Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/TVOuiBxkr6RdZtI5MkbN6gQpEk0.roa
File:                     TVOuiBxkr6RdZtI5MkbN6gQpEk0.roa (raw, json)
Hash identifier:          b4lB9rpFWESNg/G06WfXkd4nmKSbND3cpH470pxDwxU=
Subject key identifier:   4D:53:AE:88:1C:64:AF:A4:5D:66:D2:39:32:46:CD:EA:04:29:12:4D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5010463D4494CB43D894D31EB7B534D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/TVOuiBxkr6RdZtI5MkbN6gQpEk0.roa
Signing time:             Mon 01 Jan 2024 12:30:27 +0000
ROA not before:           Mon 01 Jan 2024 12:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        45.141.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:04:63:d4:49:4c:b4:3d:89:4d:31:eb:7b:53:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d53ae881c64afa45d66d2393246cdea0429124d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c4:57:ca:46:51:61:45:af:f8:a9:1a:b2:32:
                    fc:8e:ac:3f:5f:72:b1:1b:64:f2:08:e3:77:a4:55:
                    5e:95:95:dd:2c:71:96:64:fc:ab:c8:38:ff:ac:09:
                    fd:13:25:0d:c3:ab:e9:59:d7:c2:32:ff:39:32:0a:
                    80:3b:6c:ef:b3:1f:0e:56:dd:a6:98:65:2b:56:b7:
                    cf:c0:db:d7:b2:57:a1:b1:b8:20:29:d3:a0:d9:ad:
                    9a:35:e2:ab:dc:34:65:6c:71:58:02:de:57:21:c0:
                    bd:2c:db:e7:94:2b:98:27:c8:55:b4:d7:f9:ce:7a:
                    88:47:d3:b0:b9:32:c3:9a:2e:5b:3d:3f:ea:a4:bc:
                    14:4a:82:d5:80:1a:02:40:9b:02:82:85:fb:2d:a3:
                    dc:1c:92:65:5a:9d:d7:b0:0a:18:2b:cc:f4:f7:28:
                    4d:23:00:0d:d1:79:b9:6f:5f:1a:e2:09:8a:4a:35:
                    cb:49:88:9a:d2:f1:a8:38:87:4e:c9:1c:35:3d:5f:
                    80:bf:b9:97:59:be:91:d2:cc:54:53:2c:36:79:a0:
                    6f:77:98:6a:77:1e:f9:ae:e4:3f:0f:90:8c:63:70:
                    68:4c:2a:ae:8f:9e:aa:4a:5f:04:53:53:08:53:66:
                    8c:2d:f8:ea:ab:89:34:23:59:f6:31:67:b1:48:60:
                    9e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:53:AE:88:1C:64:AF:A4:5D:66:D2:39:32:46:CD:EA:04:29:12:4D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/TVOuiBxkr6RdZtI5MkbN6gQpEk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:71:34:79:cb:3c:d5:ae:2f:da:7f:12:c9:10:4a:99:a3:0c:
         bf:83:a8:65:b3:cc:56:fa:65:02:22:c6:dc:f0:eb:1c:0d:57:
         b7:cd:c0:01:25:1a:c1:56:81:32:6e:89:73:71:c7:3b:af:26:
         45:ee:f6:5f:0a:45:c0:e0:f1:2e:77:bb:47:1a:9a:77:06:e6:
         a1:07:c5:6d:a1:9d:77:da:f6:ee:ce:e5:be:83:1e:90:75:c4:
         65:78:01:6c:80:13:b4:1e:85:f5:af:53:56:29:d4:65:27:97:
         81:59:8c:c1:8d:60:b8:f7:aa:36:d1:e3:d8:b4:fb:1f:fc:ca:
         48:2d:22:e6:bf:9a:97:6a:78:bd:bb:fc:99:eb:34:7a:7b:88:
         d8:bd:53:00:e4:6f:ff:ba:fb:2e:a3:af:88:fd:0b:ad:f0:e7:
         a9:ae:da:5d:53:ec:46:8a:6f:db:08:34:40:a2:6a:11:9d:57:
         74:e1:31:ec:f0:28:dd:2a:43:21:0c:7d:3b:e1:51:00:31:47:
         d9:5d:56:5e:c0:90:57:ff:4d:8e:0c:dd:16:03:48:8a:53:25:
         65:6f:9b:68:6f:e6:1f:9b:ca:4e:88:5f:f3:ed:d9:d6:23:14:
         64:63:91:96:e2:38:cf:04:2c:ba:0b:f2:ce:70:0b:42:85:c8:
         ab:5d:e6:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQRj1ElMtD2JTTHre1NNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDUzYWU4ODFjNjRhZmE0NWQ2NmQyMzkzMjQ2Y2RlYTA0MjkxMjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMRXykZRYUWv+KkasjL8jqw/X3Kx
G2TyCON3pFVelZXdLHGWZPyryDj/rAn9EyUNw6vpWdfCMv85MgqAO2zvsx8OVt2m
mGUrVrfPwNvXslehsbggKdOg2a2aNeKr3DRlbHFYAt5XIcC9LNvnlCuYJ8hVtNf5
znqIR9OwuTLDmi5bPT/qpLwUSoLVgBoCQJsCgoX7LaPcHJJlWp3XsAoYK8z09yhN
IwAN0Xm5b18a4gmKSjXLSYia0vGoOIdOyRw1PV+Av7mXWb6R0sxUUyw2eaBvd5hq
dx75ruQ/D5CMY3BoTCquj56qSl8EU1MIU2aMLfjqq4k0I1n2MWexSGCeJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1TrogcZK+kXWbSOTJGzeoEKRJNMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVFZPdWlCeGtyNlJkWnRJNU1rYk42Z1FwRWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY0ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBCcTR5yzzVri/afxLJEEqZowy/g6hls8xW+mUCIsbc
8OscDVe3zcABJRrBVoEybolzccc7ryZF7vZfCkXA4PEud7tHGpp3BuahB8VtoZ13
2vbuzuW+gx6QdcRleAFsgBO0HoX1r1NWKdRlJ5eBWYzBjWC496o20ePYtPsf/MpI
LSLmv5qXani9u/yZ6zR6e4jYvVMA5G//uvsuo6+I/Qut8OeprtpdU+xGim/bCDRA
omoRnVd04THs8CjdKkMhDH074VEAMUfZXVZewJBX/02ODN0WA0iKUyVlb5tob+Yf
m8pOiF/z7dnWIxRkY5GW4jjPBCy6C/LOcAtChcirXeas
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:41:10 2024 by rpki-client on console-ams.rpki-client.org