Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/ZtSuzUxGMN2DgV-g22JAkLOG1Wo.roa
File:                     ZtSuzUxGMN2DgV-g22JAkLOG1Wo.roa (raw, json)
Hash identifier:          BbbnttVvteibsEHwH1SDtF25iCOgpDakPfLjwVC1v2g=
Subject key identifier:   66:D4:AE:CD:4C:46:30:DD:83:81:5F:A0:DB:62:40:90:B3:86:D5:6A
Certificate issuer:       /CN=61877f4ce0d361617724d4b289a8918c5c6d722d
Certificate serial:       018CC64B5EFBF209F14CC144A3C28F28B283
Authority key identifier: 61:87:7F:4C:E0:D3:61:61:77:24:D4:B2:89:A8:91:8C:5C:6D:72:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYd_TODTYWF3JNSyiaiRjFxtci0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/ZtSuzUxGMN2DgV-g22JAkLOG1Wo.roa
Signing time:             Mon 01 Jan 2024 18:31:17 +0000
ROA not before:           Mon 01 Jan 2024 18:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        45.86.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/YYd_TODTYWF3JNSyiaiRjFxtci0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/YYd_TODTYWF3JNSyiaiRjFxtci0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYd_TODTYWF3JNSyiaiRjFxtci0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:5e:fb:f2:09:f1:4c:c1:44:a3:c2:8f:28:b2:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61877f4ce0d361617724d4b289a8918c5c6d722d
        Validity
            Not Before: Jan  1 18:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66d4aecd4c4630dd83815fa0db624090b386d56a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c6:5c:dc:f8:91:2b:95:1e:40:63:e0:67:59:
                    58:bb:45:e6:11:58:c9:77:9e:d9:96:79:01:18:3b:
                    1e:e5:d0:21:c1:23:6d:bd:4c:a5:af:f3:f5:7b:0d:
                    85:b1:0d:ac:9a:ab:a0:66:b4:82:50:f5:c5:2b:8b:
                    5d:ea:e0:c3:f8:03:8f:75:7d:ef:7b:2c:3f:53:40:
                    e5:b2:aa:ec:be:32:c5:e3:cf:e7:8d:05:a3:a0:8d:
                    86:ee:52:44:f0:62:79:7a:da:b4:e3:46:d2:03:99:
                    1d:78:a3:d9:ce:24:6f:e6:3d:ea:66:20:8e:4e:3b:
                    67:a8:c0:5d:8a:00:63:1d:45:9f:ef:a5:8e:be:05:
                    26:80:67:22:68:c1:92:d5:2a:4a:70:d7:57:01:06:
                    7b:9e:7b:5d:0b:0e:9d:be:7d:7b:3c:aa:d3:75:12:
                    d8:cc:13:48:d1:fe:c6:85:6e:58:44:96:69:98:ea:
                    47:32:de:b8:97:21:48:8c:b6:3c:3d:4b:23:46:d0:
                    e9:d3:03:b2:85:75:7f:e9:65:ce:e4:c0:0a:35:20:
                    dc:27:4f:ce:58:90:91:74:fc:1c:2b:bc:76:8a:84:
                    8b:3a:e3:9b:9d:f0:8a:a5:24:6c:7e:69:f2:de:7f:
                    fb:da:35:4f:76:f9:75:91:19:76:c6:07:5f:46:66:
                    95:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D4:AE:CD:4C:46:30:DD:83:81:5F:A0:DB:62:40:90:B3:86:D5:6A
            X509v3 Authority Key Identifier:
                keyid:61:87:7F:4C:E0:D3:61:61:77:24:D4:B2:89:A8:91:8C:5C:6D:72:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYd_TODTYWF3JNSyiaiRjFxtci0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/ZtSuzUxGMN2DgV-g22JAkLOG1Wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/YYd_TODTYWF3JNSyiaiRjFxtci0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:56:dd:c5:12:8d:dd:a5:be:8a:88:93:e2:0c:90:3f:c5:94:
         c6:04:df:7e:d8:b6:17:af:36:a8:a2:bb:04:b2:f5:0b:50:63:
         78:60:02:0b:56:d6:56:08:3f:37:50:46:90:0a:04:19:16:2c:
         5d:8e:26:9d:5c:d4:79:92:ed:fa:74:d1:27:cf:2d:bc:d7:c9:
         cd:b8:1d:91:e5:86:e0:44:57:a9:32:8a:eb:11:4a:7d:4d:23:
         0d:ad:69:bf:27:84:25:0d:b0:4a:ab:fa:13:ba:6c:05:85:77:
         78:22:cc:79:b3:3f:57:41:0e:2f:3e:2e:25:77:d9:c8:d9:eb:
         91:15:7a:9c:f9:5d:88:23:41:99:3a:26:4e:62:1f:5c:0d:c5:
         e1:9e:5c:b4:76:42:19:95:90:16:6f:57:e3:fb:3d:97:f3:33:
         9a:81:95:89:d1:50:c9:37:c2:93:a3:db:b6:9b:60:d2:26:33:
         8f:9a:46:56:03:01:04:d4:f8:2d:bc:be:90:37:3d:4e:4b:63:
         58:02:c2:0d:11:b7:d3:6d:e8:f1:45:52:aa:73:67:89:2b:7b:
         5c:88:47:bd:cf:ae:3e:de:b9:bd:a7:f8:f9:66:7e:f5:ad:45:
         2b:06:40:47:d5:6b:80:0f:56:9e:02:fa:38:2c:44:18:18:35:
         73:83:79:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1778gnxTMFEo8KPKLKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODc3ZjRjZTBkMzYxNjE3NzI0ZDRiMjg5YTg5MThjNWM2
ZDcyMmQwHhcNMjQwMTAxMTgzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmQ0YWVjZDRjNDYzMGRkODM4MTVmYTBkYjYyNDA5MGIzODZkNTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcZc3PiRK5UeQGPgZ1lYu0XmEVjJ
d57ZlnkBGDse5dAhwSNtvUylr/P1ew2FsQ2smqugZrSCUPXFK4td6uDD+AOPdX3v
eyw/U0DlsqrsvjLF48/njQWjoI2G7lJE8GJ5etq040bSA5kdeKPZziRv5j3qZiCO
TjtnqMBdigBjHUWf76WOvgUmgGciaMGS1SpKcNdXAQZ7nntdCw6dvn17PKrTdRLY
zBNI0f7GhW5YRJZpmOpHMt64lyFIjLY8PUsjRtDp0wOyhXV/6WXO5MAKNSDcJ0/O
WJCRdPwcK7x2ioSLOuObnfCKpSRsfmny3n/72jVPdvl1kRl2xgdfRmaV7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbUrs1MRjDdg4FfoNtiQJCzhtVqMB8GA1UdIwQY
MBaAFGGHf0zg02FhdyTUsomokYxcbXItMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlkX1RPRFRZV0YzSk5TeWlhaVJqRnh0Y2kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9jNDNiMmYtMTBiYS00MTcwLWI1MjEt
YzcyMjIxN2U1M2I2LzEvWnRTdXpVeEdNTjJEZ1YtZzIySkFrTE9HMVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9jNDNiMmYtMTBiYS00MTcwLWI1MjEtYzcyMjIxN2U1M2I2
LzEvWVlkX1RPRFRZV0YzSk5TeWlhaVJqRnh0Y2kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVbMMA0G
CSqGSIb3DQEBCwUAA4IBAQBsVt3FEo3dpb6KiJPiDJA/xZTGBN9+2LYXrzaoorsE
svULUGN4YAILVtZWCD83UEaQCgQZFixdjiadXNR5ku36dNEnzy2818nNuB2R5Ybg
RFepMorrEUp9TSMNrWm/J4QlDbBKq/oTumwFhXd4Isx5sz9XQQ4vPi4ld9nI2euR
FXqc+V2II0GZOiZOYh9cDcXhnly0dkIZlZAWb1fj+z2X8zOagZWJ0VDJN8KTo9u2
m2DSJjOPmkZWAwEE1PgtvL6QNz1OS2NYAsINEbfTbejxRVKqc2eJK3tciEe9z64+
3rm9p/j5Zn71rUUrBkBH1WuAD1aeAvo4LEQYGDVzg3mA
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:47:51 2024 by rpki-client on console-ams.rpki-client.org