Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/baa4bc-924e-4364-9f13-a5c96e211605/1/s5xSuo41HmXaY13utZ6xtQpAByQ.roa
File:                     s5xSuo41HmXaY13utZ6xtQpAByQ.roa (raw, json)
Hash identifier:          Yiglqk2VjuwrYYOgfDsylfaInaXRal46WX4Dmkuk7qo=
Subject key identifier:   B3:9C:52:BA:8E:35:1E:65:DA:63:5D:EE:B5:9E:B1:B5:0A:40:07:24
Certificate issuer:       /CN=4806b9e62f1b00f2cf98d0dcc583292afacb522f
Certificate serial:       018F2E7A103F52FD9F86C6C7ED2F103D2171
Authority key identifier: 48:06:B9:E6:2F:1B:00:F2:CF:98:D0:DC:C5:83:29:2A:FA:CB:52:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAa55i8bAPLPmNDcxYMpKvrLUi8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/baa4bc-924e-4364-9f13-a5c96e211605/1/s5xSuo41HmXaY13utZ6xtQpAByQ.roa
Signing time:             Tue 30 Apr 2024 10:08:22 +0000
ROA not before:           Tue 30 Apr 2024 10:08:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57373
IP address blocks:        94.143.228.0/24 maxlen: 24
                          2a12:a580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/baa4bc-924e-4364-9f13-a5c96e211605/1/SAa55i8bAPLPmNDcxYMpKvrLUi8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/baa4bc-924e-4364-9f13-a5c96e211605/1/SAa55i8bAPLPmNDcxYMpKvrLUi8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAa55i8bAPLPmNDcxYMpKvrLUi8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:7a:10:3f:52:fd:9f:86:c6:c7:ed:2f:10:3d:21:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4806b9e62f1b00f2cf98d0dcc583292afacb522f
        Validity
            Not Before: Apr 30 10:08:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b39c52ba8e351e65da635deeb59eb1b50a400724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b1:10:09:61:5c:cb:45:a1:19:07:b1:80:b3:
                    36:52:d9:f7:a4:62:55:38:79:b4:9d:a6:87:cb:30:
                    7a:4b:ea:80:e4:04:49:b5:33:1b:0c:2c:06:37:8b:
                    af:f1:7b:33:94:8d:c6:98:58:76:0c:29:d4:e3:d4:
                    e4:71:33:9d:38:60:17:e7:c6:aa:83:3c:7a:d7:94:
                    b5:52:ea:d7:ee:3e:f4:c3:b9:53:82:c4:a2:2e:ed:
                    1a:08:4d:57:45:0c:76:c6:e7:3f:18:9d:27:49:51:
                    2f:32:3b:0d:e7:4c:93:86:2a:5e:f0:7e:89:f9:e8:
                    f0:b5:87:a6:19:dc:8b:f6:47:6c:e5:8d:73:b9:41:
                    24:51:98:97:a3:f5:04:98:98:84:d5:96:20:ba:a8:
                    a8:cb:25:11:9a:70:1b:0d:29:e4:8d:a8:1b:e8:80:
                    66:31:82:01:be:64:2e:e2:9c:2a:b8:31:2f:a8:fd:
                    54:87:d0:89:a6:65:4f:d8:b2:3f:f9:6e:38:b1:37:
                    b7:fc:92:3d:47:a8:62:36:18:43:29:f4:27:a8:25:
                    80:59:ad:0d:6b:4a:10:dd:db:a9:a9:40:af:72:82:
                    9c:a9:e3:d8:69:9c:4e:e0:70:6a:0d:cd:4f:48:75:
                    98:57:c8:79:38:47:05:e4:e9:59:f7:5a:59:47:67:
                    79:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:9C:52:BA:8E:35:1E:65:DA:63:5D:EE:B5:9E:B1:B5:0A:40:07:24
            X509v3 Authority Key Identifier:
                keyid:48:06:B9:E6:2F:1B:00:F2:CF:98:D0:DC:C5:83:29:2A:FA:CB:52:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAa55i8bAPLPmNDcxYMpKvrLUi8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/baa4bc-924e-4364-9f13-a5c96e211605/1/s5xSuo41HmXaY13utZ6xtQpAByQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/baa4bc-924e-4364-9f13-a5c96e211605/1/SAa55i8bAPLPmNDcxYMpKvrLUi8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.143.228.0/24
                IPv6:
                  2a12:a580::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:70:a1:38:ca:1f:4f:e7:24:91:d0:6c:2a:11:c9:69:43:7d:
         c4:8f:ee:17:66:ed:58:af:45:2e:e4:4d:43:f4:e9:99:d6:73:
         41:2c:fe:d3:45:bf:a3:87:69:35:9a:f9:bd:6a:96:bd:a2:a7:
         86:e7:8d:37:de:fa:56:fc:7e:a7:fc:1d:d2:98:28:f1:4b:1d:
         b4:6b:c6:8f:6d:7c:e7:6c:e1:3c:bd:ca:80:63:ad:fd:7b:79:
         92:05:31:38:8f:67:f1:1f:77:ce:77:0c:3e:2e:fb:de:2c:40:
         00:ba:50:52:59:b7:99:04:fc:c5:2a:da:95:b1:67:67:7e:4b:
         9e:19:42:f2:ee:9c:f1:35:4e:cb:d3:d9:86:59:6b:66:44:52:
         2d:06:5a:c2:06:87:aa:24:c2:13:9e:ef:48:38:6e:af:ee:76:
         5d:04:ef:20:0f:0c:67:ac:89:79:5e:0c:a3:3b:c7:cb:0e:c7:
         f4:30:a3:cf:8c:eb:36:45:38:bc:70:eb:62:39:cb:9f:77:10:
         e5:ab:83:db:7b:01:f6:c3:fd:0d:d7:89:c1:cc:0d:18:ba:d7:
         ff:97:d2:29:df:71:b7:dc:78:ba:e2:67:a1:47:8d:bc:3a:73:
         2e:af:d4:e0:57:c7:82:e0:b9:9e:83:bf:55:87:6d:db:e0:23:
         8a:28:a0:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8uehA/Uv2fhsbH7S8QPSFxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDZiOWU2MmYxYjAwZjJjZjk4ZDBkY2M1ODMyOTJhZmFj
YjUyMmYwHhcNMjQwNDMwMTAwODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzljNTJiYThlMzUxZTY1ZGE2MzVkZWViNTllYjFiNTBhNDAwNzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbEQCWFcy0WhGQexgLM2Utn3pGJV
OHm0naaHyzB6S+qA5ARJtTMbDCwGN4uv8XszlI3GmFh2DCnU49TkcTOdOGAX58aq
gzx615S1UurX7j70w7lTgsSiLu0aCE1XRQx2xuc/GJ0nSVEvMjsN50yThipe8H6J
+ejwtYemGdyL9kds5Y1zuUEkUZiXo/UEmJiE1ZYguqioyyURmnAbDSnkjagb6IBm
MYIBvmQu4pwquDEvqP1Uh9CJpmVP2LI/+W44sTe3/JI9R6hiNhhDKfQnqCWAWa0N
a0oQ3dupqUCvcoKcqePYaZxO4HBqDc1PSHWYV8h5OEcF5OlZ91pZR2d5kQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLOcUrqONR5l2mNd7rWesbUKQAckMB8GA1UdIwQY
MBaAFEgGueYvGwDyz5jQ3MWDKSr6y1IvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FhNTVpOGJBUExQbU5EY3hZTXBLdnJMVWk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iYWE0YmMtOTI0ZS00MzY0LTlmMTMt
YTVjOTZlMjExNjA1LzEvczV4U3VvNDFIbVhhWTEzdXRaNnh0UXBBQnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iYWE0YmMtOTI0ZS00MzY0LTlmMTMtYTVjOTZlMjExNjA1
LzEvU0FhNTVpOGJBUExQbU5EY3hZTXBLdnJMVWk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXo/kMA0E
AgACMAcDBQMqEqWAMA0GCSqGSIb3DQEBCwUAA4IBAQAqcKE4yh9P5ySR0GwqEclp
Q33Ej+4XZu1Yr0Uu5E1D9OmZ1nNBLP7TRb+jh2k1mvm9apa9oqeG54033vpW/H6n
/B3SmCjxSx20a8aPbXznbOE8vcqAY639e3mSBTE4j2fxH3fOdww+LvveLEAAulBS
WbeZBPzFKtqVsWdnfkueGULy7pzxNU7L09mGWWtmRFItBlrCBoeqJMITnu9IOG6v
7nZdBO8gDwxnrIl5XgyjO8fLDsf0MKPPjOs2RTi8cOtiOcufdxDlq4PbewH2w/0N
14nBzA0Yutf/l9Ip33G33Hi64mehR428OnMur9TgV8eC4Lmeg79Vh23b4COKKKBs
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:13:46 2024 by rpki-client on console-ams.rpki-client.org