Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/1KKBYWBMUS5MCh1BQzYclwLdV7I.roa
File:                     1KKBYWBMUS5MCh1BQzYclwLdV7I.roa (raw, json)
Hash identifier:          5E2Z9YXiGti0tHxMXQmIi/Qzfh9GU1Aants/ynqE4mY=
Subject key identifier:   D4:A2:81:61:60:4C:51:2E:4C:0A:1D:41:43:36:1C:97:02:DD:57:B2
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       018CC7933E74AE417B8A5E4415F55F1B26FA
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/1KKBYWBMUS5MCh1BQzYclwLdV7I.roa
Signing time:             Tue 02 Jan 2024 00:29:24 +0000
ROA not before:           Tue 02 Jan 2024 00:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44066
IP address blocks:        5.183.95.0/24 maxlen: 24
                          45.86.163.0/24 maxlen: 24
                          46.30.189.0/24 maxlen: 24
                          46.30.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3e:74:ae:41:7b:8a:5e:44:15:f5:5f:1b:26:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  2 00:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4a28161604c512e4c0a1d4143361c9702dd57b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a2:6b:ce:d6:a3:be:57:dc:e5:9a:3d:e1:6d:
                    1d:5a:87:09:37:93:09:33:bf:11:21:cf:72:65:23:
                    8e:7b:74:45:0b:f4:67:68:b5:32:ad:8b:a6:ca:0b:
                    bd:13:f5:80:11:84:95:86:c7:f1:c9:4e:93:71:1f:
                    d6:21:d4:56:ca:1d:f2:28:c5:ca:1e:e3:24:3f:1c:
                    04:80:57:d8:b5:ed:be:cd:8c:7a:95:19:08:55:d8:
                    10:8f:7d:8b:92:eb:05:9c:aa:8a:9b:39:e1:95:a9:
                    70:6e:67:7a:64:5e:67:9e:b5:96:b8:c9:84:e7:0d:
                    2a:b5:85:67:46:d4:f6:a9:69:c2:44:2a:30:8c:d1:
                    fc:9e:ef:3e:83:e8:4b:43:b9:93:e0:d2:57:84:57:
                    85:cd:3f:72:1e:7b:d2:4a:c9:98:e6:11:11:7a:da:
                    0c:31:c0:f0:03:39:13:b6:9e:f1:44:dd:5d:ee:57:
                    42:f7:56:33:e9:ce:35:ea:b7:ba:13:a5:3f:5e:44:
                    cd:b1:cc:36:60:32:aa:f1:56:63:7e:89:4c:7b:29:
                    1f:82:23:50:0f:c9:47:56:de:59:e8:3d:ce:17:61:
                    ef:88:7e:dc:0c:74:4d:26:de:7c:76:ef:28:b0:7a:
                    f9:19:35:70:ff:35:e4:b9:4f:ed:c5:4a:89:fc:a0:
                    2c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:A2:81:61:60:4C:51:2E:4C:0A:1D:41:43:36:1C:97:02:DD:57:B2
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/1KKBYWBMUS5MCh1BQzYclwLdV7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.95.0/24
                  45.86.163.0/24
                  46.30.189.0-46.30.190.255

    Signature Algorithm: sha256WithRSAEncryption
         02:d0:2f:68:eb:7f:9e:86:a0:60:2c:39:11:50:3b:ea:31:54:
         93:70:e3:c0:78:24:dc:90:cb:c4:1a:d5:2c:35:3c:98:7c:9b:
         bb:df:67:57:95:4d:00:37:bd:6e:89:ed:bc:94:a1:77:0b:75:
         4f:9a:52:42:5c:08:40:17:4e:c8:37:8d:6d:27:3d:7d:34:72:
         1e:7c:d6:50:ee:2b:81:54:0a:7b:cd:d8:f4:e0:46:65:06:47:
         e0:48:b9:97:c4:6d:dc:15:a0:d2:ce:47:b4:00:2f:c1:e2:69:
         c0:b2:17:86:01:2b:be:7e:26:35:a2:58:d9:26:a4:25:ad:0a:
         9b:c7:54:a4:43:f7:f8:42:06:04:3f:46:eb:b5:80:83:ee:2b:
         53:aa:74:0f:dc:4a:c8:b3:ae:b7:55:62:ed:de:07:f2:a1:e8:
         83:c1:59:94:a3:b0:d4:8f:89:3e:31:62:93:b5:4b:04:62:d4:
         35:0b:49:eb:80:2e:6c:fc:b8:1d:67:80:7c:4c:61:b5:07:d2:
         65:b4:89:bd:fe:8a:cf:27:a9:35:71:2a:0b:16:d3:2d:8e:5c:
         01:b7:8f:df:3c:2f:20:4b:11:ee:90:d4:c1:b9:13:2d:94:a3:
         eb:f4:b1:c0:b0:ff:90:cb:2a:9e:e6:9c:9c:4f:2b:ea:ad:6b:
         1e:6e:d8:6c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzHkz50rkF7il5EFfVfGyb6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjQwMTAyMDAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGEyODE2MTYwNGM1MTJlNGMwYTFkNDE0MzM2MWM5NzAyZGQ1N2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaJrztajvlfc5Zo94W0dWocJN5MJ
M78RIc9yZSOOe3RFC/RnaLUyrYumygu9E/WAEYSVhsfxyU6TcR/WIdRWyh3yKMXK
HuMkPxwEgFfYte2+zYx6lRkIVdgQj32LkusFnKqKmznhlalwbmd6ZF5nnrWWuMmE
5w0qtYVnRtT2qWnCRCowjNH8nu8+g+hLQ7mT4NJXhFeFzT9yHnvSSsmY5hERetoM
McDwAzkTtp7xRN1d7ldC91Yz6c416re6E6U/XkTNscw2YDKq8VZjfolMeykfgiNQ
D8lHVt5Z6D3OF2HviH7cDHRNJt58du8osHr5GTVw/zXkuU/txUqJ/KAsdQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNSigWFgTFEuTAodQUM2HJcC3VeyMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvMUtLQllXQk1VUzVNQ2gxQlF6WWNsd0xkVjdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQABbdfAwQA
LVajMAwDBAAuHr0DBAAuHr4wDQYJKoZIhvcNAQELBQADggEBAALQL2jrf56GoGAs
ORFQO+oxVJNw48B4JNyQy8Qa1Sw1PJh8m7vfZ1eVTQA3vW6J7byUoXcLdU+aUkJc
CEAXTsg3jW0nPX00ch581lDuK4FUCnvN2PTgRmUGR+BIuZfEbdwVoNLOR7QAL8Hi
acCyF4YBK75+JjWiWNkmpCWtCpvHVKRD9/hCBgQ/Ruu1gIPuK1OqdA/cSsizrrdV
Yu3eB/Kh6IPBWZSjsNSPiT4xYpO1SwRi1DULSeuALmz8uB1ngHxMYbUH0mW0ib3+
is8nqTVxKgsW0y2OXAG3j988LyBLEe6Q1MG5Ey2Uo+v0scCw/5DLKp7mnJxPK+qt
ax5u2Gw=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:43:14 2024 by rpki-client on console-ams.rpki-client.org