Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/1693bf-6d40-469c-b056-5a8457121a0b/1/OMJUyu0VSz2Q3sRO6KH5YjRTBlI.roa
File:                     OMJUyu0VSz2Q3sRO6KH5YjRTBlI.roa (raw, json)
Hash identifier:          aJDvuD/tFuJMemwKR7dcqu1hucDUsD4bdzkws4sij9I=
Subject key identifier:   38:C2:54:CA:ED:15:4B:3D:90:DE:C4:4E:E8:A1:F9:62:34:53:06:52
Certificate issuer:       /CN=3d12d11c9a203d5e7c8263edf54447e3b7358b7f
Certificate serial:       018CC56ED1F109803C17A3CADE1D3867010C
Authority key identifier: 3D:12:D1:1C:9A:20:3D:5E:7C:82:63:ED:F5:44:47:E3:B7:35:8B:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PRLRHJogPV58gmPt9URH47c1i38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/1693bf-6d40-469c-b056-5a8457121a0b/1/OMJUyu0VSz2Q3sRO6KH5YjRTBlI.roa
Signing time:             Mon 01 Jan 2024 14:30:23 +0000
ROA not before:           Mon 01 Jan 2024 14:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25591
IP address blocks:        45.84.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/1693bf-6d40-469c-b056-5a8457121a0b/1/PRLRHJogPV58gmPt9URH47c1i38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/1693bf-6d40-469c-b056-5a8457121a0b/1/PRLRHJogPV58gmPt9URH47c1i38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PRLRHJogPV58gmPt9URH47c1i38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d1:f1:09:80:3c:17:a3:ca:de:1d:38:67:01:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d12d11c9a203d5e7c8263edf54447e3b7358b7f
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38c254caed154b3d90dec44ee8a1f96234530652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b8:f0:c7:26:6f:08:b1:e3:c7:45:75:6f:2c:
                    9a:4b:85:4e:0c:82:80:3f:1f:7e:e4:4e:c6:ea:24:
                    07:15:2f:46:df:8a:af:69:01:a8:9e:65:b3:55:f0:
                    f7:77:20:31:6b:61:60:99:27:37:53:e6:0d:02:79:
                    e9:78:4b:7d:76:8f:bd:10:ec:6f:a2:01:03:d9:5c:
                    87:ca:71:75:27:4a:4e:1a:fa:28:42:b0:8d:96:c5:
                    4c:97:8d:9d:b3:3c:a7:35:95:3e:97:99:6f:51:bd:
                    f4:fb:29:9d:76:ac:73:d3:6f:83:d9:0c:32:61:0e:
                    f6:9a:31:9e:7f:81:b9:93:c6:e6:d9:a6:4a:0c:2e:
                    77:0a:56:db:4e:b9:fd:ec:12:c4:70:54:07:21:84:
                    9f:0b:84:3d:6a:03:e8:1b:56:74:77:92:4b:60:0d:
                    4a:a5:22:0f:ba:23:7c:1a:7a:5f:bd:af:27:18:cb:
                    c0:13:da:90:e0:ad:7b:01:fd:7e:d8:e4:7a:89:bf:
                    86:6c:f3:fd:27:f2:08:cd:d4:b5:fc:00:78:35:7f:
                    e5:f7:83:c6:d0:9e:9f:2d:e0:22:0a:60:22:a3:de:
                    5c:4c:62:a0:d8:7a:20:3a:55:ff:41:0c:48:69:01:
                    c4:4b:32:6e:87:07:c3:cf:a7:6c:2f:02:22:3b:df:
                    dd:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:C2:54:CA:ED:15:4B:3D:90:DE:C4:4E:E8:A1:F9:62:34:53:06:52
            X509v3 Authority Key Identifier:
                keyid:3D:12:D1:1C:9A:20:3D:5E:7C:82:63:ED:F5:44:47:E3:B7:35:8B:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PRLRHJogPV58gmPt9URH47c1i38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/1693bf-6d40-469c-b056-5a8457121a0b/1/OMJUyu0VSz2Q3sRO6KH5YjRTBlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/1693bf-6d40-469c-b056-5a8457121a0b/1/PRLRHJogPV58gmPt9URH47c1i38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:7a:ee:6e:26:d9:05:60:f4:df:42:70:28:3d:06:46:93:4f:
         4a:cd:21:fa:9d:65:c0:26:b1:d9:90:62:96:d5:6b:d3:99:98:
         3e:79:47:36:29:3f:0d:ad:52:d5:e4:18:3c:75:d9:50:f3:2a:
         bd:95:d8:6f:86:bd:7b:33:34:08:20:cd:12:67:ed:6c:97:fc:
         98:e5:9e:ac:cf:9c:4f:2d:58:81:86:c0:14:de:88:a9:ae:7f:
         49:10:c8:8e:50:80:ec:ee:f9:b9:c4:c9:7a:98:c0:13:b6:03:
         b9:49:45:fa:34:4b:bc:c4:9c:51:10:38:01:ae:ad:55:3c:e3:
         ed:45:7c:cb:5c:09:cf:51:0c:a1:91:24:56:bd:aa:7c:96:e9:
         ce:b7:b9:94:98:e8:b2:c8:b9:7a:e7:36:57:ca:b7:f4:6b:95:
         98:dc:80:1c:f1:27:76:be:de:87:dc:d2:93:73:43:2e:c5:73:
         2c:e3:ca:0e:d4:ec:a6:72:39:d4:4c:c3:79:1e:de:df:c1:10:
         c3:30:74:3e:48:88:fc:b3:14:01:d2:fe:dc:2d:60:e9:12:10:
         31:20:92:68:5a:11:76:66:f9:34:f8:7b:2f:f6:3f:ca:1a:54:
         2f:24:a3:a0:6c:e2:87:0f:1f:06:06:01:5d:38:c2:d0:be:72:
         80:39:6a:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtHxCYA8F6PK3h04ZwEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMTJkMTFjOWEyMDNkNWU3YzgyNjNlZGY1NDQ0N2UzYjcz
NThiN2YwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGMyNTRjYWVkMTU0YjNkOTBkZWM0NGVlOGExZjk2MjM0NTMwNjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLjwxyZvCLHjx0V1byyaS4VODIKA
Px9+5E7G6iQHFS9G34qvaQGonmWzVfD3dyAxa2FgmSc3U+YNAnnpeEt9do+9EOxv
ogED2VyHynF1J0pOGvooQrCNlsVMl42dszynNZU+l5lvUb30+ymddqxz02+D2Qwy
YQ72mjGef4G5k8bm2aZKDC53ClbbTrn97BLEcFQHIYSfC4Q9agPoG1Z0d5JLYA1K
pSIPuiN8Gnpfva8nGMvAE9qQ4K17Af1+2OR6ib+GbPP9J/IIzdS1/AB4NX/l94PG
0J6fLeAiCmAio95cTGKg2HogOlX/QQxIaQHESzJuhwfDz6dsLwIiO9/dnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjCVMrtFUs9kN7ETuih+WI0UwZSMB8GA1UdIwQY
MBaAFD0S0RyaID1efIJj7fVER+O3NYt/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFJMUkhKb2dQVjU4Z21QdDlVUkg0N2MxaTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8xNjkzYmYtNmQ0MC00NjljLWIwNTYt
NWE4NDU3MTIxYTBiLzEvT01KVXl1MFZTejJRM3NSTzZLSDVZalJUQmxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8xNjkzYmYtNmQ0MC00NjljLWIwNTYtNWE4NDU3MTIxYTBi
LzEvUFJMUkhKb2dQVjU4Z21QdDlVUkg0N2MxaTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVQ8MA0G
CSqGSIb3DQEBCwUAA4IBAQBeeu5uJtkFYPTfQnAoPQZGk09KzSH6nWXAJrHZkGKW
1WvTmZg+eUc2KT8NrVLV5Bg8ddlQ8yq9ldhvhr17MzQIIM0SZ+1sl/yY5Z6sz5xP
LViBhsAU3oiprn9JEMiOUIDs7vm5xMl6mMATtgO5SUX6NEu8xJxREDgBrq1VPOPt
RXzLXAnPUQyhkSRWvap8lunOt7mUmOiyyLl65zZXyrf0a5WY3IAc8Sd2vt6H3NKT
c0MuxXMs48oO1OymcjnUTMN5Ht7fwRDDMHQ+SIj8sxQB0v7cLWDpEhAxIJJoWhF2
Zvk0+Hsv9j/KGlQvJKOgbOKHDx8GBgFdOMLQvnKAOWoM
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:27:01 2024 by rpki-client on console-ams.rpki-client.org