Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/hiHP8TsnI-HjaSAIQggGr2LQzII.roa
File:                     hiHP8TsnI-HjaSAIQggGr2LQzII.roa (raw, json)
Hash identifier:          OrbPPOO2DyQCfftHIYxJTeLYr+QO6TQzdjwMuuKbvYI=
Subject key identifier:   86:21:CF:F1:3B:27:23:E1:E3:69:20:08:42:08:06:AF:62:D0:CC:82
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC795190952B8A780E9FA804E0D0CAAE2
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/hiHP8TsnI-HjaSAIQggGr2LQzII.roa
Signing time:             Tue 02 Jan 2024 00:31:26 +0000
ROA not before:           Tue 02 Jan 2024 00:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34582
IP address blocks:        45.158.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:25:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:19:09:52:b8:a7:80:e9:fa:80:4e:0d:0c:aa:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8621cff13b2723e1e3692008420806af62d0cc82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:31:20:bd:52:41:ba:8b:d7:9f:81:17:28:7e:
                    2e:0e:1b:31:28:de:8d:61:ea:b1:16:76:73:27:3a:
                    a2:54:a9:40:29:76:fd:b0:0b:f1:b9:47:58:c3:07:
                    bc:92:b3:5b:70:32:51:ed:44:91:a7:02:d4:5d:59:
                    68:b2:63:ec:7b:f6:bc:60:86:80:a0:f9:0c:6d:e8:
                    21:cc:dd:cd:15:e0:1a:82:a4:ad:00:a1:0c:80:db:
                    9b:92:c5:f9:e3:2e:d4:d9:26:92:f4:a8:60:d8:5c:
                    91:1e:de:1d:a3:71:69:fe:d3:17:95:7b:ee:87:8a:
                    07:9b:f3:bf:dc:f8:19:3f:a2:c2:f1:af:c2:44:df:
                    07:11:eb:91:ee:19:26:c5:5b:01:64:a2:f7:96:f1:
                    1b:e6:fc:71:b4:05:0f:34:e6:f5:7d:71:4e:7b:6f:
                    44:14:ba:69:6e:93:9b:e7:f4:6c:a7:07:4d:e2:20:
                    4b:25:04:ea:65:d6:e5:a1:7d:59:2e:2c:1b:00:17:
                    fd:b8:ec:4f:65:24:f4:a5:0f:f2:e1:22:5a:2c:82:
                    30:d1:22:14:c8:7a:27:40:b7:7e:39:39:a7:c5:da:
                    66:26:b5:bf:f4:ea:32:9a:3d:d2:be:0f:d6:f0:f7:
                    3c:5d:18:ea:d8:08:a2:8d:02:07:33:69:73:53:59:
                    bc:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:21:CF:F1:3B:27:23:E1:E3:69:20:08:42:08:06:AF:62:D0:CC:82
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/hiHP8TsnI-HjaSAIQggGr2LQzII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:db:f1:f6:15:70:42:fb:9e:71:7d:1f:2a:a6:79:18:4c:f8:
         0a:17:4c:c2:26:dc:65:93:14:c0:9b:44:bb:c5:d4:4b:cb:5d:
         27:65:58:d5:58:0d:a5:b3:a3:78:b4:ee:e0:12:a4:0b:9d:ed:
         44:58:0a:0f:09:ab:48:46:6d:d4:ca:bc:99:28:41:48:2b:11:
         0f:41:95:d1:b2:b6:52:e9:81:92:60:4d:59:13:f3:15:34:16:
         f0:ae:7f:9d:68:35:5f:df:99:1b:73:15:c0:50:67:ac:29:43:
         d8:d0:50:9d:65:8f:83:f0:8f:42:49:98:eb:e2:41:37:01:ce:
         6c:cb:f2:09:2d:fb:f1:c5:3e:69:27:6f:05:83:06:8c:71:54:
         00:04:c7:45:5f:fb:73:09:87:0b:cd:cb:85:38:1e:f5:71:3d:
         c7:39:92:e2:20:4e:ce:90:26:37:15:bc:0b:50:ab:b9:72:5c:
         53:14:01:ca:2b:81:59:25:e4:e1:a3:af:ba:95:0f:d9:40:59:
         6f:4a:b0:6a:a2:b2:0d:9d:ff:3f:41:f9:ab:b6:ec:75:46:34:
         42:a7:68:a3:f0:88:c0:8e:3a:a1:58:01:7d:81:8c:e6:70:f6:
         48:39:a1:c1:8f:91:33:ba:7b:49:bc:68:24:2a:ae:01:c9:e6:
         8f:a5:80:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRkJUringOn6gE4NDKriMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjIxY2ZmMTNiMjcyM2UxZTM2OTIwMDg0MjA4MDZhZjYyZDBjYzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzEgvVJBuovXn4EXKH4uDhsxKN6N
YeqxFnZzJzqiVKlAKXb9sAvxuUdYwwe8krNbcDJR7USRpwLUXVlosmPse/a8YIaA
oPkMbeghzN3NFeAagqStAKEMgNubksX54y7U2SaS9Khg2FyRHt4do3Fp/tMXlXvu
h4oHm/O/3PgZP6LC8a/CRN8HEeuR7hkmxVsBZKL3lvEb5vxxtAUPNOb1fXFOe29E
FLppbpOb5/RspwdN4iBLJQTqZdbloX1ZLiwbABf9uOxPZST0pQ/y4SJaLIIw0SIU
yHonQLd+OTmnxdpmJrW/9Ooymj3Svg/W8Pc8XRjq2AiijQIHM2lzU1m8TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYhz/E7JyPh42kgCEIIBq9i0MyCMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvaGlIUDhUc25JLUhqYVNBSVFnZ0dyMkxReklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ4vMA0G
CSqGSIb3DQEBCwUAA4IBAQCp2/H2FXBC+55xfR8qpnkYTPgKF0zCJtxlkxTAm0S7
xdRLy10nZVjVWA2ls6N4tO7gEqQLne1EWAoPCatIRm3UyryZKEFIKxEPQZXRsrZS
6YGSYE1ZE/MVNBbwrn+daDVf35kbcxXAUGesKUPY0FCdZY+D8I9CSZjr4kE3Ac5s
y/IJLfvxxT5pJ28FgwaMcVQABMdFX/tzCYcLzcuFOB71cT3HOZLiIE7OkCY3FbwL
UKu5clxTFAHKK4FZJeTho6+6lQ/ZQFlvSrBqorINnf8/Qfmrtux1RjRCp2ij8IjA
jjqhWAF9gYzmcPZIOaHBj5EzuntJvGgkKq4ByeaPpYCH
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:56:20 2024 by rpki-client on console-fra.rpki-client.org