Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2fOPQ19EI5_V1gDwBM3_IC3zIFU.roa
File:                     2fOPQ19EI5_V1gDwBM3_IC3zIFU.roa (raw, json)
Hash identifier:          T99TQPbmI+UKUIlJbBQ3fbjr5lPpte1V2ZKZcctpgP4=
Subject key identifier:   D9:F3:8F:43:5F:44:23:9F:D5:D6:00:F0:04:CD:FF:20:2D:F3:20:55
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801497AB4D9724E1C8EC48E58B4CD20
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2fOPQ19EI5_V1gDwBM3_IC3zIFU.roa
Signing time:             Tue 02 Jan 2024 02:29:36 +0000
ROA not before:           Tue 02 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34854
IP address blocks:        45.13.118.0/24 maxlen: 24
                          2a0c:b642:fc0::/43 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:49:7a:b4:d9:72:4e:1c:8e:c4:8e:58:b4:cd:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9f38f435f44239fd5d600f004cdff202df32055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:32:84:19:c2:78:06:0b:1b:ea:06:d0:c1:b9:
                    71:aa:a0:f9:93:95:03:5b:51:bd:68:7f:2e:12:17:
                    d0:2b:d9:29:8c:47:6d:6d:3f:68:ef:48:7f:3c:02:
                    9a:e7:ec:2e:f2:ad:55:12:92:f0:ae:6a:30:5d:46:
                    95:87:37:90:39:1d:63:8f:bf:f0:6d:c1:b0:41:20:
                    c8:cc:ba:bb:19:a7:5c:d3:bd:9e:a0:ee:ea:d0:22:
                    6f:b5:99:d4:96:8a:fd:01:f5:89:6e:8c:57:c8:cd:
                    bd:1a:fa:37:b7:27:df:25:b2:cd:88:e3:72:26:70:
                    46:ad:1f:4f:6b:6f:b7:2e:ce:6d:b2:eb:26:00:ce:
                    3d:8d:7d:1f:89:15:f5:8b:4f:2e:06:6d:6c:7c:cf:
                    51:c6:10:cf:b2:e0:4a:2c:18:45:4b:de:8c:11:2b:
                    ea:8a:12:db:13:8a:29:91:b2:c0:33:18:13:17:8b:
                    16:b0:f4:13:1c:9d:f2:7f:b1:b9:05:c5:16:89:48:
                    dc:6a:4a:94:71:16:1f:20:4e:ee:0a:f1:32:e4:62:
                    55:88:d2:d2:34:90:49:4c:55:da:b0:b7:e8:88:cf:
                    bb:c3:e5:6f:40:2f:b7:12:e9:e8:e6:b0:1f:0e:0e:
                    13:dd:cf:02:1d:6f:1c:7d:6b:0b:c4:4a:25:00:c8:
                    52:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F3:8F:43:5F:44:23:9F:D5:D6:00:F0:04:CD:FF:20:2D:F3:20:55
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2fOPQ19EI5_V1gDwBM3_IC3zIFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.118.0/24
                IPv6:
                  2a0c:b642:fc0::/43

    Signature Algorithm: sha256WithRSAEncryption
         8e:ba:8f:5a:2e:10:67:20:06:9d:26:d4:46:0b:b0:18:b0:c9:
         1c:9d:b5:88:d7:4c:d4:70:a4:d6:9c:68:3e:7d:99:5b:a9:d0:
         74:6c:d9:a5:b4:03:c2:6c:ff:a3:ee:a4:ec:7f:4a:58:32:52:
         dd:74:e3:74:aa:15:45:16:e5:51:79:7e:f4:03:7f:1b:24:07:
         1c:94:09:4e:26:ff:e4:7f:88:68:73:10:9f:47:cc:f9:6b:24:
         5b:50:a3:cd:98:93:8b:8e:fb:8e:00:f1:83:01:b5:df:1c:77:
         63:a9:1d:09:aa:d8:71:d6:6d:47:06:90:70:a0:62:42:53:96:
         ff:11:5c:04:e2:f2:69:cd:03:0c:2a:a1:77:a7:a8:cf:ea:90:
         5e:ca:4f:3e:77:71:d4:68:94:fe:90:16:12:f8:de:8e:6a:3a:
         ef:98:43:2a:84:4b:19:5f:be:4c:de:ff:77:09:29:6b:4e:d3:
         ec:e4:20:fe:0d:f4:f9:27:ef:81:d0:0e:84:7c:74:06:f2:ed:
         7d:2c:19:46:52:99:5d:1f:e0:d7:4e:01:93:96:a6:0e:a5:65:
         65:51:36:5b:b5:37:48:f1:46:e2:03:25:32:89:56:dd:6d:95:
         3f:19:7c:1d:d5:f1:65:13:42:9f:c7:14:65:f3:df:92:50:23:
         4b:db:ac:f9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAUl6tNlyThyOxI5YtM0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWYzOGY0MzVmNDQyMzlmZDVkNjAwZjAwNGNkZmYyMDJkZjMyMDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjKEGcJ4Bgsb6gbQwblxqqD5k5UD
W1G9aH8uEhfQK9kpjEdtbT9o70h/PAKa5+wu8q1VEpLwrmowXUaVhzeQOR1jj7/w
bcGwQSDIzLq7Gadc072eoO7q0CJvtZnUlor9AfWJboxXyM29Gvo3tyffJbLNiONy
JnBGrR9Pa2+3Ls5tsusmAM49jX0fiRX1i08uBm1sfM9RxhDPsuBKLBhFS96MESvq
ihLbE4opkbLAMxgTF4sWsPQTHJ3yf7G5BcUWiUjcakqUcRYfIE7uCvEy5GJViNLS
NJBJTFXasLfoiM+7w+VvQC+3Euno5rAfDg4T3c8CHW8cfWsLxEolAMhSlwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNnzj0NfRCOf1dYA8ATN/yAt8yBVMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMmZPUFExOUVJNV9WMWdEd0JNM19JQzN6SUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALQ12MA8E
AgACMAkDBwUqDLZCD8AwDQYJKoZIhvcNAQELBQADggEBAI66j1ouEGcgBp0m1EYL
sBiwyRydtYjXTNRwpNacaD59mVup0HRs2aW0A8Js/6PupOx/SlgyUt1043SqFUUW
5VF5fvQDfxskBxyUCU4m/+R/iGhzEJ9HzPlrJFtQo82Yk4uO+44A8YMBtd8cd2Op
HQmq2HHWbUcGkHCgYkJTlv8RXATi8mnNAwwqoXenqM/qkF7KTz53cdRolP6QFhL4
3o5qOu+YQyqESxlfvkze/3cJKWtO0+zkIP4N9Pkn74HQDoR8dAby7X0sGUZSmV0f
4NdOAZOWpg6lZWVRNlu1N0jxRuIDJTKJVt1tlT8ZfB3V8WUTQp/HFGXz35JQI0vb
rPk=
-----END CERTIFICATE-----
Generated at Mon Nov 25 14:00:21 2024 by rpki-client on console-ams.rpki-client.org