Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/C9o21z6MCi5qGFVF76C3p20Du9w.roa
File:                     C9o21z6MCi5qGFVF76C3p20Du9w.roa (raw, json)
Hash identifier:          JZjFzjxiNIlM+6fh74iyhOyaeOvvHHgn6PdgsmDMmzg=
Subject key identifier:   0B:DA:36:D7:3E:8C:0A:2E:6A:18:55:45:EF:A0:B7:A7:6D:03:BB:DC
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       018CC7944E9233CF33112DA092C5D6E67C7C
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/C9o21z6MCi5qGFVF76C3p20Du9w.roa
Signing time:             Tue 02 Jan 2024 00:30:34 +0000
ROA not before:           Tue 02 Jan 2024 00:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        45.86.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4e:92:33:cf:33:11:2d:a0:92:c5:d6:e6:7c:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Jan  2 00:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bda36d73e8c0a2e6a185545efa0b7a76d03bbdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0a:0e:cf:37:a5:dd:9a:8f:81:b1:6c:fb:51:
                    c6:03:83:6f:a1:a4:59:74:82:ae:9a:15:bd:55:4e:
                    ac:b9:14:ae:66:ba:a0:94:9f:3d:8d:70:47:4d:c0:
                    09:fd:62:d0:6d:07:9e:2e:aa:35:e7:d6:f2:f5:6d:
                    f7:9f:3c:ed:12:7e:08:22:82:2a:3d:fa:3e:af:1a:
                    27:4f:7d:a3:58:57:31:0c:76:21:93:8e:0d:96:74:
                    f4:87:74:7d:9e:9c:fc:cf:0c:a2:36:88:5c:62:19:
                    31:39:e0:b4:43:21:b3:e9:56:a4:49:ee:e7:7b:76:
                    8c:a5:9d:1e:fa:bf:b0:8c:c9:9b:81:0a:87:12:0a:
                    e1:4c:db:f4:49:67:fd:d4:3a:4c:42:b3:0c:79:2a:
                    a4:bc:73:d0:15:d3:7c:30:f9:86:b5:31:1e:45:f6:
                    13:2e:27:a4:29:cd:4b:2c:2b:0e:94:0b:82:7b:65:
                    ee:d3:ae:de:26:f1:32:01:fc:8c:7e:44:b4:6a:de:
                    d1:94:81:87:69:3d:07:37:11:ea:ec:49:05:f0:3d:
                    3c:96:ed:cf:1c:a7:b1:c3:9b:6e:77:1a:e2:ce:ec:
                    37:74:3a:ba:8b:ec:4f:0e:23:f5:1e:70:f2:b3:ff:
                    e0:81:c6:1d:56:5a:ed:8f:43:60:25:9f:a1:1c:e0:
                    d6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:DA:36:D7:3E:8C:0A:2E:6A:18:55:45:EF:A0:B7:A7:6D:03:BB:DC
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/C9o21z6MCi5qGFVF76C3p20Du9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:99:3c:67:36:ad:c4:64:c6:b4:0e:8f:40:24:5b:94:82:91:
         8a:39:c5:86:07:e2:4a:84:8f:f4:a3:e7:c9:20:88:20:ac:f5:
         47:f9:c1:31:1a:1f:56:45:6f:09:17:15:30:cd:d2:bb:39:cd:
         9d:96:b5:13:f8:be:b0:2b:5d:70:a6:99:24:e2:1f:46:32:7e:
         e3:7b:59:c5:7d:cc:56:82:71:1c:a7:46:d2:6a:0c:6c:c5:34:
         83:63:d3:e0:04:19:3f:ca:12:ac:f5:df:0f:25:8c:53:f0:01:
         fa:b5:e8:a7:14:00:66:20:e3:59:81:fb:60:4a:ce:c6:39:d9:
         98:72:1d:c4:32:93:aa:90:82:d9:5d:b9:7e:00:25:56:45:3c:
         6a:5d:42:97:d5:66:34:e9:a2:c8:89:53:60:09:5b:16:ff:96:
         ec:65:64:c2:07:a1:c0:bc:b6:0d:e0:be:12:14:ea:d1:a7:2f:
         02:86:02:eb:cb:ca:70:15:e0:57:c2:83:28:70:36:c7:7a:9e:
         73:80:b3:c5:01:72:36:ae:b3:ed:55:e3:72:9f:18:df:86:22:
         2c:f8:98:ac:99:87:5b:94:f6:b1:7c:f1:2a:a3:ed:97:68:d7:
         22:23:74:a3:c2:1f:8c:62:b7:61:97:4c:22:42:71:cd:12:bc:
         59:da:13:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlE6SM88zES2gksXW5nx8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjQwMTAyMDAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmRhMzZkNzNlOGMwYTJlNmExODU1NDVlZmEwYjdhNzZkMDNiYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQoOzzel3ZqPgbFs+1HGA4NvoaRZ
dIKumhW9VU6suRSuZrqglJ89jXBHTcAJ/WLQbQeeLqo159by9W33nzztEn4IIoIq
Pfo+rxonT32jWFcxDHYhk44NlnT0h3R9npz8zwyiNohcYhkxOeC0QyGz6VakSe7n
e3aMpZ0e+r+wjMmbgQqHEgrhTNv0SWf91DpMQrMMeSqkvHPQFdN8MPmGtTEeRfYT
LiekKc1LLCsOlAuCe2Xu067eJvEyAfyMfkS0at7RlIGHaT0HNxHq7EkF8D08lu3P
HKexw5tudxrizuw3dDq6i+xPDiP1HnDys//ggcYdVlrtj0NgJZ+hHODWEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvaNtc+jAouahhVRe+gt6dtA7vcMB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvQzlvMjF6Nk1DaTVxR0ZWRjc2QzNwMjBEdTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVY0MA0G
CSqGSIb3DQEBCwUAA4IBAQAhmTxnNq3EZMa0Do9AJFuUgpGKOcWGB+JKhI/0o+fJ
IIggrPVH+cExGh9WRW8JFxUwzdK7Oc2dlrUT+L6wK11wppkk4h9GMn7je1nFfcxW
gnEcp0bSagxsxTSDY9PgBBk/yhKs9d8PJYxT8AH6teinFABmIONZgftgSs7GOdmY
ch3EMpOqkILZXbl+ACVWRTxqXUKX1WY06aLIiVNgCVsW/5bsZWTCB6HAvLYN4L4S
FOrRpy8ChgLry8pwFeBXwoMocDbHep5zgLPFAXI2rrPtVeNynxjfhiIs+JismYdb
lPaxfPEqo+2XaNciI3Sjwh+MYrdhl0wiQnHNErxZ2hPW
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:11:57 2024 by rpki-client on console-ams.rpki-client.org