Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/xHSa1y2viWVUqkkMCdSiikIfJwM.roa
File:                     xHSa1y2viWVUqkkMCdSiikIfJwM.roa (raw, json)
Hash identifier:          x0tBRWm3hq+TLbMDtv+h71aPvumPSlFBYtXtFYCwC/U=
Subject key identifier:   C4:74:9A:D7:2D:AF:89:65:54:AA:49:0C:09:D4:A2:8A:42:1F:27:03
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAC3A7BFAA9AC6C89A214767381384
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/xHSa1y2viWVUqkkMCdSiikIfJwM.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49629
IP address blocks:        5.181.100.0/22 maxlen: 24
                          194.8.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c3:a7:bf:aa:9a:c6:c8:9a:21:47:67:38:13:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4749ad72daf896554aa490c09d4a28a421f2703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:54:44:3c:19:fa:3e:51:0e:50:6c:8c:05:45:
                    8f:a1:be:50:67:65:5d:1e:b6:66:b9:5a:0b:42:48:
                    d9:9c:4e:8f:c3:0d:1e:a9:4c:43:84:31:c8:c8:57:
                    da:80:17:6a:8f:7b:3d:0d:bf:60:c3:70:15:cc:6d:
                    68:26:82:26:e2:2e:6b:f9:f6:1e:0c:e3:6e:ee:66:
                    2d:77:9d:11:c6:af:30:8c:4f:ca:e9:bf:a6:b3:55:
                    04:ca:1e:fb:73:c3:12:d8:e3:9c:66:4c:84:b8:2b:
                    ea:db:4c:ad:2f:86:df:45:be:8e:41:03:5c:c9:17:
                    99:74:bf:e9:db:3b:02:14:a9:b4:02:c9:f7:21:07:
                    c6:a9:bc:72:b7:68:fe:0f:9d:ea:65:ed:b0:bb:2c:
                    0c:25:dd:78:52:a9:6e:59:5a:1b:3c:df:b6:88:45:
                    02:2c:2f:fd:56:c9:8a:55:5d:1d:fa:40:5e:79:de:
                    d2:96:fd:bb:e9:db:de:ca:24:e6:60:8c:d0:b1:20:
                    90:ca:37:77:bc:7c:98:8a:17:3d:e5:75:d8:f6:82:
                    3e:06:99:96:38:cc:d0:71:ae:c9:04:4f:ce:91:1b:
                    b1:f7:ae:b6:62:18:3d:13:4b:40:fc:c0:b7:60:a1:
                    54:78:f4:db:f1:55:4c:73:d1:e5:84:0b:e4:0d:53:
                    5b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:74:9A:D7:2D:AF:89:65:54:AA:49:0C:09:D4:A2:8A:42:1F:27:03
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/xHSa1y2viWVUqkkMCdSiikIfJwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.100.0/22
                  194.8.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:f2:aa:b4:78:72:32:b5:22:52:d7:b7:9e:dd:3f:c3:77:cc:
         d7:f2:8f:8b:e9:f6:10:fc:c6:60:49:f7:67:7d:ef:1f:3d:f2:
         82:b3:f8:f8:3d:be:13:f2:97:5e:6b:a6:9b:9c:3d:7f:b8:41:
         e9:19:c8:1b:07:28:89:2e:b1:e7:33:7e:d2:2e:78:22:75:90:
         8e:4b:34:14:40:ad:75:99:af:cb:ea:8a:a0:bc:ee:3c:5f:00:
         41:a9:64:0f:79:62:c4:ae:d6:9a:15:50:16:02:2f:d1:5f:71:
         77:66:be:44:a4:e2:98:85:50:6b:4c:2b:0e:f6:93:6f:81:ac:
         ec:dd:21:93:70:0e:0f:30:0d:17:82:f1:33:50:46:49:f7:91:
         d7:cb:0b:2f:51:a6:c9:99:6f:2b:89:d8:7e:b0:fe:b9:c9:50:
         1d:41:e5:3b:3e:b2:d8:d8:d5:1a:51:77:7d:23:cf:ec:41:8d:
         62:35:89:6c:ad:dc:bd:d5:62:40:c6:12:29:e0:2d:b3:2f:6d:
         af:b3:f2:3f:2e:f8:4a:f0:e7:76:8f:1a:ef:24:e2:18:0e:2b:
         57:da:93:4e:c8:36:fc:c9:3a:a5:40:de:39:fc:da:bc:59:f7:
         8c:ce:64:4c:2b:70:99:1a:68:ab:3f:57:33:2c:ed:ce:81:3c:
         ba:24:9a:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2sOnv6qaxsiaIUdnOBOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDc0OWFkNzJkYWY4OTY1NTRhYTQ5MGMwOWQ0YTI4YTQyMWYyNzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVREPBn6PlEOUGyMBUWPob5QZ2Vd
HrZmuVoLQkjZnE6Pww0eqUxDhDHIyFfagBdqj3s9Db9gw3AVzG1oJoIm4i5r+fYe
DONu7mYtd50Rxq8wjE/K6b+ms1UEyh77c8MS2OOcZkyEuCvq20ytL4bfRb6OQQNc
yReZdL/p2zsCFKm0Asn3IQfGqbxyt2j+D53qZe2wuywMJd14UqluWVobPN+2iEUC
LC/9VsmKVV0d+kBeed7Slv276dveyiTmYIzQsSCQyjd3vHyYihc95XXY9oI+BpmW
OMzQca7JBE/OkRux9662Yhg9E0tA/MC3YKFUePTb8VVMc9HlhAvkDVNbbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMR0mtctr4llVKpJDAnUoopCHycDMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEveEhTYTF5MnZpV1ZVcWtrTUNkU2lpa0lmSndNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBbVkAwQC
wgiMMA0GCSqGSIb3DQEBCwUAA4IBAQB58qq0eHIytSJS17ee3T/Dd8zX8o+L6fYQ
/MZgSfdnfe8fPfKCs/j4Pb4T8pdea6abnD1/uEHpGcgbByiJLrHnM37SLngidZCO
SzQUQK11ma/L6oqgvO48XwBBqWQPeWLErtaaFVAWAi/RX3F3Zr5EpOKYhVBrTCsO
9pNvgazs3SGTcA4PMA0XgvEzUEZJ95HXywsvUabJmW8ridh+sP65yVAdQeU7PrLY
2NUaUXd9I8/sQY1iNYlsrdy91WJAxhIp4C2zL22vs/I/LvhK8Od2jxrvJOIYDitX
2pNOyDb8yTqlQN45/Nq8WfeMzmRMK3CZGmirP1czLO3OgTy6JJqJ
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:26:08 2024 by rpki-client on console-ams.rpki-client.org