Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/hAOCFxctsf8THjG7FiO9erQQBBU.roa
File:                     hAOCFxctsf8THjG7FiO9erQQBBU.roa (raw, json)
Hash identifier:          e3iNN7RSx3W1fZxm/+KBoNrcFtU5VuGWcJkYK5nFLG8=
Subject key identifier:   84:03:82:17:17:2D:B1:FF:13:1E:31:BB:16:23:BD:7A:B4:10:04:15
Certificate issuer:       /CN=0aeeaee0863d1dca624f61f39b2181c7db6cba3f
Certificate serial:       018CC86F5D559124C293CF9BFD9E7BB3EDA9
Authority key identifier: 0A:EE:AE:E0:86:3D:1D:CA:62:4F:61:F3:9B:21:81:C7:DB:6C:BA:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/hAOCFxctsf8THjG7FiO9erQQBBU.roa
Signing time:             Tue 02 Jan 2024 04:29:50 +0000
ROA not before:           Tue 02 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57332
IP address blocks:        5.206.240.0/20 maxlen: 20
                          45.85.8.0/22 maxlen: 22
                          159.255.176.0/20 maxlen: 20
                          159.255.186.0/24 maxlen: 24
                          159.255.180.0/23 maxlen: 23
                          159.255.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:5d:55:91:24:c2:93:cf:9b:fd:9e:7b:b3:ed:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0aeeaee0863d1dca624f61f39b2181c7db6cba3f
        Validity
            Not Before: Jan  2 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84038217172db1ff131e31bb1623bd7ab4100415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e4:f0:d4:08:43:ff:14:c1:2e:79:e6:86:54:
                    43:0a:9c:58:5d:40:68:2b:d6:23:c3:5c:b0:e5:13:
                    1f:a2:04:a4:ce:4c:08:a9:5c:51:d5:4e:08:bc:62:
                    5f:27:e8:42:28:96:03:32:de:a5:e5:f0:74:52:0a:
                    43:41:6b:f9:a0:52:52:53:c2:e5:d7:c1:34:03:e6:
                    e7:df:b3:8e:fc:65:eb:f0:86:51:41:e3:6e:19:36:
                    f3:b6:10:46:81:1a:0f:d3:82:3e:17:32:81:ce:e7:
                    33:5c:ba:de:15:5a:71:b5:7e:34:4f:7e:a1:78:e6:
                    88:03:7b:f6:53:be:80:1d:c9:31:0f:eb:5b:6b:6d:
                    1e:87:d1:ec:0b:c3:4f:75:23:53:1b:2c:78:28:b6:
                    fb:61:55:ae:e9:ab:c1:cf:8a:4a:60:96:e2:d4:58:
                    99:5f:72:70:87:71:36:7d:ea:54:3c:e7:a1:df:b4:
                    f9:5d:e6:87:1a:74:2f:07:92:0f:05:cc:12:39:05:
                    d8:1f:58:30:20:9b:da:e5:c3:cc:8b:f2:c5:05:2c:
                    e0:89:e9:b8:56:7a:78:cc:79:65:8d:c3:2b:57:76:
                    3f:43:7a:6b:ed:4b:71:10:23:28:f9:40:7a:7e:3f:
                    89:c3:79:0b:6e:73:24:c5:b7:bc:c6:1b:8a:29:0b:
                    40:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:03:82:17:17:2D:B1:FF:13:1E:31:BB:16:23:BD:7A:B4:10:04:15
            X509v3 Authority Key Identifier:
                keyid:0A:EE:AE:E0:86:3D:1D:CA:62:4F:61:F3:9B:21:81:C7:DB:6C:BA:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/hAOCFxctsf8THjG7FiO9erQQBBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.206.240.0/20
                  45.85.8.0/22
                  159.255.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         52:37:17:d8:6c:f5:8e:df:76:09:12:6c:30:e6:8b:63:66:cb:
         f3:c2:86:68:bc:09:70:03:a0:aa:89:dc:34:3d:13:ac:ce:95:
         b2:5b:b2:3c:78:dd:04:fa:b6:fe:09:94:7e:3d:b1:7c:d8:0b:
         c6:53:1c:48:ff:53:21:62:3f:8a:c2:f5:87:8c:66:e9:33:56:
         05:a2:b7:83:c8:0f:a6:f7:54:c5:9f:97:39:70:4c:ae:01:a2:
         3f:95:dd:4a:66:c6:57:06:b6:fc:96:a6:87:97:50:d2:17:7a:
         21:1c:8f:a3:0c:6d:1a:01:b2:e5:46:01:4e:d1:22:3d:06:bb:
         b7:c9:2d:a1:91:5d:04:c8:8a:e8:57:af:df:d5:0b:d6:6f:a8:
         5f:0c:9d:0b:a0:c8:b1:a0:57:a5:40:2c:d5:10:fd:2d:78:9d:
         3d:49:02:e5:52:d3:77:fc:98:7b:85:4e:dd:56:5e:25:83:9c:
         08:8a:44:78:de:3a:0c:e5:81:fc:8c:fc:13:01:07:27:69:4c:
         0c:84:4e:39:0e:e1:43:ac:52:49:ac:52:92:c0:b3:dc:7f:28:
         4e:df:82:f4:16:e9:67:cb:40:5f:8e:8f:c3:47:e0:2b:5b:6b:
         31:67:24:00:bd:67:03:b7:61:a7:a5:1c:5f:7e:8f:cd:38:20:
         29:ff:1f:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIb11VkSTCk8+b/Z57s+2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZWVhZWUwODYzZDFkY2E2MjRmNjFmMzliMjE4MWM3ZGI2
Y2JhM2YwHhcNMjQwMTAyMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDAzODIxNzE3MmRiMWZmMTMxZTMxYmIxNjIzYmQ3YWI0MTAwNDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+Tw1AhD/xTBLnnmhlRDCpxYXUBo
K9Yjw1yw5RMfogSkzkwIqVxR1U4IvGJfJ+hCKJYDMt6l5fB0UgpDQWv5oFJSU8Ll
18E0A+bn37OO/GXr8IZRQeNuGTbzthBGgRoP04I+FzKBzuczXLreFVpxtX40T36h
eOaIA3v2U76AHckxD+tba20eh9HsC8NPdSNTGyx4KLb7YVWu6avBz4pKYJbi1FiZ
X3Jwh3E2fepUPOeh37T5XeaHGnQvB5IPBcwSOQXYH1gwIJva5cPMi/LFBSzgiem4
Vnp4zHlljcMrV3Y/Q3pr7UtxECMo+UB6fj+Jw3kLbnMkxbe8xhuKKQtAiQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIQDghcXLbH/Ex4xuxYjvXq0EAQVMB8GA1UdIwQY
MBaAFAruruCGPR3KYk9h85shgcfbbLo/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3U2dTRJWTlIY3BpVDJIem15R0J4OXRzdWo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9iNjI4NzgtY2NjOC00ZDU3LTlmZTAt
N2ExMDRiODBjZDcxLzEvaEFPQ0Z4Y3RzZjhUSGpHN0ZpTzllclFRQkJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9iNjI4NzgtY2NjOC00ZDU3LTlmZTAtN2ExMDRiODBjZDcx
LzEvQ3U2dTRJWTlIY3BpVDJIem15R0J4OXRzdWo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEBc7wAwQC
LVUIAwQEn/+wMA0GCSqGSIb3DQEBCwUAA4IBAQBSNxfYbPWO33YJEmww5otjZsvz
woZovAlwA6Cqidw0PROszpWyW7I8eN0E+rb+CZR+PbF82AvGUxxI/1MhYj+KwvWH
jGbpM1YForeDyA+m91TFn5c5cEyuAaI/ld1KZsZXBrb8lqaHl1DSF3ohHI+jDG0a
AbLlRgFO0SI9Bru3yS2hkV0EyIroV6/f1QvWb6hfDJ0LoMixoFelQCzVEP0teJ09
SQLlUtN3/Jh7hU7dVl4lg5wIikR43joM5YH8jPwTAQcnaUwMhE45DuFDrFJJrFKS
wLPcfyhO34L0Fulny0Bfjo/DR+ArW2sxZyQAvWcDt2GnpRxffo/NOCAp/x+8
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:00:15 2024 by rpki-client on console-fra.rpki-client.org