Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/XH8MwnrRriAgwi0t1qOmRFgJcFM.roa
File:                     XH8MwnrRriAgwi0t1qOmRFgJcFM.roa (raw, json)
Hash identifier:          uceifxPtHcuJ0q8bUqyN45WPCASQILcRmI8LqzeVrw0=
Subject key identifier:   5C:7F:0C:C2:7A:D1:AE:20:20:C2:2D:2D:D6:A3:A6:44:58:09:70:53
Certificate issuer:       /CN=bea6ca03a8c135ceeae232c937c1ee0bab87e782
Certificate serial:       018E19C3B97A07A40291D67C57F4E11A9F51
Authority key identifier: BE:A6:CA:03:A8:C1:35:CE:EA:E2:32:C9:37:C1:EE:0B:AB:87:E7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/XH8MwnrRriAgwi0t1qOmRFgJcFM.roa
Signing time:             Thu 07 Mar 2024 16:34:01 +0000
ROA not before:           Thu 07 Mar 2024 16:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209055
IP address blocks:        45.8.40.0/22 maxlen: 22
                          45.8.40.0/24 maxlen: 24
                          45.8.41.0/24 maxlen: 24
                          45.8.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:19:c3:b9:7a:07:a4:02:91:d6:7c:57:f4:e1:1a:9f:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bea6ca03a8c135ceeae232c937c1ee0bab87e782
        Validity
            Not Before: Mar  7 16:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c7f0cc27ad1ae2020c22d2dd6a3a64458097053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:79:f8:2b:8a:a2:76:7f:85:35:5a:30:ee:fc:
                    8a:82:0a:f8:a6:ff:cb:98:ed:d8:2e:fc:e2:fa:0d:
                    73:5f:5d:74:84:49:57:8c:44:a6:ee:14:3c:70:37:
                    22:5c:2a:84:d0:f4:f8:37:cf:2b:da:6d:f1:d1:5d:
                    02:30:dc:18:06:80:fa:90:bd:fd:0e:44:93:ec:a0:
                    d1:83:38:43:17:80:79:66:e2:0a:ef:a7:22:47:01:
                    bd:e8:9b:99:9e:c3:ad:89:87:e7:40:6c:d7:97:f2:
                    0c:57:58:93:71:dc:52:68:d9:58:df:ba:26:77:dc:
                    13:d0:93:d6:17:94:88:7f:1a:e4:6b:eb:5e:a5:54:
                    3a:73:e0:bd:64:17:81:01:20:3c:38:3e:ba:7e:08:
                    5c:ac:b0:c3:7e:e7:91:5d:39:6a:5b:1f:af:48:0a:
                    88:77:a6:47:f0:98:12:54:a2:a0:f0:05:a1:f2:0e:
                    c8:2a:90:0b:5f:45:f3:53:ef:2a:ce:2c:c6:b2:93:
                    da:b3:7a:0c:66:28:b6:01:ad:a5:20:c5:4d:2a:eb:
                    25:4b:c4:55:3f:b8:16:f9:56:18:a0:2a:41:7f:c4:
                    c0:9c:ad:9b:73:73:dd:87:a7:e8:5d:11:ee:9a:c9:
                    cb:bd:11:ec:12:bd:52:ab:fa:9c:0e:fa:af:61:87:
                    f6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:7F:0C:C2:7A:D1:AE:20:20:C2:2D:2D:D6:A3:A6:44:58:09:70:53
            X509v3 Authority Key Identifier:
                keyid:BE:A6:CA:03:A8:C1:35:CE:EA:E2:32:C9:37:C1:EE:0B:AB:87:E7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/XH8MwnrRriAgwi0t1qOmRFgJcFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:43:52:fe:34:cb:29:23:d4:b7:ef:fa:b5:3a:21:24:b1:66:
         2a:c5:fb:77:50:99:a2:a6:c7:b6:cb:e6:45:f1:33:39:1c:3e:
         39:7f:ff:65:66:9c:8e:54:12:1f:71:02:b9:db:b5:d2:44:11:
         68:01:35:e4:7a:f2:1b:11:d6:f3:9e:7c:14:d6:e8:59:46:74:
         7a:45:39:81:0b:ac:4f:d1:14:0c:b7:d5:66:96:2a:ef:83:5f:
         47:b9:24:fe:90:b8:65:a8:4a:ad:bc:87:e4:6c:70:c4:18:c4:
         97:46:47:05:32:e0:a8:de:8d:ac:27:e3:ca:db:cf:34:38:75:
         41:cf:00:f6:d7:08:a8:ba:c7:91:6e:1a:fb:f5:d6:cf:b7:12:
         fd:88:97:06:86:57:e5:13:0a:52:13:9a:a1:43:aa:f1:e8:fe:
         9f:19:27:f8:62:56:3c:74:b2:19:65:40:1a:b2:64:90:02:9b:
         e3:15:cc:ea:f6:06:82:d2:d4:60:5e:6f:42:89:ba:65:0f:b8:
         5a:67:8c:24:8e:e2:ef:38:c5:93:85:af:45:02:2e:e0:75:6f:
         b0:df:80:a4:f2:a9:8a:60:9c:ca:93:45:83:0b:b6:52:7b:7e:
         c9:08:61:c7:df:d3:57:6c:68:e8:24:a3:e8:89:2b:2c:45:2c:
         04:11:2a:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4Zw7l6B6QCkdZ8V/ThGp9RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTZjYTAzYThjMTM1Y2VlYWUyMzJjOTM3YzFlZTBiYWI4
N2U3ODIwHhcNMjQwMzA3MTYzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzdmMGNjMjdhZDFhZTIwMjBjMjJkMmRkNmEzYTY0NDU4MDk3MDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnn4K4qidn+FNVow7vyKggr4pv/L
mO3YLvzi+g1zX110hElXjESm7hQ8cDciXCqE0PT4N88r2m3x0V0CMNwYBoD6kL39
DkST7KDRgzhDF4B5ZuIK76ciRwG96JuZnsOtiYfnQGzXl/IMV1iTcdxSaNlY37om
d9wT0JPWF5SIfxrka+tepVQ6c+C9ZBeBASA8OD66fghcrLDDfueRXTlqWx+vSAqI
d6ZH8JgSVKKg8AWh8g7IKpALX0XzU+8qzizGspPas3oMZii2Aa2lIMVNKuslS8RV
P7gW+VYYoCpBf8TAnK2bc3Pdh6foXRHumsnLvRHsEr1Sq/qcDvqvYYf2NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFx/DMJ60a4gIMItLdajpkRYCXBTMB8GA1UdIwQY
MBaAFL6mygOowTXO6uIyyTfB7gurh+eCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFiS0E2akJOYzdxNGpMSk44SHVDNnVINTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iYzY1ZjYtMGMzYi00MDRlLWJmYWQt
OWZhNDIyOGMwMmVhLzEvWEg4TXduclJyaUFnd2kwdDFxT21SRmdKY0ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iYzY1ZjYtMGMzYi00MDRlLWJmYWQtOWZhNDIyOGMwMmVh
LzEvdnFiS0E2akJOYzdxNGpMSk44SHVDNnVINTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQgoMA0G
CSqGSIb3DQEBCwUAA4IBAQBkQ1L+NMspI9S37/q1OiEksWYqxft3UJmipse2y+ZF
8TM5HD45f/9lZpyOVBIfcQK527XSRBFoATXkevIbEdbznnwU1uhZRnR6RTmBC6xP
0RQMt9Vmlirvg19HuST+kLhlqEqtvIfkbHDEGMSXRkcFMuCo3o2sJ+PK2880OHVB
zwD21wiouseRbhr79dbPtxL9iJcGhlflEwpSE5qhQ6rx6P6fGSf4YlY8dLIZZUAa
smSQApvjFczq9gaC0tRgXm9CibplD7haZ4wkjuLvOMWTha9FAi7gdW+w34Ck8qmK
YJzKk0WDC7ZSe37JCGHH39NXbGjoJKPoiSssRSwEESqG
-----END CERTIFICATE-----
Generated at Mon Nov 25 07:33:24 2024 by rpki-client on console-ams.rpki-client.org