Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c12436-61be-42e0-ad34-7f8a6750b8d7/1/THJ7GldG2VIcUcP4mvUl04eArS0.roa
File:                     THJ7GldG2VIcUcP4mvUl04eArS0.roa (raw, json)
Hash identifier:          EffcY88mjdjsFkZLCqDQo0WGrEVWwjOUWD4kXArCftE=
Subject key identifier:   4C:72:7B:1A:57:46:D9:52:1C:51:C3:F8:9A:F5:25:D3:87:80:AD:2D
Certificate issuer:       /CN=96edc682a944005117b8febed6dc8bac060f329a
Certificate serial:       018FA3AC33491BA619AAFEA0277EDE791393
Authority key identifier: 96:ED:C6:82:A9:44:00:51:17:B8:FE:BE:D6:DC:8B:AC:06:0F:32:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lu3GgqlEAFEXuP6-1tyLrAYPMpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c12436-61be-42e0-ad34-7f8a6750b8d7/1/THJ7GldG2VIcUcP4mvUl04eArS0.roa
Signing time:             Thu 23 May 2024 04:18:42 +0000
ROA not before:           Thu 23 May 2024 04:18:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        45.88.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c12436-61be-42e0-ad34-7f8a6750b8d7/1/lu3GgqlEAFEXuP6-1tyLrAYPMpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c12436-61be-42e0-ad34-7f8a6750b8d7/1/lu3GgqlEAFEXuP6-1tyLrAYPMpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lu3GgqlEAFEXuP6-1tyLrAYPMpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Dec 2024 16:33:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a3:ac:33:49:1b:a6:19:aa:fe:a0:27:7e:de:79:13:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96edc682a944005117b8febed6dc8bac060f329a
        Validity
            Not Before: May 23 04:18:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c727b1a5746d9521c51c3f89af525d38780ad2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:34:22:3a:50:46:b0:4c:da:29:d7:a2:2f:cd:
                    f7:2b:dc:49:f3:09:7c:90:9c:64:ef:c2:be:e0:e4:
                    aa:e1:68:a6:fb:6a:63:27:be:a7:6b:2a:da:d6:f0:
                    c6:38:5d:75:0e:08:5b:6e:7a:f0:a7:0b:06:5c:c9:
                    11:80:d8:c2:1b:4f:61:62:a0:51:f7:dc:d5:79:19:
                    83:8a:f8:69:87:6d:bf:d3:b9:56:df:12:cc:fd:ad:
                    1c:cc:3f:90:3a:64:b9:7b:28:a3:2c:73:bb:2d:c1:
                    6e:70:e7:f4:e9:8e:de:5d:1d:6b:20:81:a4:9f:09:
                    15:96:a3:cf:bb:5b:ab:b3:e7:fa:7e:47:3f:d3:62:
                    1e:3f:c6:b6:bf:52:b8:d4:3a:75:77:01:5b:8b:81:
                    cc:55:6a:c7:3e:cd:80:1a:3a:df:02:a0:ba:c4:85:
                    76:ff:ac:66:06:2a:66:28:ed:c1:58:98:6e:60:96:
                    8a:16:f3:7d:51:c8:d6:64:56:fa:eb:9b:9a:d5:ed:
                    a1:12:e9:76:73:c2:0d:26:de:4b:ea:ea:ab:98:d3:
                    68:af:d2:54:fd:37:98:18:43:e5:b5:f6:19:4e:4c:
                    2b:00:b7:00:7a:f6:92:23:10:4f:32:ca:03:0b:6e:
                    43:a8:f7:6e:f8:7f:3d:1e:a1:f8:49:0d:bc:8b:bc:
                    aa:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:72:7B:1A:57:46:D9:52:1C:51:C3:F8:9A:F5:25:D3:87:80:AD:2D
            X509v3 Authority Key Identifier:
                keyid:96:ED:C6:82:A9:44:00:51:17:B8:FE:BE:D6:DC:8B:AC:06:0F:32:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lu3GgqlEAFEXuP6-1tyLrAYPMpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c12436-61be-42e0-ad34-7f8a6750b8d7/1/THJ7GldG2VIcUcP4mvUl04eArS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c12436-61be-42e0-ad34-7f8a6750b8d7/1/lu3GgqlEAFEXuP6-1tyLrAYPMpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:d0:ad:17:0f:bc:88:73:4a:48:60:cf:b8:07:8c:4a:bd:eb:
         80:54:c4:d4:0d:11:14:06:ad:3d:74:3d:db:ed:ed:95:11:c1:
         80:ab:9e:3e:04:2c:ef:85:f4:44:ac:bc:79:c8:95:26:34:a7:
         43:d4:e8:2d:81:36:c3:ef:23:c8:81:4f:f8:58:a2:e0:0d:7e:
         19:53:c7:d8:d9:ca:2e:1d:f3:2c:c7:31:94:cf:6c:dc:a7:94:
         f0:e1:d2:ec:b6:6d:1d:fd:b0:ec:e2:8f:71:26:0f:c3:b0:03:
         3a:41:f6:9a:a3:1d:5c:0e:dd:c8:eb:27:d6:ca:a2:00:83:0f:
         05:1e:f2:9e:80:ed:4f:02:b1:19:c3:bc:0a:a0:f2:82:b8:24:
         79:51:cf:a7:f4:95:f9:78:72:bc:7d:05:4c:8b:da:03:ba:75:
         64:8c:83:1d:b9:0e:0f:78:61:0b:f6:41:d0:bb:90:e8:e8:df:
         ab:e7:96:60:6d:cf:50:df:5c:54:6b:75:51:33:f5:b5:46:a9:
         b9:01:fd:75:e4:ae:63:86:8f:ff:8e:cf:dd:0b:c9:84:d9:43:
         38:1a:ca:01:c0:d5:cd:a6:c4:8e:4e:4d:a3:a0:52:31:44:65:
         2b:2b:a0:ef:98:d3:b1:8d:1d:09:3c:b3:3c:1f:df:99:53:49:
         2b:eb:98:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+jrDNJG6YZqv6gJ37eeROTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZWRjNjgyYTk0NDAwNTExN2I4ZmViZWQ2ZGM4YmFjMDYw
ZjMyOWEwHhcNMjQwNTIzMDQxODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzcyN2IxYTU3NDZkOTUyMWM1MWMzZjg5YWY1MjVkMzg3ODBhZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTQiOlBGsEzaKdeiL833K9xJ8wl8
kJxk78K+4OSq4Wim+2pjJ76nayra1vDGOF11DghbbnrwpwsGXMkRgNjCG09hYqBR
99zVeRmDivhph22/07lW3xLM/a0czD+QOmS5eyijLHO7LcFucOf06Y7eXR1rIIGk
nwkVlqPPu1urs+f6fkc/02IeP8a2v1K41Dp1dwFbi4HMVWrHPs2AGjrfAqC6xIV2
/6xmBipmKO3BWJhuYJaKFvN9UcjWZFb665ua1e2hEul2c8INJt5L6uqrmNNor9JU
/TeYGEPltfYZTkwrALcAevaSIxBPMsoDC25DqPdu+H89HqH4SQ28i7yqhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExyexpXRtlSHFHD+Jr1JdOHgK0tMB8GA1UdIwQY
MBaAFJbtxoKpRABRF7j+vtbci6wGDzKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHUzR2dxbEVBRkVYdVA2LTF0eUxyQVlQTXBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jMTI0MzYtNjFiZS00MmUwLWFkMzQt
N2Y4YTY3NTBiOGQ3LzEvVEhKN0dsZEcyVkljVWNQNG12VWwwNGVBclMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jMTI0MzYtNjFiZS00MmUwLWFkMzQtN2Y4YTY3NTBiOGQ3
LzEvbHUzR2dxbEVBRkVYdVA2LTF0eUxyQVlQTXBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVjgMA0G
CSqGSIb3DQEBCwUAA4IBAQDY0K0XD7yIc0pIYM+4B4xKveuAVMTUDREUBq09dD3b
7e2VEcGAq54+BCzvhfRErLx5yJUmNKdD1OgtgTbD7yPIgU/4WKLgDX4ZU8fY2cou
HfMsxzGUz2zcp5Tw4dLstm0d/bDs4o9xJg/DsAM6Qfaaox1cDt3I6yfWyqIAgw8F
HvKegO1PArEZw7wKoPKCuCR5Uc+n9JX5eHK8fQVMi9oDunVkjIMduQ4PeGEL9kHQ
u5Do6N+r55Zgbc9Q31xUa3VRM/W1Rqm5Af115K5jho//js/dC8mE2UM4GsoBwNXN
psSOTk2joFIxRGUrK6DvmNOxjR0JPLM8H9+ZU0kr65j4
-----END CERTIFICATE-----
Generated at Tue Dec 10 23:25:01 2024 by rpki-client on console-fra.rpki-client.org