Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/Bkc9iWc5ZnaYbOuwLo34Hv4x7FE.roa
File:                     Bkc9iWc5ZnaYbOuwLo34Hv4x7FE.roa (raw, json)
Hash identifier:          0p5uSvaK0z/WGxzSzBdFiT0s0O82Vy1XlgRvXW/XzSE=
Subject key identifier:   06:47:3D:89:67:39:66:76:98:6C:EB:B0:2E:8D:F8:1E:FE:31:EC:51
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       018CC5015A2C4AAAEB37493D5FD16222D9E6
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/Bkc9iWc5ZnaYbOuwLo34Hv4x7FE.roa
Signing time:             Mon 01 Jan 2024 12:30:49 +0000
ROA not before:           Mon 01 Jan 2024 12:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207459
IP address blocks:        45.158.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:5a:2c:4a:aa:eb:37:49:3d:5f:d1:62:22:d9:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  1 12:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06473d8967396676986cebb02e8df81efe31ec51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4f:89:32:60:21:f7:b3:5d:ff:56:ae:aa:5a:
                    ff:fc:9d:18:22:a9:14:3b:a1:87:c7:a4:bf:b6:b2:
                    cc:d3:49:0f:75:40:84:27:2a:1d:83:96:74:ce:a3:
                    3b:87:ad:34:0b:4a:d3:66:a9:40:b6:dd:80:ff:6b:
                    95:c8:26:24:54:71:59:b1:c5:63:88:1b:03:6c:97:
                    d4:ea:49:31:ca:8e:cc:77:8f:75:27:7d:eb:4d:ab:
                    e3:0c:46:c8:75:d2:c3:6d:9d:72:74:c3:0f:7e:19:
                    5c:08:62:26:19:16:92:4c:4b:07:59:7d:84:90:5b:
                    f1:56:18:a0:2a:4d:68:95:78:25:18:84:70:cc:57:
                    bc:ad:d5:3d:20:30:5b:0f:7b:3a:db:6f:af:60:bf:
                    bc:79:2b:be:3b:9a:11:52:28:7b:51:2b:af:c2:32:
                    0c:ac:0c:b2:e2:93:0d:5a:d9:12:de:84:69:82:45:
                    2b:74:81:f5:95:09:1d:55:f2:07:fa:61:d7:1d:32:
                    ef:39:be:13:2e:c8:40:40:df:56:8d:6d:2e:20:83:
                    69:a6:10:ad:8e:a4:c5:49:8b:8d:25:b8:2d:95:3b:
                    0e:4e:b1:cb:10:fd:75:30:e1:9f:d2:62:77:8f:14:
                    f8:9c:cd:6f:4b:53:3e:ba:59:00:3f:6f:ba:19:56:
                    09:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:47:3D:89:67:39:66:76:98:6C:EB:B0:2E:8D:F8:1E:FE:31:EC:51
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/Bkc9iWc5ZnaYbOuwLo34Hv4x7FE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:63:e9:6d:78:89:e7:6e:0a:a5:be:10:7d:ba:a8:ce:98:06:
         db:3b:32:25:d2:61:d2:b0:d2:78:a5:de:2f:35:d7:a2:5f:47:
         6f:94:f2:9a:02:cb:a8:4e:97:da:33:30:54:3c:dc:a6:32:d8:
         66:f4:3e:55:38:df:07:b1:72:a4:ea:19:a2:49:58:50:29:40:
         aa:cb:ac:11:f2:9b:18:98:26:cf:6d:bf:c1:86:db:0b:ad:3d:
         ab:06:b6:5a:68:3c:99:4c:37:97:ac:42:6b:a4:62:f0:cf:32:
         e5:4b:5c:e2:72:c3:88:b3:90:10:9f:8d:d9:cd:3d:57:55:66:
         7a:0e:07:0f:a4:b9:dd:8e:59:1d:2f:98:35:e1:eb:fb:ba:c1:
         2a:81:eb:60:23:c9:95:59:19:e4:0f:a4:85:c6:0c:82:1c:1e:
         32:a4:34:d4:e9:4c:f8:9c:c8:9e:3c:9b:99:02:78:d5:69:d0:
         21:b2:c6:e9:1a:03:4f:e6:13:06:54:66:ee:75:fe:86:a4:bd:
         a0:f7:80:bc:6a:a2:0c:84:53:4f:c4:15:1a:4f:4a:67:57:6d:
         a5:7c:4c:74:20:2e:8e:9b:ab:15:37:04:da:14:09:74:00:94:
         90:dd:56:65:6c:16:ee:f9:c3:62:78:0f:91:ad:9a:27:05:3a:
         a5:79:7f:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVosSqrrN0k9X9FiItnmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjQwMTAxMTIzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQ3M2Q4OTY3Mzk2Njc2OTg2Y2ViYjAyZThkZjgxZWZlMzFlYzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgk+JMmAh97Nd/1auqlr//J0YIqkU
O6GHx6S/trLM00kPdUCEJyodg5Z0zqM7h600C0rTZqlAtt2A/2uVyCYkVHFZscVj
iBsDbJfU6kkxyo7Md491J33rTavjDEbIddLDbZ1ydMMPfhlcCGImGRaSTEsHWX2E
kFvxVhigKk1olXglGIRwzFe8rdU9IDBbD3s622+vYL+8eSu+O5oRUih7USuvwjIM
rAyy4pMNWtkS3oRpgkUrdIH1lQkdVfIH+mHXHTLvOb4TLshAQN9WjW0uIINpphCt
jqTFSYuNJbgtlTsOTrHLEP11MOGf0mJ3jxT4nM1vS1M+ulkAP2+6GVYJxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZHPYlnOWZ2mGzrsC6N+B7+MexRMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvQmtjOWlXYzVabmFZYk91d0xvMzRIdjR4N0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ4PMA0G
CSqGSIb3DQEBCwUAA4IBAQC4Y+lteInnbgqlvhB9uqjOmAbbOzIl0mHSsNJ4pd4v
NdeiX0dvlPKaAsuoTpfaMzBUPNymMthm9D5VON8HsXKk6hmiSVhQKUCqy6wR8psY
mCbPbb/BhtsLrT2rBrZaaDyZTDeXrEJrpGLwzzLlS1zicsOIs5AQn43ZzT1XVWZ6
DgcPpLndjlkdL5g14ev7usEqgetgI8mVWRnkD6SFxgyCHB4ypDTU6Uz4nMiePJuZ
AnjVadAhssbpGgNP5hMGVGbudf6GpL2g94C8aqIMhFNPxBUaT0pnV22lfEx0IC6O
m6sVNwTaFAl0AJSQ3VZlbBbu+cNieA+RrZonBTqleX+a
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:16:55 2024 by rpki-client on console-ams.rpki-client.org