Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/bLUGgRHy3vOeEs1yok4D496cZ8U.roa
File:                     bLUGgRHy3vOeEs1yok4D496cZ8U.roa (raw, json)
Hash identifier:          QSZ3C/763ClyivIGBJDUDqZ6Lf8rwOZe2zHtLi4VZl8=
Subject key identifier:   6C:B5:06:81:11:F2:DE:F3:9E:12:CD:72:A2:4E:03:E3:DE:9C:67:C5
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       018CC9BC38CAC1BF5744D02F0348A360382E
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/bLUGgRHy3vOeEs1yok4D496cZ8U.roa
Signing time:             Tue 02 Jan 2024 10:33:24 +0000
ROA not before:           Tue 02 Jan 2024 10:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8038
IP address blocks:        46.244.20.0/24 maxlen: 24
                          178.249.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:38:ca:c1:bf:57:44:d0:2f:03:48:a3:60:38:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Jan  2 10:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cb5068111f2def39e12cd72a24e03e3de9c67c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:99:7f:d8:db:c6:c4:4d:ae:64:68:57:12:1d:
                    7f:ed:93:9e:d3:45:b9:64:f3:17:d6:60:ab:14:6a:
                    ea:7c:52:f9:0b:eb:16:74:58:e4:86:53:99:1a:bd:
                    2f:f5:4b:0c:f1:f0:bd:84:c8:67:f9:49:6f:61:2a:
                    a6:49:c0:6c:e8:b6:d8:71:f0:09:1b:51:eb:44:13:
                    2b:b3:47:df:e4:85:cf:6a:d0:22:29:72:73:a5:45:
                    df:c2:42:f8:52:1d:f6:9c:d5:10:16:73:92:af:ca:
                    03:58:aa:7e:4f:86:31:24:4d:08:51:23:2c:cd:1b:
                    2d:0b:39:18:42:71:66:c7:6d:8c:27:59:2a:28:2e:
                    d8:d6:d5:4d:07:f3:a1:ed:56:1d:3b:f1:60:ee:da:
                    d0:57:e8:8a:ac:36:08:fb:a3:92:0d:4f:ee:58:a6:
                    83:a8:77:a2:b4:a3:1e:51:af:54:ed:4f:7e:85:67:
                    f9:3e:9d:0a:80:4c:dd:7b:50:7e:a5:0b:48:e4:df:
                    cd:62:12:c2:28:1f:a7:f8:29:ef:b4:44:83:75:40:
                    5f:62:29:06:84:10:b9:04:ed:be:b4:4a:43:ce:e3:
                    55:db:f7:37:2a:5f:1e:fa:6e:20:0a:ce:a6:0a:80:
                    8a:a4:50:d9:fd:86:98:f5:ef:8e:a1:0d:be:27:d0:
                    ac:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:B5:06:81:11:F2:DE:F3:9E:12:CD:72:A2:4E:03:E3:DE:9C:67:C5
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/bLUGgRHy3vOeEs1yok4D496cZ8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.244.20.0/24
                  178.249.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:c2:0a:3d:f2:b9:9f:02:75:98:4a:c8:da:f8:cc:43:9f:69:
         05:f1:9b:c9:6c:9a:05:6a:7f:d2:c7:12:38:13:7d:7b:2f:89:
         da:92:fb:9f:20:09:5c:7f:8b:0d:0f:bf:c8:17:b2:45:3a:3f:
         44:39:57:ca:bc:21:7a:de:43:0d:82:de:65:9c:37:20:9c:4f:
         84:f9:32:80:57:65:bb:c0:49:23:96:b7:36:7e:b0:37:b9:5f:
         a2:6f:90:8b:a9:20:51:df:94:ca:7b:43:0a:55:74:2b:7d:f8:
         a8:39:81:24:1b:78:90:c9:1b:35:12:5f:ae:7c:3a:36:e0:27:
         5a:8b:be:80:9b:42:7d:08:6a:6f:b6:3a:26:0a:2c:7a:2e:54:
         a1:0e:9e:11:47:96:68:14:ce:40:91:2e:86:03:47:3c:fd:a3:
         49:a5:eb:3c:2e:e6:51:a3:6b:e6:8a:67:20:98:ee:75:4a:4b:
         22:09:40:68:c6:d7:d0:c3:40:4d:13:c2:1a:ee:e6:a6:a9:26:
         e0:0e:4d:25:ae:3e:60:74:d4:ab:98:27:dc:41:62:15:25:16:
         47:df:10:3d:0c:5e:c6:2c:f3:13:4c:56:30:da:cf:41:e3:19:
         7a:46:b4:f1:b1:af:c8:69:45:14:ea:2e:c9:ff:24:95:9e:d0:
         4c:5b:a1:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvDjKwb9XRNAvA0ijYDguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjQwMTAyMTAzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2I1MDY4MTExZjJkZWYzOWUxMmNkNzJhMjRlMDNlM2RlOWM2N2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpl/2NvGxE2uZGhXEh1/7ZOe00W5
ZPMX1mCrFGrqfFL5C+sWdFjkhlOZGr0v9UsM8fC9hMhn+UlvYSqmScBs6LbYcfAJ
G1HrRBMrs0ff5IXPatAiKXJzpUXfwkL4Uh32nNUQFnOSr8oDWKp+T4YxJE0IUSMs
zRstCzkYQnFmx22MJ1kqKC7Y1tVNB/Oh7VYdO/Fg7trQV+iKrDYI+6OSDU/uWKaD
qHeitKMeUa9U7U9+hWf5Pp0KgEzde1B+pQtI5N/NYhLCKB+n+CnvtESDdUBfYikG
hBC5BO2+tEpDzuNV2/c3Kl8e+m4gCs6mCoCKpFDZ/YaY9e+OoQ2+J9Cs8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGy1BoER8t7znhLNcqJOA+PenGfFMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvYkxVR2dSSHkzdk9lRXMxeW9rNEQ0OTZjWjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALvQUAwQA
svmdMA0GCSqGSIb3DQEBCwUAA4IBAQBjwgo98rmfAnWYSsja+MxDn2kF8ZvJbJoF
an/SxxI4E317L4nakvufIAlcf4sND7/IF7JFOj9EOVfKvCF63kMNgt5lnDcgnE+E
+TKAV2W7wEkjlrc2frA3uV+ib5CLqSBR35TKe0MKVXQrffioOYEkG3iQyRs1El+u
fDo24Cdai76Am0J9CGpvtjomCix6LlShDp4RR5ZoFM5AkS6GA0c8/aNJpes8LuZR
o2vmimcgmO51SksiCUBoxtfQw0BNE8Ia7uamqSbgDk0lrj5gdNSrmCfcQWIVJRZH
3xA9DF7GLPMTTFYw2s9B4xl6RrTxsa/IaUUU6i7J/ySVntBMW6HF
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:43:48 2024 by rpki-client on console-fra.rpki-client.org