Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/hZERIeEx05bz1vj-XMRwC3m5lQ4.roa
File:                     hZERIeEx05bz1vj-XMRwC3m5lQ4.roa (raw, json)
Hash identifier:          qQCRMSP5o75B6cqNJmTIg+rnVMhrxKdKDk3UGMZ2RnQ=
Subject key identifier:   85:91:11:21:E1:31:D3:96:F3:D6:F8:FE:5C:C4:70:0B:79:B9:95:0E
Certificate issuer:       /CN=8251e7fb6b960d406b2236d25e4e20e245359db2
Certificate serial:       018CC94DDCD14DFC575CD596215FF08D4FDA
Authority key identifier: 82:51:E7:FB:6B:96:0D:40:6B:22:36:D2:5E:4E:20:E2:45:35:9D:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/glHn-2uWDUBrIjbSXk4g4kU1nbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/hZERIeEx05bz1vj-XMRwC3m5lQ4.roa
Signing time:             Tue 02 Jan 2024 08:32:52 +0000
ROA not before:           Tue 02 Jan 2024 08:32:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42040
IP address blocks:        45.13.152.0/24 maxlen: 24
                          45.13.153.0/24 maxlen: 24
                          45.13.155.0/24 maxlen: 24
                          45.13.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/glHn-2uWDUBrIjbSXk4g4kU1nbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/glHn-2uWDUBrIjbSXk4g4kU1nbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/glHn-2uWDUBrIjbSXk4g4kU1nbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:dc:d1:4d:fc:57:5c:d5:96:21:5f:f0:8d:4f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8251e7fb6b960d406b2236d25e4e20e245359db2
        Validity
            Not Before: Jan  2 08:32:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85911121e131d396f3d6f8fe5cc4700b79b9950e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ed:61:58:2b:fe:bc:49:2d:f8:15:d3:5d:fe:
                    33:ec:c5:76:91:b8:42:37:98:c2:c5:a8:15:b3:a2:
                    82:b7:96:ed:4f:08:c7:04:7f:0e:40:66:a1:10:f8:
                    49:90:d4:a3:82:8e:2b:5a:23:ab:84:ac:ad:a8:da:
                    96:c3:9c:f6:76:80:da:9e:e3:c5:c2:17:1c:58:5f:
                    d6:0e:57:c6:3c:37:ed:3f:b6:16:f5:6f:b8:77:cb:
                    df:ed:9e:f3:8d:a1:1b:92:c4:b4:73:e4:c8:66:78:
                    5c:d7:18:ed:fe:11:c7:4f:c7:75:30:a6:0a:dc:7a:
                    6f:58:c7:a5:bf:4d:dc:4e:56:69:30:0d:aa:dd:83:
                    d3:30:1d:96:28:bd:5b:36:ba:73:5c:82:11:af:d7:
                    b5:e3:07:11:4c:37:44:2b:c9:92:ab:ed:e2:73:3d:
                    db:48:4c:6a:e3:f6:99:15:45:17:b3:ee:14:15:4f:
                    f6:c8:d0:97:e8:e7:35:06:27:bc:d8:9c:67:e2:f6:
                    55:49:6e:67:68:cb:a4:f9:19:4c:cc:2e:8a:e6:d2:
                    f3:26:3e:d2:88:e9:d2:8b:5a:73:6e:fa:85:75:91:
                    73:75:f5:94:62:26:49:95:da:03:ae:8b:85:4c:0c:
                    03:96:5d:af:4b:c4:41:26:cd:37:9d:17:82:5d:e6:
                    51:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:91:11:21:E1:31:D3:96:F3:D6:F8:FE:5C:C4:70:0B:79:B9:95:0E
            X509v3 Authority Key Identifier:
                keyid:82:51:E7:FB:6B:96:0D:40:6B:22:36:D2:5E:4E:20:E2:45:35:9D:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/glHn-2uWDUBrIjbSXk4g4kU1nbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/hZERIeEx05bz1vj-XMRwC3m5lQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/glHn-2uWDUBrIjbSXk4g4kU1nbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:d2:d6:6d:f9:b6:16:b0:7f:06:08:e2:f9:7a:ae:7a:00:fe:
         b0:bc:f9:e8:12:28:f1:1f:22:63:bc:95:44:38:ba:86:40:80:
         90:8d:0e:d7:96:d6:60:22:d8:02:59:21:20:84:f4:1f:03:e1:
         b2:75:48:3d:1c:d0:ac:40:bc:e6:2f:a6:55:52:a1:a2:bd:a7:
         e7:38:5b:b1:52:ee:d9:95:24:7a:49:f8:84:ee:ee:f0:fd:16:
         78:d4:8c:a9:e8:0e:b7:60:16:32:86:16:ca:bf:ec:59:fa:21:
         b4:22:6d:44:43:05:62:69:ab:1b:ad:bf:f6:ee:49:d2:9c:4b:
         c4:e6:2a:ca:dc:12:fb:41:65:e3:58:ff:cc:e9:df:9e:e6:8a:
         92:67:d4:43:c7:69:ab:c6:8c:1e:9d:f5:a9:d1:23:c7:7d:0a:
         75:bf:8b:c8:92:dc:cf:74:43:84:2b:3c:e2:58:62:56:13:44:
         95:4a:fa:b3:62:00:7a:a0:09:f6:1c:74:73:e0:f2:f1:49:31:
         f0:bf:59:2a:9a:75:5d:c6:18:e2:f7:a1:df:5d:15:33:e2:5a:
         59:14:4b:51:31:f4:c2:e9:d5:5f:f8:1b:9a:c3:75:75:a2:44:
         f2:71:70:51:bc:d7:e6:5e:aa:d7:03:f8:35:aa:78:d4:bb:31:
         92:47:f6:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTdzRTfxXXNWWIV/wjU/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNTFlN2ZiNmI5NjBkNDA2YjIyMzZkMjVlNGUyMGUyNDUz
NTlkYjIwHhcNMjQwMTAyMDgzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTkxMTEyMWUxMzFkMzk2ZjNkNmY4ZmU1Y2M0NzAwYjc5Yjk5NTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnO1hWCv+vEkt+BXTXf4z7MV2kbhC
N5jCxagVs6KCt5btTwjHBH8OQGahEPhJkNSjgo4rWiOrhKytqNqWw5z2doDanuPF
whccWF/WDlfGPDftP7YW9W+4d8vf7Z7zjaEbksS0c+TIZnhc1xjt/hHHT8d1MKYK
3HpvWMelv03cTlZpMA2q3YPTMB2WKL1bNrpzXIIRr9e14wcRTDdEK8mSq+3icz3b
SExq4/aZFUUXs+4UFU/2yNCX6Oc1Bie82Jxn4vZVSW5naMuk+RlMzC6K5tLzJj7S
iOnSi1pzbvqFdZFzdfWUYiZJldoDrouFTAwDll2vS8RBJs03nReCXeZR8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWRESHhMdOW89b4/lzEcAt5uZUOMB8GA1UdIwQY
MBaAFIJR5/trlg1AayI20l5OIOJFNZ2yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2xIbi0ydVdEVUJySWpiU1hrNGc0a1UxbmJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9mZjBlNjEtMWM5Mi00MThjLTkyNjct
ZDNhNDg3Mjk1NDkxLzEvaFpFUkllRXgwNWJ6MXZqLVhNUndDM201bFE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9mZjBlNjEtMWM5Mi00MThjLTkyNjctZDNhNDg3Mjk1NDkx
LzEvZ2xIbi0ydVdEVUJySWpiU1hrNGc0a1UxbmJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ2YMA0G
CSqGSIb3DQEBCwUAA4IBAQAb0tZt+bYWsH8GCOL5eq56AP6wvPnoEijxHyJjvJVE
OLqGQICQjQ7XltZgItgCWSEghPQfA+GydUg9HNCsQLzmL6ZVUqGivafnOFuxUu7Z
lSR6SfiE7u7w/RZ41Iyp6A63YBYyhhbKv+xZ+iG0Im1EQwViaasbrb/27knSnEvE
5irK3BL7QWXjWP/M6d+e5oqSZ9RDx2mrxowenfWp0SPHfQp1v4vIktzPdEOEKzzi
WGJWE0SVSvqzYgB6oAn2HHRz4PLxSTHwv1kqmnVdxhji96HfXRUz4lpZFEtRMfTC
6dVf+Buaw3V1okTycXBRvNfmXqrXA/g1qnjUuzGSR/bQ
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:06:43 2024 by rpki-client on console-fra.rpki-client.org