Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/itnsoHzVMxfL0enxP0BERVPgpJQ.roa
File:                     itnsoHzVMxfL0enxP0BERVPgpJQ.roa (raw, json)
Hash identifier:          pU3lnNTytNlcH8ADkkrR5rYj36pNRkSs3ZAPE6cfMnw=
Subject key identifier:   8A:D9:EC:A0:7C:D5:33:17:CB:D1:E9:F1:3F:40:44:45:53:E0:A4:94
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018F24FD2D6741014577D129232CF2409ED1
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/itnsoHzVMxfL0enxP0BERVPgpJQ.roa
Signing time:             Sun 28 Apr 2024 13:55:23 +0000
ROA not before:           Sun 28 Apr 2024 13:55:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215826
IP address blocks:        147.45.45.0/24 maxlen: 24
                          193.233.112.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:24:fd:2d:67:41:01:45:77:d1:29:23:2c:f2:40:9e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Apr 28 13:55:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ad9eca07cd53317cbd1e9f13f40444553e0a494
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:52:aa:9f:51:c9:72:fd:04:0e:0f:e2:0a:6e:
                    bb:03:41:94:e1:ec:87:fd:78:e8:1f:74:0f:27:33:
                    16:32:ce:2c:98:15:84:f5:2b:63:c1:03:4b:1f:08:
                    b0:28:1a:a4:bd:e5:c9:03:2b:5a:67:72:ce:28:26:
                    a9:25:c9:19:96:fd:7d:d4:c1:ee:4b:5e:2c:c3:3c:
                    17:46:f6:a4:c0:19:78:78:a2:8a:b4:34:66:df:6c:
                    a0:7e:20:6a:90:d2:d3:dd:49:de:12:5b:fb:8e:c2:
                    a6:68:f4:83:80:6f:70:29:9c:1e:20:db:b2:8c:d5:
                    2d:88:41:fa:6b:9f:8f:ef:01:39:27:9a:4b:65:2b:
                    96:96:42:b6:04:51:f7:35:63:26:4b:16:47:7a:c2:
                    45:23:59:7a:20:3c:db:2c:92:99:61:79:66:f4:a4:
                    e2:9c:63:a2:63:6d:75:4c:e2:83:ff:d2:73:ef:9b:
                    15:de:c3:7f:86:f9:1f:89:b9:08:6e:99:b4:5f:68:
                    3f:58:e9:c8:a7:eb:9f:e6:2f:8a:39:4b:84:0a:d8:
                    4e:6c:2d:7a:88:51:93:0b:63:0e:9e:2d:18:30:f4:
                    00:8e:49:f9:ec:c0:1b:7d:05:80:b4:f6:ef:b4:76:
                    ca:bc:30:e1:13:c3:1d:62:be:1f:2a:1d:2d:52:9d:
                    6e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:D9:EC:A0:7C:D5:33:17:CB:D1:E9:F1:3F:40:44:45:53:E0:A4:94
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/itnsoHzVMxfL0enxP0BERVPgpJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.45.0/24
                  193.233.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:e9:60:94:92:e5:00:a6:b5:b6:46:8c:0f:19:c2:68:00:96:
         90:a3:b8:d8:3d:3a:c5:f0:f1:f7:05:76:8b:66:23:27:71:1d:
         22:a1:f2:0c:7a:9f:0e:7b:7f:c6:60:1a:a4:76:12:e3:1a:1f:
         2b:69:ae:fc:d1:db:0a:a3:35:22:3a:bc:40:3a:fe:6c:1a:09:
         51:2b:c7:bd:8a:5a:6d:a4:6e:88:de:89:13:02:43:46:3b:ae:
         87:73:c3:df:23:76:d4:5c:ea:c7:a1:94:3a:ea:a2:e9:a7:96:
         9a:45:7e:f7:ff:18:34:ee:03:e9:33:3c:9d:4d:8f:1e:44:7d:
         3e:75:f3:d0:3d:8d:2a:2e:4d:d4:27:35:6f:da:1e:f8:a9:7e:
         87:f8:b1:14:97:48:45:87:d4:8b:37:d9:c8:02:41:ff:2a:43:
         a8:90:ad:d7:44:4c:77:d3:c8:dd:92:f2:c7:1c:8f:33:95:f0:
         79:78:aa:8d:04:c6:94:d2:65:a3:aa:82:b3:07:7e:e5:4c:e0:
         bc:cd:35:4b:b9:6d:78:2b:2e:a6:ae:ea:77:77:a5:b6:5f:1b:
         a2:b5:95:51:03:39:90:f7:27:b6:b3:ef:f6:34:5c:b4:44:36:
         10:f1:f3:07:63:b9:51:b0:ca:93:07:b9:a7:a9:c2:fe:09:96:
         02:d4:bf:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8k/S1nQQFFd9EpIyzyQJ7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNDI4MTM1NTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQ5ZWNhMDdjZDUzMzE3Y2JkMWU5ZjEzZjQwNDQ0NTUzZTBhNDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1Kqn1HJcv0EDg/iCm67A0GU4eyH
/XjoH3QPJzMWMs4smBWE9StjwQNLHwiwKBqkveXJAytaZ3LOKCapJckZlv191MHu
S14swzwXRvakwBl4eKKKtDRm32ygfiBqkNLT3UneElv7jsKmaPSDgG9wKZweINuy
jNUtiEH6a5+P7wE5J5pLZSuWlkK2BFH3NWMmSxZHesJFI1l6IDzbLJKZYXlm9KTi
nGOiY211TOKD/9Jz75sV3sN/hvkfibkIbpm0X2g/WOnIp+uf5i+KOUuECthObC16
iFGTC2MOni0YMPQAjkn57MAbfQWAtPbvtHbKvDDhE8MdYr4fKh0tUp1uRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIrZ7KB81TMXy9Hp8T9AREVT4KSUMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvaXRuc29IelZNeGZMMGVueFAwQkVSVlBncEpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAky0tAwQB
welwMA0GCSqGSIb3DQEBCwUAA4IBAQBa6WCUkuUAprW2RowPGcJoAJaQo7jYPTrF
8PH3BXaLZiMncR0iofIMep8Oe3/GYBqkdhLjGh8raa780dsKozUiOrxAOv5sGglR
K8e9ilptpG6I3okTAkNGO66Hc8PfI3bUXOrHoZQ66qLpp5aaRX73/xg07gPpMzyd
TY8eRH0+dfPQPY0qLk3UJzVv2h74qX6H+LEUl0hFh9SLN9nIAkH/KkOokK3XREx3
08jdkvLHHI8zlfB5eKqNBMaU0mWjqoKzB37lTOC8zTVLuW14Ky6mrup3d6W2Xxui
tZVRAzmQ9ye2s+/2NFy0RDYQ8fMHY7lRsMqTB7mnqcL+CZYC1L/V
-----END CERTIFICATE-----
Generated at Thu Jun 13 08:09:30 2024 by rpki-client on console-ams.rpki-client.org