Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/5hhXfwDoyhNwubKlN-S_5SiN1wA.roa
File:                     5hhXfwDoyhNwubKlN-S_5SiN1wA.roa (raw, json)
Hash identifier:          B2qahgtASolDcQWQmzP7gHy/KJZ9IEaf5GJAqgTsalI=
Subject key identifier:   E6:18:57:7F:00:E8:CA:13:70:B9:B2:A5:37:E4:BF:E5:28:8D:D7:00
Certificate issuer:       /CN=df61a292223ad9aebc8ad82c2a56475fbd97a834
Certificate serial:       018EDB711C5C45599154E40257DB45DC5408
Authority key identifier: DF:61:A2:92:22:3A:D9:AE:BC:8A:D8:2C:2A:56:47:5F:BD:97:A8:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/5hhXfwDoyhNwubKlN-S_5SiN1wA.roa
Signing time:             Sun 14 Apr 2024 07:10:06 +0000
ROA not before:           Sun 14 Apr 2024 07:10:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206485
IP address blocks:        45.129.136.0/22 maxlen: 22
                          45.129.136.0/24 maxlen: 24
                          45.129.137.0/24 maxlen: 24
                          45.129.138.0/24 maxlen: 24
                          45.129.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:db:71:1c:5c:45:59:91:54:e4:02:57:db:45:dc:54:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df61a292223ad9aebc8ad82c2a56475fbd97a834
        Validity
            Not Before: Apr 14 07:10:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e618577f00e8ca1370b9b2a537e4bfe5288dd700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:52:07:d5:d1:cb:7a:02:d6:76:e5:e3:68:c3:
                    76:cf:bb:94:6f:82:bb:34:8a:79:8e:22:44:0d:be:
                    ef:3f:93:28:cf:23:65:69:d6:1f:41:36:b7:7b:90:
                    5f:44:29:66:7e:5a:c1:30:f5:60:ea:48:41:64:91:
                    5c:e7:9e:d9:96:ca:ef:e2:64:0b:25:a3:d2:37:e3:
                    98:89:c2:d9:23:b0:55:bf:1a:a3:42:33:4b:b1:43:
                    ab:2b:87:a0:a8:8c:3f:a4:3f:df:dc:15:e6:38:a5:
                    b4:13:c5:7e:24:af:48:6c:e9:70:6d:dc:68:dd:0d:
                    be:bf:38:9c:fd:1a:73:02:1e:34:bb:3c:60:44:26:
                    9a:de:e6:a3:2d:ce:46:5c:77:ed:76:ed:06:42:ad:
                    59:58:69:2e:12:a8:7b:ba:84:07:22:03:39:f8:f6:
                    42:b3:5b:0c:87:f5:03:7d:29:8e:7e:70:7d:27:38:
                    03:b6:e0:d1:63:90:4a:43:d2:36:8f:d5:77:17:88:
                    e3:92:ba:21:2e:47:42:22:11:d2:8e:22:b8:16:e2:
                    e3:38:f6:5e:5f:ed:8c:44:b3:8d:52:02:49:5c:ce:
                    b5:ae:27:57:9d:db:30:0a:43:1b:7f:09:02:b2:a0:
                    91:b4:e5:e6:d7:fe:cb:79:0d:76:a3:91:26:b9:d9:
                    11:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:18:57:7F:00:E8:CA:13:70:B9:B2:A5:37:E4:BF:E5:28:8D:D7:00
            X509v3 Authority Key Identifier:
                keyid:DF:61:A2:92:22:3A:D9:AE:BC:8A:D8:2C:2A:56:47:5F:BD:97:A8:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/5hhXfwDoyhNwubKlN-S_5SiN1wA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:0c:ed:ad:1f:f3:ec:0c:f3:dc:d2:17:7d:73:8a:90:59:91:
         6e:97:f1:33:88:d3:94:64:69:ff:75:44:de:9a:95:c4:5a:4c:
         53:96:1c:ab:4b:1c:bb:6a:a8:6e:fb:ce:81:c4:d9:fb:b1:de:
         34:91:05:e9:19:52:16:a8:87:4c:ed:25:75:93:00:2a:e7:30:
         66:22:bf:41:11:f2:c5:6f:35:1f:60:d1:9c:c7:4e:ad:0d:b4:
         7c:a9:f9:6e:e8:0f:59:49:28:f1:6b:eb:35:58:b8:75:45:fa:
         59:a0:f8:21:7c:1f:e8:84:cb:83:18:7a:e0:30:20:db:10:69:
         fe:d3:8d:7b:a1:af:a5:99:05:58:4a:02:33:d0:75:fb:a2:87:
         fc:02:a8:c2:45:32:e5:09:09:bc:12:e0:67:5e:f0:ab:72:c4:
         a2:35:41:37:89:70:7e:c6:0e:af:e3:34:b0:67:ad:c5:ab:f1:
         05:07:cb:17:8a:99:29:f9:bb:48:ae:fa:6e:81:ae:c3:ab:90:
         70:72:16:b8:16:20:dd:1b:c9:02:a3:52:d9:94:b3:b7:f7:92:
         51:e6:a0:3f:10:12:ed:bb:92:51:f3:27:55:2f:27:f8:a5:38:
         45:a1:52:48:ea:4e:54:d4:25:92:31:5f:fc:c2:32:f9:2d:bd:
         00:8e:7e:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7bcRxcRVmRVOQCV9tF3FQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNjFhMjkyMjIzYWQ5YWViYzhhZDgyYzJhNTY0NzVmYmQ5
N2E4MzQwHhcNMjQwNDE0MDcxMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjE4NTc3ZjAwZThjYTEzNzBiOWIyYTUzN2U0YmZlNTI4OGRkNzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1IH1dHLegLWduXjaMN2z7uUb4K7
NIp5jiJEDb7vP5MozyNladYfQTa3e5BfRClmflrBMPVg6khBZJFc557Zlsrv4mQL
JaPSN+OYicLZI7BVvxqjQjNLsUOrK4egqIw/pD/f3BXmOKW0E8V+JK9IbOlwbdxo
3Q2+vzic/RpzAh40uzxgRCaa3uajLc5GXHftdu0GQq1ZWGkuEqh7uoQHIgM5+PZC
s1sMh/UDfSmOfnB9JzgDtuDRY5BKQ9I2j9V3F4jjkrohLkdCIhHSjiK4FuLjOPZe
X+2MRLONUgJJXM61ridXndswCkMbfwkCsqCRtOXm1/7LeQ12o5EmudkRvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYYV38A6MoTcLmypTfkv+UojdcAMB8GA1UdIwQY
MBaAFN9hopIiOtmuvIrYLCpWR1+9l6g0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzJHaWtpSTYyYTY4aXRnc0tsWkhYNzJYcURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iN2Q4NzUtYjEyYy00ZWQ4LWI4MGYt
NDE0ODdmNGQ0MTcxLzEvNWhoWGZ3RG95aE53dWJLbE4tU181U2lOMXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iN2Q4NzUtYjEyYy00ZWQ4LWI4MGYtNDE0ODdmNGQ0MTcx
LzEvMzJHaWtpSTYyYTY4aXRnc0tsWkhYNzJYcURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYGIMA0G
CSqGSIb3DQEBCwUAA4IBAQAGDO2tH/PsDPPc0hd9c4qQWZFul/EziNOUZGn/dUTe
mpXEWkxTlhyrSxy7aqhu+86BxNn7sd40kQXpGVIWqIdM7SV1kwAq5zBmIr9BEfLF
bzUfYNGcx06tDbR8qflu6A9ZSSjxa+s1WLh1RfpZoPghfB/ohMuDGHrgMCDbEGn+
0417oa+lmQVYSgIz0HX7oof8AqjCRTLlCQm8EuBnXvCrcsSiNUE3iXB+xg6v4zSw
Z63Fq/EFB8sXipkp+btIrvpuga7Dq5Bwcha4FiDdG8kCo1LZlLO395JR5qA/EBLt
u5JR8ydVLyf4pThFoVJI6k5U1CWSMV/8wjL5Lb0Ajn4e
-----END CERTIFICATE-----
Generated at Tue Nov 26 17:55:37 2024 by rpki-client on console-ams.rpki-client.org