Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/4c4894-80fc-48ef-b668-975a237ecd06/1/8m14GemymqOGC0QdkxXJ5SIo1rE.roa
File:                     8m14GemymqOGC0QdkxXJ5SIo1rE.roa (raw, json)
Hash identifier:          s9BYHWU3xU8SXQ0aeCTfx6dsFGvyHeZFQG9O4YC9ksk=
Subject key identifier:   F2:6D:78:19:E9:B2:9A:A3:86:0B:44:1D:93:15:C9:E5:22:28:D6:B1
Certificate issuer:       /CN=239c45e43625522080aec53952989a13a28abd00
Certificate serial:       018CC86FDCFDC7E4B9FE5560A7831658D80C
Authority key identifier: 23:9C:45:E4:36:25:52:20:80:AE:C5:39:52:98:9A:13:A2:8A:BD:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I5xF5DYlUiCArsU5UpiaE6KKvQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/4c4894-80fc-48ef-b668-975a237ecd06/1/8m14GemymqOGC0QdkxXJ5SIo1rE.roa
Signing time:             Tue 02 Jan 2024 04:30:23 +0000
ROA not before:           Tue 02 Jan 2024 04:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205845
IP address blocks:        185.204.120.0/22 maxlen: 24
                          45.154.168.0/22 maxlen: 24
                          2a0a:f740::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/4c4894-80fc-48ef-b668-975a237ecd06/1/I5xF5DYlUiCArsU5UpiaE6KKvQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/4c4894-80fc-48ef-b668-975a237ecd06/1/I5xF5DYlUiCArsU5UpiaE6KKvQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I5xF5DYlUiCArsU5UpiaE6KKvQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:dc:fd:c7:e4:b9:fe:55:60:a7:83:16:58:d8:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=239c45e43625522080aec53952989a13a28abd00
        Validity
            Not Before: Jan  2 04:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f26d7819e9b29aa3860b441d9315c9e52228d6b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:86:ff:df:15:c1:c8:58:29:a1:0c:56:3c:3e:
                    1b:63:a0:48:f6:c6:69:bd:b4:a0:84:5e:c5:f0:74:
                    b5:b0:59:8f:68:40:da:a8:41:e0:7f:d4:03:f6:d3:
                    71:2d:72:96:e5:09:89:82:21:8e:29:14:95:9c:61:
                    73:72:ee:7b:b4:61:a1:a3:40:04:7f:68:c0:a5:01:
                    00:d3:fa:7e:12:32:1b:f3:2b:d4:59:ac:e4:4e:a9:
                    8c:b9:f3:70:40:24:c6:15:15:9e:79:97:59:8a:2b:
                    65:6a:2c:03:b0:90:b9:a1:92:56:b2:08:37:e0:22:
                    c8:88:e8:50:db:22:39:fa:a8:30:77:01:c0:21:bd:
                    6e:d4:a7:75:05:cd:ce:6f:23:00:63:a3:75:06:85:
                    b7:25:71:e5:a1:5b:63:a8:93:1e:d8:7d:06:82:7d:
                    c9:02:f6:fb:9d:76:9d:3d:1c:ba:91:c4:a8:0f:6a:
                    bd:ae:df:c4:4e:3d:be:db:01:c5:61:d3:35:d0:cc:
                    41:95:c5:45:0c:eb:c3:2d:5c:3d:9d:e2:3c:7b:3e:
                    3c:00:65:0d:31:8c:1b:0d:1d:1e:44:c3:fc:20:37:
                    50:03:1a:a5:0d:3b:23:07:2a:33:7d:8d:7d:29:e8:
                    e1:fd:3e:0d:29:5c:23:67:aa:6d:a5:4e:4b:31:5a:
                    8f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:6D:78:19:E9:B2:9A:A3:86:0B:44:1D:93:15:C9:E5:22:28:D6:B1
            X509v3 Authority Key Identifier:
                keyid:23:9C:45:E4:36:25:52:20:80:AE:C5:39:52:98:9A:13:A2:8A:BD:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I5xF5DYlUiCArsU5UpiaE6KKvQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4c4894-80fc-48ef-b668-975a237ecd06/1/8m14GemymqOGC0QdkxXJ5SIo1rE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4c4894-80fc-48ef-b668-975a237ecd06/1/I5xF5DYlUiCArsU5UpiaE6KKvQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.168.0/22
                  185.204.120.0/22
                IPv6:
                  2a0a:f740::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:da:b9:b0:0c:e3:35:e8:39:bf:81:71:fb:52:27:64:df:a2:
         82:5d:51:29:71:0d:ad:46:cb:0d:0e:82:4e:ec:18:c6:e6:58:
         72:18:ed:fb:91:fc:bb:2e:ef:14:36:31:76:ad:99:45:1a:78:
         ad:d1:48:dd:b0:c8:df:fe:d9:bf:f7:4a:c2:f2:83:17:c0:2e:
         23:7f:f9:a6:34:04:a1:85:7d:5b:f9:72:d2:4a:3d:a8:ac:e4:
         e9:93:3f:47:69:eb:2c:75:c5:cf:5b:1c:90:27:2d:7e:36:5d:
         a2:9e:0d:8e:93:2b:aa:b5:79:7f:ff:32:6e:48:8d:14:5d:8c:
         75:74:57:6b:48:78:e2:85:36:25:9e:2c:29:23:d9:7b:2a:33:
         6a:bc:c4:98:a0:18:5e:50:9f:6d:52:02:65:96:34:31:c6:dc:
         ba:91:a1:69:59:3e:1b:0f:e0:ea:36:0b:17:b3:1f:f9:94:ff:
         5d:79:7e:a3:e0:7f:f6:ea:d4:e2:00:c8:ee:c2:72:e2:cb:4f:
         e9:79:4d:e7:07:75:4e:27:14:69:08:34:3a:da:69:b2:29:88:
         66:81:34:3c:45:f4:36:01:f2:e3:8f:dd:4d:7a:0c:77:f2:16:
         b4:b2:70:b7:06:ed:da:4d:bd:63:eb:3d:05:ab:c3:2c:d8:c7:
         1f:a9:ad:5f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIb9z9x+S5/lVgp4MWWNgMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzOWM0NWU0MzYyNTUyMjA4MGFlYzUzOTUyOTg5YTEzYTI4
YWJkMDAwHhcNMjQwMTAyMDQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjZkNzgxOWU5YjI5YWEzODYwYjQ0MWQ5MzE1YzllNTIyMjhkNmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4b/3xXByFgpoQxWPD4bY6BI9sZp
vbSghF7F8HS1sFmPaEDaqEHgf9QD9tNxLXKW5QmJgiGOKRSVnGFzcu57tGGho0AE
f2jApQEA0/p+EjIb8yvUWazkTqmMufNwQCTGFRWeeZdZiitlaiwDsJC5oZJWsgg3
4CLIiOhQ2yI5+qgwdwHAIb1u1Kd1Bc3ObyMAY6N1BoW3JXHloVtjqJMe2H0Ggn3J
Avb7nXadPRy6kcSoD2q9rt/ETj2+2wHFYdM10MxBlcVFDOvDLVw9neI8ez48AGUN
MYwbDR0eRMP8IDdQAxqlDTsjByozfY19Kejh/T4NKVwjZ6ptpU5LMVqPnwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPJteBnpspqjhgtEHZMVyeUiKNaxMB8GA1UdIwQY
MBaAFCOcReQ2JVIggK7FOVKYmhOiir0AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTV4RjVEWWxVaUNBcnNVNVVwaWFFNktLdlFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80YzQ4OTQtODBmYy00OGVmLWI2Njgt
OTc1YTIzN2VjZDA2LzEvOG0xNEdlbXltcU9HQzBRZGt4WEo1U0lvMXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80YzQ4OTQtODBmYy00OGVmLWI2NjgtOTc1YTIzN2VjZDA2
LzEvSTV4RjVEWWxVaUNBcnNVNVVwaWFFNktLdlFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLZqoAwQC
ucx4MA0EAgACMAcDBQMqCvdAMA0GCSqGSIb3DQEBCwUAA4IBAQB32rmwDOM16Dm/
gXH7Uidk36KCXVEpcQ2tRssNDoJO7BjG5lhyGO37kfy7Lu8UNjF2rZlFGnit0Ujd
sMjf/tm/90rC8oMXwC4jf/mmNAShhX1b+XLSSj2orOTpkz9HaessdcXPWxyQJy1+
Nl2ing2OkyuqtXl//zJuSI0UXYx1dFdrSHjihTYlniwpI9l7KjNqvMSYoBheUJ9t
UgJlljQxxty6kaFpWT4bD+DqNgsXsx/5lP9deX6j4H/26tTiAMjuwnLiy0/peU3n
B3VOJxRpCDQ62mmyKYhmgTQ8RfQ2AfLjj91Negx38ha0snC3Bu3aTb1j6z0Fq8Ms
2Mcfqa1f
-----END CERTIFICATE-----
Generated at Sat Nov 23 18:59:57 2024 by rpki-client on console-fra.rpki-client.org