Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/4U3QLEtSKXeLQ_0k-u3f8g5tRMQ.roa
File:                     4U3QLEtSKXeLQ_0k-u3f8g5tRMQ.roa (raw, json)
Hash identifier:          YLB3rlW24cf0fiu1S1oDRs75F35XTtB9/xtuyl+DC+w=
Subject key identifier:   E1:4D:D0:2C:4B:52:29:77:8B:43:FD:24:FA:ED:DF:F2:0E:6D:44:C4
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       018CC2DB5BB44CA1C4A3CEE82A96515513EC
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/4U3QLEtSKXeLQ_0k-u3f8g5tRMQ.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19437
IP address blocks:        45.153.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5b:b4:4c:a1:c4:a3:ce:e8:2a:96:51:55:13:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e14dd02c4b5229778b43fd24faeddff20e6d44c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:8b:b1:71:d0:90:de:13:7b:4d:4c:13:9d:2d:
                    4a:ca:ce:c4:92:0b:f7:ac:44:f8:a0:90:01:a6:16:
                    e3:8a:88:5c:6d:83:67:1b:f5:0d:54:7a:51:3a:84:
                    01:df:88:a6:bd:fe:e6:c8:89:46:c1:3f:c3:4a:f5:
                    37:02:59:52:a9:21:e9:fb:45:03:32:d0:77:63:92:
                    40:b3:c8:79:f1:64:29:2c:55:3b:3a:af:16:74:de:
                    72:ca:1d:41:72:a8:be:b9:04:f4:1b:55:71:5d:01:
                    a5:88:7d:a9:e1:c9:d3:c2:68:80:f2:61:1d:3a:47:
                    bb:d8:5e:ba:f6:28:1c:a7:7a:f2:a5:0c:9c:b9:d2:
                    2a:87:6d:94:02:06:d7:1d:02:90:bf:4d:4b:32:5c:
                    68:c7:36:ce:de:0f:5f:a2:79:33:3e:44:8c:6c:4a:
                    e5:cf:2b:80:cb:51:0f:16:27:d0:30:25:ff:82:e4:
                    16:8b:ea:39:5c:e0:e6:b1:12:aa:2e:d8:98:f8:9a:
                    84:b4:e8:cb:46:01:03:56:65:3b:21:72:84:ef:09:
                    79:c1:5b:b5:f1:bb:37:2f:e2:96:77:84:7a:d8:4d:
                    1e:2e:10:b2:55:e9:7d:9c:2e:b0:db:db:d7:cc:3f:
                    4a:6d:8d:9c:a7:a1:2d:ac:77:3a:6f:9d:8b:54:58:
                    50:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:4D:D0:2C:4B:52:29:77:8B:43:FD:24:FA:ED:DF:F2:0E:6D:44:C4
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/4U3QLEtSKXeLQ_0k-u3f8g5tRMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:26:17:77:4f:50:c1:15:ea:09:a8:24:5f:ac:67:fc:4d:53:
         49:04:41:c4:95:cd:b5:2a:b2:02:24:b7:8f:06:ea:e4:ff:54:
         4d:9b:05:1b:7a:3b:34:3c:6c:de:3e:01:d2:d7:bf:0a:a6:9f:
         fc:70:c4:74:30:50:21:b5:e6:67:cd:2e:af:29:e2:09:36:78:
         53:72:c9:10:cf:1f:c7:6f:f5:aa:10:37:44:ac:5d:bd:8c:12:
         16:11:33:48:c7:22:92:96:c5:0c:02:d1:c1:73:ce:13:04:ea:
         31:f7:ac:d2:9e:01:24:cc:c3:3e:92:42:3f:6d:0e:fd:59:e9:
         de:df:39:5b:1a:5e:ff:dd:f9:e0:8c:3c:fe:ad:e6:17:c8:46:
         ab:35:b4:5e:51:79:f4:49:20:1d:36:08:23:07:30:71:34:77:
         7a:4f:6a:3c:d0:c4:2d:dc:db:fe:39:00:d6:0b:6f:17:6d:e9:
         1f:c9:37:40:fc:31:d2:2a:71:e2:f0:3e:24:b8:8e:08:84:c5:
         fc:ed:9a:6e:2c:f6:9d:e9:a0:47:84:05:09:b1:69:bf:ac:b3:
         b4:44:5e:88:35:73:4d:42:00:d5:ff:ca:15:09:5b:f5:d4:3f:
         28:86:f7:1c:63:5b:87:58:27:89:f5:5e:4c:02:ec:a1:42:97:
         16:20:25:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21u0TKHEo87oKpZRVRPsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTRkZDAyYzRiNTIyOTc3OGI0M2ZkMjRmYWVkZGZmMjBlNmQ0NGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYuxcdCQ3hN7TUwTnS1Kys7Ekgv3
rET4oJABphbjiohcbYNnG/UNVHpROoQB34imvf7myIlGwT/DSvU3AllSqSHp+0UD
MtB3Y5JAs8h58WQpLFU7Oq8WdN5yyh1Bcqi+uQT0G1VxXQGliH2p4cnTwmiA8mEd
Oke72F669igcp3rypQycudIqh22UAgbXHQKQv01LMlxoxzbO3g9fonkzPkSMbErl
zyuAy1EPFifQMCX/guQWi+o5XODmsRKqLtiY+JqEtOjLRgEDVmU7IXKE7wl5wVu1
8bs3L+KWd4R62E0eLhCyVel9nC6w29vXzD9KbY2cp6EtrHc6b52LVFhQrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFN0CxLUil3i0P9JPrt3/IObUTEMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvNFUzUUxFdFNLWGVMUV8way11M2Y4ZzV0Uk1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZmmMA0G
CSqGSIb3DQEBCwUAA4IBAQAdJhd3T1DBFeoJqCRfrGf8TVNJBEHElc21KrICJLeP
Burk/1RNmwUbejs0PGzePgHS178Kpp/8cMR0MFAhteZnzS6vKeIJNnhTcskQzx/H
b/WqEDdErF29jBIWETNIxyKSlsUMAtHBc84TBOox96zSngEkzMM+kkI/bQ79Wene
3zlbGl7/3fngjDz+reYXyEarNbReUXn0SSAdNggjBzBxNHd6T2o80MQt3Nv+OQDW
C28XbekfyTdA/DHSKnHi8D4kuI4IhMX87ZpuLPad6aBHhAUJsWm/rLO0RF6INXNN
QgDV/8oVCVv11D8ohvccY1uHWCeJ9V5MAuyhQpcWICWG
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:59:20 2024 by rpki-client on console-fra.rpki-client.org