Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/4429a4-0b36-4ced-846f-e20a654fca95/1/h12BJbMxNpueZAGv5Qe2Ly9ubb8.roa
File:                     h12BJbMxNpueZAGv5Qe2Ly9ubb8.roa (raw, json)
Hash identifier:          ifFPnksttQakAgY9dYOp4J+Wqzsui7+GS/4XbMNk5PA=
Subject key identifier:   87:5D:81:25:B3:31:36:9B:9E:64:01:AF:E5:07:B6:2F:2F:6E:6D:BF
Certificate issuer:       /CN=731d9ad404ecdafa70ea9a4c9d10b9801829ea1f
Certificate serial:       018CC4252E5C7D37A8F225A0A9E69E7D77FF
Authority key identifier: 73:1D:9A:D4:04:EC:DA:FA:70:EA:9A:4C:9D:10:B9:80:18:29:EA:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cx2a1ATs2vpw6ppMnRC5gBgp6h8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/4429a4-0b36-4ced-846f-e20a654fca95/1/h12BJbMxNpueZAGv5Qe2Ly9ubb8.roa
Signing time:             Mon 01 Jan 2024 08:30:20 +0000
ROA not before:           Mon 01 Jan 2024 08:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9119
IP address blocks:        46.54.240.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/4429a4-0b36-4ced-846f-e20a654fca95/1/cx2a1ATs2vpw6ppMnRC5gBgp6h8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/4429a4-0b36-4ced-846f-e20a654fca95/1/cx2a1ATs2vpw6ppMnRC5gBgp6h8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cx2a1ATs2vpw6ppMnRC5gBgp6h8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:2e:5c:7d:37:a8:f2:25:a0:a9:e6:9e:7d:77:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=731d9ad404ecdafa70ea9a4c9d10b9801829ea1f
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=875d8125b331369b9e6401afe507b62f2f6e6dbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:24:1c:75:41:ac:d6:5a:db:9d:25:31:7b:55:
                    ef:cb:8b:df:d8:e4:fc:3a:fa:2f:26:5f:b3:c0:10:
                    19:9b:23:a8:3e:38:95:b2:f6:14:4c:43:81:ac:ab:
                    28:bb:0e:c3:27:45:02:05:e6:2d:34:0f:f3:ae:4e:
                    1d:72:38:89:ce:3b:19:c9:f7:5d:57:f4:d7:d6:47:
                    c8:ce:07:7c:12:ba:c7:77:b8:8e:9a:13:7e:c2:5a:
                    18:d3:0d:6b:7e:54:fe:37:c9:31:2f:03:90:2d:2b:
                    dc:1e:4a:a0:9d:f9:9f:e3:eb:99:b8:4a:e7:5f:0f:
                    8e:44:1e:97:34:10:76:9c:54:46:93:ab:e0:e8:6b:
                    d0:59:d1:47:82:66:37:36:ea:75:c4:9d:c1:f9:d0:
                    22:07:bd:4d:b4:11:3f:33:89:39:dd:3a:46:5b:80:
                    cf:b0:be:65:db:d7:1a:8f:e3:a1:7b:8f:b2:40:e0:
                    29:3f:32:e4:ee:d4:f2:6d:8a:91:53:c5:d0:99:b7:
                    f0:47:0a:1d:24:ff:1d:fe:a2:d1:c6:47:a6:75:83:
                    40:a5:d3:b3:8e:a5:b7:f6:06:6b:b8:0b:f8:26:6b:
                    8e:d8:5d:3c:92:bb:41:cc:b5:91:92:4e:e0:4e:91:
                    46:2a:4e:eb:d0:f7:2d:22:6c:58:ad:b6:61:27:14:
                    34:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:5D:81:25:B3:31:36:9B:9E:64:01:AF:E5:07:B6:2F:2F:6E:6D:BF
            X509v3 Authority Key Identifier:
                keyid:73:1D:9A:D4:04:EC:DA:FA:70:EA:9A:4C:9D:10:B9:80:18:29:EA:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cx2a1ATs2vpw6ppMnRC5gBgp6h8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/4429a4-0b36-4ced-846f-e20a654fca95/1/h12BJbMxNpueZAGv5Qe2Ly9ubb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/4429a4-0b36-4ced-846f-e20a654fca95/1/cx2a1ATs2vpw6ppMnRC5gBgp6h8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.54.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         17:a9:8c:87:08:fb:3e:ba:bc:d7:7e:e6:1a:ea:3d:15:27:aa:
         28:d2:2d:7a:fe:be:5d:96:05:f4:5e:01:40:1f:7e:ef:ed:e2:
         d9:68:28:dc:85:65:b4:16:04:97:14:7d:02:ca:c8:1b:b7:41:
         92:4a:54:1d:d3:79:41:84:c9:33:d8:b1:2d:45:9b:f6:8a:e9:
         e7:4c:cf:4f:aa:14:04:45:d7:9f:5a:38:31:3a:09:23:7a:6f:
         79:6b:fe:93:89:54:6c:cf:ca:03:22:cd:e9:d7:1f:f8:b1:83:
         2e:55:01:a2:33:96:bb:27:30:a5:4b:72:d1:b4:0c:4c:9f:3d:
         6b:60:56:73:72:5e:6e:e2:b1:30:d0:4a:75:7a:85:2e:8a:03:
         73:aa:ff:8b:99:46:30:cc:d3:22:26:06:ac:10:c8:87:2d:05:
         af:24:c2:6a:d3:99:ad:53:16:96:f6:0f:6b:c1:19:93:24:51:
         ee:fa:7c:08:0e:7e:8f:a8:5b:78:ef:a9:c7:c5:c1:40:b2:5e:
         23:0c:a4:36:aa:94:1e:16:c4:a5:93:23:ae:3a:44:69:89:ba:
         b4:08:fd:ed:01:83:ac:06:b9:69:62:f7:c6:b3:b4:b6:e6:f8:
         fe:7e:2d:72:c7:c7:d9:4c:ca:20:80:1f:d8:6b:8c:8c:fd:d2:
         4c:e2:c0:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJS5cfTeo8iWgqeaefXf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMWQ5YWQ0MDRlY2RhZmE3MGVhOWE0YzlkMTBiOTgwMTgy
OWVhMWYwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzVkODEyNWIzMzEzNjliOWU2NDAxYWZlNTA3YjYyZjJmNmU2ZGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyQcdUGs1lrbnSUxe1Xvy4vf2OT8
OvovJl+zwBAZmyOoPjiVsvYUTEOBrKsouw7DJ0UCBeYtNA/zrk4dcjiJzjsZyfdd
V/TX1kfIzgd8ErrHd7iOmhN+wloY0w1rflT+N8kxLwOQLSvcHkqgnfmf4+uZuErn
Xw+ORB6XNBB2nFRGk6vg6GvQWdFHgmY3Nup1xJ3B+dAiB71NtBE/M4k53TpGW4DP
sL5l29caj+Ohe4+yQOApPzLk7tTybYqRU8XQmbfwRwodJP8d/qLRxkemdYNApdOz
jqW39gZruAv4JmuO2F08krtBzLWRkk7gTpFGKk7r0PctImxYrbZhJxQ04QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIddgSWzMTabnmQBr+UHti8vbm2/MB8GA1UdIwQY
MBaAFHMdmtQE7Nr6cOqaTJ0QuYAYKeofMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3gyYTFBVHMydnB3NnBwTW5SQzVnQmdwNmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80NDI5YTQtMGIzNi00Y2VkLTg0NmYt
ZTIwYTY1NGZjYTk1LzEvaDEyQkpiTXhOcHVlWkFHdjVRZTJMeTl1YmI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80NDI5YTQtMGIzNi00Y2VkLTg0NmYtZTIwYTY1NGZjYTk1
LzEvY3gyYTFBVHMydnB3NnBwTW5SQzVnQmdwNmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELjbwMA0G
CSqGSIb3DQEBCwUAA4IBAQAXqYyHCPs+urzXfuYa6j0VJ6oo0i16/r5dlgX0XgFA
H37v7eLZaCjchWW0FgSXFH0Cysgbt0GSSlQd03lBhMkz2LEtRZv2iunnTM9PqhQE
RdefWjgxOgkjem95a/6TiVRsz8oDIs3p1x/4sYMuVQGiM5a7JzClS3LRtAxMnz1r
YFZzcl5u4rEw0Ep1eoUuigNzqv+LmUYwzNMiJgasEMiHLQWvJMJq05mtUxaW9g9r
wRmTJFHu+nwIDn6PqFt476nHxcFAsl4jDKQ2qpQeFsSlkyOuOkRpibq0CP3tAYOs
BrlpYvfGs7S25vj+fi1yx8fZTMoggB/Ya4yM/dJM4sDz
-----END CERTIFICATE-----
Generated at Sun Jun 16 07:52:55 2024 by rpki-client on console-ams.rpki-client.org