Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/3W-qvsVxEJQdvG4us0RBrPOtXWQ.roa
File:                     3W-qvsVxEJQdvG4us0RBrPOtXWQ.roa (raw, json)
Hash identifier:          t+CBGAnOpyWHeB4CewE+Bz1GbJ1fSAlBOosDVZG8c9o=
Subject key identifier:   DD:6F:AA:BE:C5:71:10:94:1D:BC:6E:2E:B3:44:41:AC:F3:AD:5D:64
Certificate issuer:       /CN=13e281475b7bf8d0fa1f669d5ad2de1635e8c04f
Certificate serial:       018CC500FE51CEE14DD4B37BA675956A4C03
Authority key identifier: 13:E2:81:47:5B:7B:F8:D0:FA:1F:66:9D:5A:D2:DE:16:35:E8:C0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/3W-qvsVxEJQdvG4us0RBrPOtXWQ.roa
Signing time:             Mon 01 Jan 2024 12:30:25 +0000
ROA not before:           Mon 01 Jan 2024 12:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        45.80.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:fe:51:ce:e1:4d:d4:b3:7b:a6:75:95:6a:4c:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13e281475b7bf8d0fa1f669d5ad2de1635e8c04f
        Validity
            Not Before: Jan  1 12:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd6faabec57110941dbc6e2eb34441acf3ad5d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:29:b3:c3:ce:20:fb:9f:d4:58:be:f2:70:d3:
                    7b:7e:59:8d:cd:62:e5:69:bf:db:e1:fd:ab:33:1f:
                    3e:98:6f:9b:43:b8:45:a2:43:9c:3b:15:05:98:b4:
                    10:93:0b:30:4b:95:33:b6:4b:58:12:d3:a9:25:d8:
                    09:28:1a:c4:78:f0:21:9f:88:3a:24:3a:aa:fe:61:
                    27:ac:db:5b:4e:1f:57:a6:f1:59:83:fb:e1:e5:94:
                    ac:0f:3a:a1:94:9b:36:5c:73:13:92:52:54:7f:65:
                    8d:58:b8:4e:cd:12:05:35:d1:c9:09:38:a8:54:c6:
                    80:2f:c5:8d:1f:be:db:a0:71:59:54:da:76:f1:75:
                    a5:bc:89:67:ae:ac:95:57:77:3a:86:ef:cd:de:ba:
                    e0:7c:bc:fd:e3:9d:22:4d:dd:a7:9e:d7:f3:12:c3:
                    5a:23:2b:72:e3:a4:dd:98:92:e4:48:6f:b4:90:41:
                    39:03:b5:74:c4:7a:29:9f:c5:e6:43:ba:d9:24:15:
                    e9:5c:f1:d2:64:42:4f:75:13:dc:60:1e:d6:b1:ec:
                    83:89:b3:a8:c4:db:2b:23:ce:61:93:ee:8f:f4:05:
                    00:39:18:35:00:a0:d8:c5:29:ec:e3:aa:d0:85:74:
                    da:f8:06:e2:bd:d4:24:de:54:ae:47:8d:0d:38:10:
                    23:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:6F:AA:BE:C5:71:10:94:1D:BC:6E:2E:B3:44:41:AC:F3:AD:5D:64
            X509v3 Authority Key Identifier:
                keyid:13:E2:81:47:5B:7B:F8:D0:FA:1F:66:9D:5A:D2:DE:16:35:E8:C0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/3W-qvsVxEJQdvG4us0RBrPOtXWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:bb:f4:03:7a:ca:ed:ed:92:e0:3c:ad:ed:2e:44:a8:d9:61:
         26:9f:09:cd:b7:b4:26:f8:f9:fd:58:f2:ca:40:c3:a9:f2:05:
         34:08:df:e7:fc:16:d9:ec:3f:5f:ae:7f:cc:81:3a:a4:53:b7:
         5e:7f:7e:e1:d6:4d:d2:19:94:56:e6:2a:74:4f:a5:ae:65:fa:
         2c:29:7c:a3:42:47:28:e9:82:45:9f:c7:4d:f1:41:bb:0b:80:
         e3:65:f3:a5:7c:27:b3:9a:75:ff:24:30:13:73:8a:1c:3b:fe:
         11:ce:1a:14:e4:d7:40:a7:d1:cb:ca:0b:88:8b:de:65:ac:f9:
         fc:12:9f:5e:c6:29:53:47:96:ff:bc:bf:4c:26:f9:f2:55:d2:
         b8:72:bc:ea:ed:d3:53:3b:8d:d8:11:23:eb:e4:b9:bb:6e:73:
         9a:bd:39:3f:a8:33:5b:cb:b1:40:c0:fa:18:d6:3e:5a:fd:0c:
         46:4a:78:eb:9f:0a:10:bd:84:e8:3a:6f:e5:c7:33:66:79:0a:
         ac:08:f7:d8:61:78:8a:bb:95:86:91:4f:8b:e6:7f:27:2f:29:
         d5:02:26:cd:cb:5a:47:b4:a1:f9:41:56:1a:7f:4f:ef:cf:14:
         af:9d:44:1c:9c:76:c9:66:42:78:a8:1e:de:f6:51:52:5c:b6:
         c2:32:52:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAP5RzuFN1LN7pnWVakwDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZTI4MTQ3NWI3YmY4ZDBmYTFmNjY5ZDVhZDJkZTE2MzVl
OGMwNGYwHhcNMjQwMTAxMTIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDZmYWFiZWM1NzExMDk0MWRiYzZlMmViMzQ0NDFhY2YzYWQ1ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSmzw84g+5/UWL7ycNN7flmNzWLl
ab/b4f2rMx8+mG+bQ7hFokOcOxUFmLQQkwswS5UztktYEtOpJdgJKBrEePAhn4g6
JDqq/mEnrNtbTh9XpvFZg/vh5ZSsDzqhlJs2XHMTklJUf2WNWLhOzRIFNdHJCTio
VMaAL8WNH77boHFZVNp28XWlvIlnrqyVV3c6hu/N3rrgfLz9450iTd2nntfzEsNa
Iyty46TdmJLkSG+0kEE5A7V0xHopn8XmQ7rZJBXpXPHSZEJPdRPcYB7WseyDibOo
xNsrI85hk+6P9AUAORg1AKDYxSns46rQhXTa+AbivdQk3lSuR40NOBAjcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1vqr7FcRCUHbxuLrNEQazzrV1kMB8GA1UdIwQY
MBaAFBPigUdbe/jQ+h9mnVrS3hY16MBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS1LQlIxdDctTkQ2SDJhZFd0TGVGalhvd0U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8wNWI1ZDgtNDU0MS00OGE5LThjMGEt
NDRmZDA0MzkzZTJiLzEvM1ctcXZzVnhFSlFkdkc0dXMwUkJyUE90WFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8wNWI1ZDgtNDU0MS00OGE5LThjMGEtNDRmZDA0MzkzZTJi
LzEvRS1LQlIxdDctTkQ2SDJhZFd0TGVGalhvd0U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVAxMA0G
CSqGSIb3DQEBCwUAA4IBAQAmu/QDesrt7ZLgPK3tLkSo2WEmnwnNt7Qm+Pn9WPLK
QMOp8gU0CN/n/BbZ7D9frn/MgTqkU7def37h1k3SGZRW5ip0T6WuZfosKXyjQkco
6YJFn8dN8UG7C4DjZfOlfCezmnX/JDATc4ocO/4RzhoU5NdAp9HLyguIi95lrPn8
Ep9exilTR5b/vL9MJvnyVdK4crzq7dNTO43YESPr5Lm7bnOavTk/qDNby7FAwPoY
1j5a/QxGSnjrnwoQvYToOm/lxzNmeQqsCPfYYXiKu5WGkU+L5n8nLynVAibNy1pH
tKH5QVYaf0/vzxSvnUQcnHbJZkJ4qB7e9lFSXLbCMlL1
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:41:35 2024 by rpki-client on console-fra.rpki-client.org