Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/ZI8rq77mouzqetwO7UQMcBMpOvo.roa
File:                     ZI8rq77mouzqetwO7UQMcBMpOvo.roa (raw, json)
Hash identifier:          Rea2PWL9Ql6pI+PLqgmfy/esPnpWSdGXycWXdWgvh5s=
Subject key identifier:   64:8F:2B:AB:BE:E6:A2:EC:EA:7A:DC:0E:ED:44:0C:70:13:29:3A:FA
Certificate issuer:       /CN=e7c07db9880133c5cdce005bca111b552cd14c53
Certificate serial:       018CCA2A72C12DADDD8AE5D00BA4E0B254CC
Authority key identifier: E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/ZI8rq77mouzqetwO7UQMcBMpOvo.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209347
IP address blocks:        45.12.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:72:c1:2d:ad:dd:8a:e5:d0:0b:a4:e0:b2:54:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7c07db9880133c5cdce005bca111b552cd14c53
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=648f2babbee6a2ecea7adc0eed440c7013293afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:54:e4:9d:36:3c:c1:2b:0c:53:b7:8b:3b:ad:
                    38:d4:4a:81:7b:cb:b7:50:fc:2d:86:d9:a0:b0:bd:
                    9e:bc:35:6a:20:39:19:c1:44:f9:18:ad:cf:79:e0:
                    fb:40:1b:57:6a:ed:8f:c8:b5:43:da:63:12:12:19:
                    5a:c6:97:e1:eb:74:18:e3:b2:42:63:31:a7:28:48:
                    47:14:e2:e4:61:a7:c0:ff:89:34:2d:bc:a4:1d:60:
                    8b:df:a9:6b:9e:6b:f8:3b:20:4b:4e:f9:72:f9:8f:
                    b1:ba:f2:27:02:7c:50:9a:6c:e7:65:b6:98:06:36:
                    4a:33:fb:bf:c3:39:5d:1d:bd:57:0b:49:ea:36:c1:
                    24:0e:94:3d:2c:05:76:4a:bf:4c:22:5f:77:ed:10:
                    d5:31:a4:90:17:92:23:ea:29:d3:6c:98:80:e2:d5:
                    ed:92:f8:90:2c:f8:a4:6e:c6:af:02:a3:ad:d2:0c:
                    29:93:4b:45:2d:c3:62:28:ac:5c:bc:f8:63:e6:32:
                    e5:6c:21:4f:f1:05:0d:53:90:ca:c6:6b:5a:a1:53:
                    d8:a4:81:25:1a:8c:7e:dc:28:1f:c3:10:9f:f8:b5:
                    43:3c:3c:bd:06:7c:7b:cd:52:bc:dd:9b:e8:1a:a1:
                    e4:a0:bb:92:86:95:7f:77:0a:89:58:e9:e9:1e:14:
                    14:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:8F:2B:AB:BE:E6:A2:EC:EA:7A:DC:0E:ED:44:0C:70:13:29:3A:FA
            X509v3 Authority Key Identifier:
                keyid:E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/ZI8rq77mouzqetwO7UQMcBMpOvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ec:50:1e:bf:75:ae:d2:22:9c:c1:60:bf:bf:14:0a:38:5a:6f:
         8f:2e:15:24:ba:f5:52:6c:53:2a:1e:6c:ac:52:5a:4f:6d:33:
         57:e4:64:25:cf:03:55:3d:89:24:22:e2:3e:9a:23:30:a4:be:
         ca:aa:44:38:35:61:da:4f:d2:fb:c3:b4:10:e8:36:a8:54:76:
         5a:3a:1f:bb:32:d3:a4:6f:91:fb:42:93:79:0c:79:4a:6e:cb:
         61:93:02:78:64:c8:66:b1:88:32:6a:44:bc:9d:52:b3:9b:57:
         56:73:e9:79:08:c7:2f:b0:62:31:dd:8f:d4:20:75:c0:a4:f4:
         c2:ea:10:dd:d8:58:df:bf:bd:99:00:90:a9:3d:35:5b:0d:95:
         47:e8:27:9c:88:e7:71:c9:46:5f:e9:02:8a:00:ad:49:c6:d6:
         d1:a8:87:c1:80:88:40:53:da:11:50:0d:22:9a:3f:3b:7a:d9:
         72:53:7e:fe:10:14:9a:a6:9c:35:83:d3:84:1e:ce:22:19:ba:
         9f:f9:4e:96:fc:b0:02:c2:ef:11:29:72:55:e9:7b:1c:7e:67:
         7c:24:72:f8:a0:37:c2:e3:86:83:de:42:8b:82:32:39:b2:11:
         06:d6:da:d8:d8:2c:93:7f:b7:9b:42:d8:90:39:47:65:9f:98:
         33:f7:8d:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnLBLa3diuXQC6TgslTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3YzA3ZGI5ODgwMTMzYzVjZGNlMDA1YmNhMTExYjU1MmNk
MTRjNTMwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDhmMmJhYmJlZTZhMmVjZWE3YWRjMGVlZDQ0MGM3MDEzMjkzYWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFTknTY8wSsMU7eLO6041EqBe8u3
UPwthtmgsL2evDVqIDkZwUT5GK3PeeD7QBtXau2PyLVD2mMSEhlaxpfh63QY47JC
YzGnKEhHFOLkYafA/4k0LbykHWCL36lrnmv4OyBLTvly+Y+xuvInAnxQmmznZbaY
BjZKM/u/wzldHb1XC0nqNsEkDpQ9LAV2Sr9MIl937RDVMaSQF5Ij6inTbJiA4tXt
kviQLPikbsavAqOt0gwpk0tFLcNiKKxcvPhj5jLlbCFP8QUNU5DKxmtaoVPYpIEl
Gox+3CgfwxCf+LVDPDy9Bnx7zVK83ZvoGqHkoLuShpV/dwqJWOnpHhQUIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSPK6u+5qLs6nrcDu1EDHATKTr6MB8GA1UdIwQY
MBaAFOfAfbmIATPFzc4AW8oRG1Us0UxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMt
MGFhNDYzY2RmY2EwLzEvWkk4cnE3N21vdXpxZXR3TzdVUU1jQk1wT3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMtMGFhNDYzY2RmY2Ew
LzEvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQzLMA0G
CSqGSIb3DQEBCwUAA4IBAQDsUB6/da7SIpzBYL+/FAo4Wm+PLhUkuvVSbFMqHmys
UlpPbTNX5GQlzwNVPYkkIuI+miMwpL7KqkQ4NWHaT9L7w7QQ6DaoVHZaOh+7MtOk
b5H7QpN5DHlKbsthkwJ4ZMhmsYgyakS8nVKzm1dWc+l5CMcvsGIx3Y/UIHXApPTC
6hDd2Fjfv72ZAJCpPTVbDZVH6CeciOdxyUZf6QKKAK1JxtbRqIfBgIhAU9oRUA0i
mj87etlyU37+EBSappw1g9OEHs4iGbqf+U6W/LACwu8RKXJV6Xscfmd8JHL4oDfC
44aD3kKLgjI5shEG1trY2CyTf7ebQtiQOUdln5gz942I
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:41:54 2024 by rpki-client on console-fra.rpki-client.org