9b:9e:49:9c:b0:8d:b1:a4:1b:b3:f7:
                    75:84:57:9e:63:d9:87:a5:63:23:bb:b9:53:5d:8e:
                    4e:dc:b4:5d:bd:1e:81:bb:a8:b0:53:41:36:df:d0:
                    f0:1d:38:6f:f1:c6:8a:9d:ce:e0:24:1b:99:f3:cc:
                    34:52:fc:7a:7d:a0:19:a3:6e:cd:d7:ab:37:9d:bd:
                    42:33:7e:f4:1b:ac:34:dc:dc:8b:b8:e1:cb:4f:88:
                    73:4c:5a:9c:f9:9e:4f:e2:40:f7:d8:94:9d:ff:73:
                    26:82:49:99:de:e8:3c:94:ea:29:d8:38:9a:e4:39:
                    b9:39:c7:28:7d:ce:cf:20:77:0d:0e:6e:81:c5:8b:
                    97:52:c7:c7:93:9d:4b:1a:48:5f:ae:1d:53:a0:fb:
                    d8:e3:d0:f1:06:57:c4:3a:51:3d:96:46:b6:e4:a5:
                    59:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:D8:2F:06:A0:27:E3:9A:B9:EA:FA:25:86:0B:22:7B:FE:C2:57:63
            X509v3 Authority Key Identifier:
                keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/5tgvBqAn45q56volhgsie_7CV2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.128.0/24
                  45.131.52.0/22
                  158.255.236.0/23
                  185.92.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:e4:3e:8a:13:5e:a0:17:9c:9f:ae:d4:68:f3:e7:7a:12:c0:
         ed:4c:44:05:51:28:89:eb:8f:6e:fb:03:0b:e9:b5:a7:e1:40:
         31:4a:57:4c:cb:72:9d:68:8a:06:c3:2c:35:91:4a:e6:04:f6:
         49:2a:e7:08:79:89:60:a6:a6:18:84:e9:87:a7:14:a1:99:8c:
         ac:d8:e4:5e:b3:07:2e:02:59:31:22:18:66:33:3e:a4:26:58:
         fb:1b:3d:cf:d6:62:c5:da:ec:04:4e:1c:62:b4:d2:48:4a:3c:
         65:cb:7e:cf:c7:3f:d8:9b:f9:d3:d2:32:fa:1a:3a:80:79:5f:
         22:c4:e5:e9:35:c2:2d:0e:88:8a:ab:b9:0d:16:51:99:fc:d0:
         63:24:99:3e:35:57:45:16:4b:7e:3c:53:6c:da:47:ff:21:fc:
         39:82:82:53:7f:90:94:96:31:eb:09:e4:60:6f:fd:c1:23:54:
         30:df:88:6e:86:85:97:ec:9d:49:dc:4e:2d:5a:78:d7:aa:d5:
         ae:11:99:11:37:40:8d:59:49:aa:c5:16:87:01:a6:e2:26:63:
         2d:4a:02:73:29:ec:6e:5d:bf:11:27:5d:bb:e3:61:6e:d7:85:
         f1:81:b8:1a:1e:e9:27:38:a8:f7:76:8f:c2:fe:ce:79:9c:fe:
         2e:e2:2d:50
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGSq7rJXEMLyV4gGYwVRHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwMTAxMTgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmQ4MmYwNmEwMjdlMzlhYjllYWZhMjU4NjBiMjI3YmZlYzI1NzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXpppXRvwSm8TqswNxBWNjW1deC6
QTEXYjkqCW+/okTJEbV7uw7Q1h+MvkWh91KqrjJcIQvxvCoBYLPQB0NlDC7O+y1m
izjJsqMKMNM86YqKEy3eIXBtXrDzYugCm55JnLCNsaQbs/d1hFeeY9mHpWMju7lT
XY5O3LRdvR6Bu6iwU0E239DwHThv8caKnc7gJBuZ88w0Uvx6faAZo27N16s3nb1C
M370G6w03NyLuOHLT4hzTFqc+Z5P4kD32JSd/3MmgkmZ3ug8lOop2Dia5Dm5Occo
fc7PIHcNDm6BxYuXUsfHk51LGkhfrh1ToPvY49DxBlfEOlE9lka25KVZbQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFObYLwagJ+Oauer6JYYLInv+wldjMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvNXRndkJxQW40NXE1NnZvbGhnc2llXzdDVjJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALQqAAwQC
LYM0AwQBnv/sAwQAuVztMA0GCSqGSIb3DQEBCwUAA4IBAQBZ5D6KE16gF5yfrtRo
8+d6EsDtTEQFUSiJ649u+wML6bWn4UAxSldMy3KdaIoGwyw1kUrmBPZJKucIeYlg
pqYYhOmHpxShmYys2OReswcuAlkxIhhmMz6kJlj7Gz3P1mLF2uwEThxitNJISjxl
y37Pxz/Ym/nT0jL6GjqAeV8ixOXpNcItDoiKq7kNFlGZ/NBjJJk+NVdFFkt+PFNs
2kf/Ifw5goJTf5CUljHrCeRgb/3BI1Qw34huhoWX7J1J3E4tWnjXqtWuEZkRN0CN
WUmqxRaHAabiJmMtSgJzKexuXb8RJ12742Fu14XxgbgaHuknOKj3do/C/s55nP4u
4i1Q
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:24:52 2024 by rpki-client on console-ams.rpki-client.org