Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/fOpHoj6gE6QDSzI_xpI2eoSQlig.roa
File:                     fOpHoj6gE6QDSzI_xpI2eoSQlig.roa (raw, json)
Hash identifier:          pLBi2u+3F49A1hvLwb6x7gKKB5g8fv3gRqV1aRiYSu8=
Subject key identifier:   7C:EA:47:A2:3E:A0:13:A4:03:4B:32:3F:C6:92:36:7A:84:90:96:28
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B67F745970EC9B4ABEE1EF7F9D32
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/fOpHoj6gE6QDSzI_xpI2eoSQlig.roa
Signing time:             Mon 01 Jan 2024 20:29:37 +0000
ROA not before:           Mon 01 Jan 2024 20:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58236
IP address blocks:        45.8.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b6:7f:74:59:70:ec:9b:4a:be:e1:ef:7f:9d:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cea47a23ea013a4034b323fc692367a84909628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:57:19:ec:8b:43:1a:af:55:71:4f:78:14:1d:
                    c4:b5:69:60:40:dd:c4:6d:05:f5:d8:69:45:b3:73:
                    fb:81:1e:1d:60:b6:18:0f:76:75:03:33:66:1e:19:
                    e9:04:cb:97:c4:ca:3e:8e:61:96:7e:91:d5:d5:8b:
                    5f:42:25:23:04:c4:fa:0c:4d:33:3b:65:ab:3b:f6:
                    d5:3d:8a:c8:8b:a7:0f:58:ce:d9:f0:92:2e:78:7e:
                    c8:b8:ce:d6:43:44:fc:9e:f4:91:3c:2f:8f:7d:d6:
                    4d:93:5c:fa:5a:10:95:1e:1b:93:cb:65:2e:cd:07:
                    b2:a1:0d:f7:de:25:28:64:7c:7c:f1:cf:c8:32:69:
                    58:94:b0:b6:7f:42:6c:51:44:33:08:ce:00:fd:65:
                    8b:3c:e6:2b:43:6e:70:7d:b4:00:c7:ee:5f:4d:78:
                    2c:e6:37:6d:42:b6:dc:0b:f8:41:70:23:d1:90:bf:
                    8d:fc:4e:08:7b:78:6e:8b:0f:3b:3e:a1:dc:df:7b:
                    13:50:84:a4:a3:1a:e4:f6:f3:dd:18:4f:4b:75:b3:
                    6d:f4:f0:63:e5:2e:bc:1f:98:4c:df:fa:a2:b5:9a:
                    39:01:38:a0:f4:d9:97:11:01:45:db:c8:74:99:f3:
                    d2:83:6c:1b:1c:3c:b0:e7:66:31:53:5e:56:e0:8c:
                    9a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:EA:47:A2:3E:A0:13:A4:03:4B:32:3F:C6:92:36:7A:84:90:96:28
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/fOpHoj6gE6QDSzI_xpI2eoSQlig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:c1:0a:84:b4:41:c6:40:bc:bb:16:96:a6:2f:13:1f:44:05:
         f8:17:62:02:18:ea:31:8a:db:4d:f5:41:24:40:ed:f6:02:f0:
         aa:b9:72:fd:4f:ce:96:0c:d0:c8:19:e8:97:6d:f2:e2:72:35:
         7f:e6:27:10:13:8a:7b:ec:01:69:ef:eb:43:13:87:19:24:53:
         a5:72:5b:78:10:03:88:34:10:e5:6d:b6:6b:b1:8a:77:ef:e1:
         5c:83:be:48:f7:2d:c8:53:fd:7d:cb:02:db:ec:cf:18:fb:09:
         68:19:33:d4:db:02:57:73:64:79:42:37:be:83:79:50:17:05:
         86:3a:9e:f7:53:c5:c9:b4:94:fa:39:d5:d5:61:cd:cb:9f:64:
         aa:c9:7d:33:71:58:05:26:ee:74:33:17:04:a5:17:49:cd:f2:
         8c:29:08:5d:eb:12:6f:1e:80:0a:3e:a7:16:72:b8:9d:da:bc:
         c4:e0:22:77:91:7b:4d:a4:94:49:f4:1e:f4:a9:e7:8a:42:59:
         97:21:a0:56:cb:1d:c7:35:b8:36:a7:4c:7f:c1:f4:8c:8d:4f:
         1b:1a:2f:a8:f8:20:90:d4:ea:1b:ef:77:20:92:32:aa:35:24:
         f2:12:64:9d:70:9e:d1:e2:36:d2:15:24:31:63:1b:5c:64:cd:
         22:3f:38:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7Z/dFlw7JtKvuHvf50yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2VhNDdhMjNlYTAxM2E0MDM0YjMyM2ZjNjkyMzY3YTg0OTA5NjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lcZ7ItDGq9VcU94FB3EtWlgQN3E
bQX12GlFs3P7gR4dYLYYD3Z1AzNmHhnpBMuXxMo+jmGWfpHV1YtfQiUjBMT6DE0z
O2WrO/bVPYrIi6cPWM7Z8JIueH7IuM7WQ0T8nvSRPC+PfdZNk1z6WhCVHhuTy2Uu
zQeyoQ333iUoZHx88c/IMmlYlLC2f0JsUUQzCM4A/WWLPOYrQ25wfbQAx+5fTXgs
5jdtQrbcC/hBcCPRkL+N/E4Ie3huiw87PqHc33sTUISkoxrk9vPdGE9LdbNt9PBj
5S68H5hM3/qitZo5ATig9NmXEQFF28h0mfPSg2wbHDyw52YxU15W4IyaYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzqR6I+oBOkA0syP8aSNnqEkJYoMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvZk9wSG9qNmdFNlFEU3pJX3hwSTJlb1NRbGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjnMA0G
CSqGSIb3DQEBCwUAA4IBAQAywQqEtEHGQLy7FpamLxMfRAX4F2ICGOoxittN9UEk
QO32AvCquXL9T86WDNDIGeiXbfLicjV/5icQE4p77AFp7+tDE4cZJFOlclt4EAOI
NBDlbbZrsYp37+Fcg75I9y3IU/19ywLb7M8Y+wloGTPU2wJXc2R5Qje+g3lQFwWG
Op73U8XJtJT6OdXVYc3Ln2SqyX0zcVgFJu50MxcEpRdJzfKMKQhd6xJvHoAKPqcW
crid2rzE4CJ3kXtNpJRJ9B70qeeKQlmXIaBWyx3HNbg2p0x/wfSMjU8bGi+o+CCQ
1Oob73cgkjKqNSTyEmSdcJ7R4jbSFSQxYxtcZM0iPziY
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:41:54 2024 by rpki-client on console-ams.rpki-client.org