Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/b429aa-0461-4136-90cd-52a7b925b224/1/92zfXVDQLL89EBP2K-ZMNz0UYkI.roa
File:                     92zfXVDQLL89EBP2K-ZMNz0UYkI.roa (raw, json)
Hash identifier:          t8EQ7ZC9Vx0VZOQspRjOK6c62PQjVYqNqGtwxXCj0g0=
Subject key identifier:   F7:6C:DF:5D:50:D0:2C:BF:3D:10:13:F6:2B:E6:4C:37:3D:14:62:42
Certificate issuer:       /CN=04e604a45677be77313969ad17aec69ce97c43ce
Certificate serial:       018CC64AF37373F74DE90342C9EEFE8EA7A4
Authority key identifier: 04:E6:04:A4:56:77:BE:77:31:39:69:AD:17:AE:C6:9C:E9:7C:43:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BOYEpFZ3vncxOWmtF67GnOl8Q84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/b429aa-0461-4136-90cd-52a7b925b224/1/92zfXVDQLL89EBP2K-ZMNz0UYkI.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59767
IP address blocks:        212.89.32.0/20 maxlen: 20
                          45.135.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/b429aa-0461-4136-90cd-52a7b925b224/1/BOYEpFZ3vncxOWmtF67GnOl8Q84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/b429aa-0461-4136-90cd-52a7b925b224/1/BOYEpFZ3vncxOWmtF67GnOl8Q84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BOYEpFZ3vncxOWmtF67GnOl8Q84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f3:73:73:f7:4d:e9:03:42:c9:ee:fe:8e:a7:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04e604a45677be77313969ad17aec69ce97c43ce
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f76cdf5d50d02cbf3d1013f62be64c373d146242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f7:06:37:70:d8:cb:47:d1:70:c8:90:96:a7:
                    2e:f5:8e:5d:52:bd:91:f2:2b:94:2e:49:c2:5c:e5:
                    3f:15:37:b2:39:01:86:84:92:cd:7a:a1:e1:b9:a9:
                    f6:22:a6:12:28:a2:27:f6:42:de:98:71:62:34:be:
                    99:e0:26:50:07:c1:89:7c:2e:28:93:c5:5f:3c:23:
                    e3:e0:92:ca:4a:77:18:44:64:96:a3:1c:6f:1d:cf:
                    ae:c7:68:89:69:70:77:37:a8:81:0b:35:0a:c5:b8:
                    27:9d:c7:94:29:b6:d7:7d:e7:ce:37:83:93:bc:39:
                    d0:44:e7:14:09:7b:c0:d3:fc:6d:29:6d:cf:50:f1:
                    0f:ac:75:a8:d8:93:fa:f9:33:c4:cc:17:02:ae:0e:
                    ef:90:63:61:fc:4a:75:b2:bc:99:bc:6b:81:80:e9:
                    b7:f5:08:0f:e6:4b:09:5b:78:41:be:b0:f8:ce:2d:
                    f1:1b:b1:a2:d1:0f:ba:63:25:c3:ec:72:53:f6:10:
                    66:e5:45:9e:1a:ba:e2:74:67:3e:cc:55:89:3b:7d:
                    69:8f:ee:3d:02:db:13:01:29:6b:48:c4:3d:5d:8d:
                    8f:3e:83:b5:04:c0:fe:a1:1c:e8:c4:db:fd:64:aa:
                    79:a4:10:9a:bb:c7:48:f3:a2:2e:ca:07:6e:9d:46:
                    8c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:6C:DF:5D:50:D0:2C:BF:3D:10:13:F6:2B:E6:4C:37:3D:14:62:42
            X509v3 Authority Key Identifier:
                keyid:04:E6:04:A4:56:77:BE:77:31:39:69:AD:17:AE:C6:9C:E9:7C:43:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BOYEpFZ3vncxOWmtF67GnOl8Q84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/b429aa-0461-4136-90cd-52a7b925b224/1/92zfXVDQLL89EBP2K-ZMNz0UYkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/b429aa-0461-4136-90cd-52a7b925b224/1/BOYEpFZ3vncxOWmtF67GnOl8Q84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.156.0/22
                  212.89.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         42:3d:33:3b:19:32:03:5c:16:a6:67:16:4a:e7:ac:85:44:d1:
         30:05:3c:a3:ec:7c:d2:c2:24:08:6f:b6:a9:3c:5f:62:a1:c5:
         0e:de:21:ec:f8:36:30:ec:1f:89:e1:84:78:76:82:35:f0:4d:
         65:63:5e:6d:57:95:3b:37:5e:ae:b1:a5:a7:78:ce:08:b2:c7:
         11:78:91:c3:72:6f:a2:f0:6a:2c:e8:17:17:c1:f7:c4:13:12:
         39:bf:bd:31:39:ed:1a:42:4a:43:ea:68:e5:e0:ee:7e:87:24:
         b9:56:9c:85:5f:95:4f:fe:b6:ea:7a:e6:d1:8e:11:67:25:91:
         9d:32:df:cd:8f:ce:9b:a3:e1:4e:90:38:f7:7c:6e:30:d0:0d:
         8f:ce:bc:61:ae:54:6d:a1:c3:e9:ca:79:8b:19:d7:df:45:29:
         e8:fe:4d:60:ae:70:1c:18:a3:01:f3:d3:c5:75:ac:98:ed:47:
         35:8a:16:64:2a:5f:a6:4a:26:2d:69:a8:60:58:86:7c:9a:8c:
         f7:cc:d6:c1:ce:d3:8b:3b:62:6f:93:dd:29:17:fa:7b:35:4a:
         c7:51:fa:af:bb:cf:48:30:51:21:b9:3c:ca:b3:0b:4f:d4:77:
         42:9f:3e:01:32:df:e2:41:82:38:3d:19:9a:02:78:7e:52:19:
         e1:9c:24:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSvNzc/dN6QNCye7+jqekMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZTYwNGE0NTY3N2JlNzczMTM5NjlhZDE3YWVjNjljZTk3
YzQzY2UwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzZjZGY1ZDUwZDAyY2JmM2QxMDEzZjYyYmU2NGMzNzNkMTQ2MjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPcGN3DYy0fRcMiQlqcu9Y5dUr2R
8iuULknCXOU/FTeyOQGGhJLNeqHhuan2IqYSKKIn9kLemHFiNL6Z4CZQB8GJfC4o
k8VfPCPj4JLKSncYRGSWoxxvHc+ux2iJaXB3N6iBCzUKxbgnnceUKbbXfefON4OT
vDnQROcUCXvA0/xtKW3PUPEPrHWo2JP6+TPEzBcCrg7vkGNh/Ep1sryZvGuBgOm3
9QgP5ksJW3hBvrD4zi3xG7Gi0Q+6YyXD7HJT9hBm5UWeGrridGc+zFWJO31pj+49
AtsTASlrSMQ9XY2PPoO1BMD+oRzoxNv9ZKp5pBCau8dI86IuygdunUaMewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPds311Q0Cy/PRAT9ivmTDc9FGJCMB8GA1UdIwQY
MBaAFATmBKRWd753MTlprReuxpzpfEPOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk9ZRXBGWjN2bmN4T1dtdEY2N0duT2w4UTg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9iNDI5YWEtMDQ2MS00MTM2LTkwY2Qt
NTJhN2I5MjViMjI0LzEvOTJ6ZlhWRFFMTDg5RUJQMkstWk1OejBVWWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9iNDI5YWEtMDQ2MS00MTM2LTkwY2QtNTJhN2I5MjViMjI0
LzEvQk9ZRXBGWjN2bmN4T1dtdEY2N0duT2w4UTg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYecAwQE
1FkgMA0GCSqGSIb3DQEBCwUAA4IBAQBCPTM7GTIDXBamZxZK56yFRNEwBTyj7HzS
wiQIb7apPF9iocUO3iHs+DYw7B+J4YR4doI18E1lY15tV5U7N16usaWneM4IsscR
eJHDcm+i8Gos6BcXwffEExI5v70xOe0aQkpD6mjl4O5+hyS5VpyFX5VP/rbqeubR
jhFnJZGdMt/Nj86bo+FOkDj3fG4w0A2PzrxhrlRtocPpynmLGdffRSno/k1grnAc
GKMB89PFdayY7Uc1ihZkKl+mSiYtaahgWIZ8moz3zNbBztOLO2Jvk90pF/p7NUrH
Ufqvu89IMFEhuTzKswtP1HdCnz4BMt/iQYI4PRmaAnh+UhnhnCR5
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:04:23 2024 by rpki-client on console-fra.rpki-client.org