Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/8af8e6-19c1-4be1-af23-19916a4aeeb3/1/7gOxTYYDmG-EqFWel4ccHhZ9xaM.roa
File:                     7gOxTYYDmG-EqFWel4ccHhZ9xaM.roa (raw, json)
Hash identifier:          BFF3WjmZzbM2hoBv3Ezn2H4ikLhIFqob4L9VBlvsyes=
Subject key identifier:   EE:03:B1:4D:86:03:98:6F:84:A8:55:9E:97:87:1C:1E:16:7D:C5:A3
Certificate issuer:       /CN=7a7cf1a2aa83b126ff4ceef473a47397abf8ff0d
Certificate serial:       018CC795391CF37771D5491B3A54C52F7FB8
Authority key identifier: 7A:7C:F1:A2:AA:83:B1:26:FF:4C:EE:F4:73:A4:73:97:AB:F8:FF:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/enzxoqqDsSb_TO70c6Rzl6v4_w0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/8af8e6-19c1-4be1-af23-19916a4aeeb3/1/7gOxTYYDmG-EqFWel4ccHhZ9xaM.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201150
IP address blocks:        46.249.120.0/21 maxlen: 24
                          45.84.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/8af8e6-19c1-4be1-af23-19916a4aeeb3/1/enzxoqqDsSb_TO70c6Rzl6v4_w0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/8af8e6-19c1-4be1-af23-19916a4aeeb3/1/enzxoqqDsSb_TO70c6Rzl6v4_w0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/enzxoqqDsSb_TO70c6Rzl6v4_w0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:39:1c:f3:77:71:d5:49:1b:3a:54:c5:2f:7f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a7cf1a2aa83b126ff4ceef473a47397abf8ff0d
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee03b14d8603986f84a8559e97871c1e167dc5a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ad:c7:c2:1f:93:16:27:2f:4e:e0:4f:d9:de:
                    50:bf:74:18:a7:ca:08:77:e8:07:2b:8f:d9:43:c5:
                    a4:d4:83:d4:a2:d9:3b:6c:93:eb:2a:5c:77:b0:eb:
                    1d:28:3b:a4:e3:ab:37:87:74:ef:30:8b:a3:a3:09:
                    94:ab:02:ed:4b:01:a7:d3:e3:ef:0c:61:ba:63:31:
                    ff:23:9b:57:d9:e2:0b:52:87:5f:d7:52:f4:69:d9:
                    45:00:85:fe:58:09:bc:ae:ef:e2:e5:81:0e:f1:f9:
                    5d:d0:a0:ff:73:13:d2:81:40:73:f5:90:9a:fb:ba:
                    a8:d3:4b:09:58:08:7f:cc:ad:90:20:1d:c4:a2:36:
                    73:d0:fd:10:af:50:df:2a:88:f2:10:d3:a2:a1:45:
                    c0:63:d7:5d:f4:74:4b:5b:1b:39:e6:50:d3:ac:50:
                    e8:17:28:4a:a6:19:94:a6:1f:97:0c:5c:e4:2a:46:
                    b8:cf:1d:7a:91:5e:74:88:9e:e4:17:fc:ea:46:bf:
                    22:af:9d:e1:fc:4e:33:41:49:ff:ba:a2:de:21:de:
                    ee:cf:c7:6a:2a:30:7a:73:61:77:8b:74:88:e4:33:
                    88:b4:f9:8d:78:eb:43:1a:0c:f3:f6:68:5c:12:2e:
                    80:0c:40:98:cb:2c:5b:b6:3d:b0:96:de:ad:04:fe:
                    80:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:03:B1:4D:86:03:98:6F:84:A8:55:9E:97:87:1C:1E:16:7D:C5:A3
            X509v3 Authority Key Identifier:
                keyid:7A:7C:F1:A2:AA:83:B1:26:FF:4C:EE:F4:73:A4:73:97:AB:F8:FF:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/enzxoqqDsSb_TO70c6Rzl6v4_w0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8af8e6-19c1-4be1-af23-19916a4aeeb3/1/7gOxTYYDmG-EqFWel4ccHhZ9xaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8af8e6-19c1-4be1-af23-19916a4aeeb3/1/enzxoqqDsSb_TO70c6Rzl6v4_w0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.156.0/22
                  46.249.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4c:20:20:79:f1:ce:bb:69:7c:85:bd:db:1c:6b:ad:21:40:d1:
         b8:87:ba:1e:9d:13:12:8f:e4:a1:d5:02:73:53:c0:f0:a2:77:
         62:62:41:2a:38:b1:3a:e9:61:7c:67:53:e1:70:dd:6f:f6:19:
         af:27:f7:55:a1:bf:a6:1d:af:d1:e9:94:b5:3e:83:f1:48:9a:
         34:a3:81:61:ec:cc:c9:54:2d:05:8b:cd:da:7b:d8:db:59:36:
         a8:b6:f8:06:84:bc:36:fe:fa:c9:e9:26:f7:f9:4b:54:a1:2e:
         49:ca:5c:b2:2a:59:db:a6:10:38:3a:dc:88:41:e2:b7:76:2a:
         8a:ef:b5:7d:51:9a:2a:f3:5a:87:53:90:cd:81:61:c2:1f:26:
         a5:2a:b3:25:3c:2b:f7:3f:2e:84:dc:e7:c6:30:37:d1:43:86:
         46:5d:f5:a8:96:a0:ae:74:ae:15:2f:f6:d6:c2:9b:83:ee:49:
         c6:99:80:89:f6:2d:1f:d9:23:ee:27:16:5f:a9:42:c2:77:8d:
         0b:e6:49:19:43:47:2b:ef:38:c0:56:53:75:1a:3d:1e:0d:21:
         b7:cb:72:5f:c0:07:c1:2d:fa:6e:be:f1:0b:a1:46:8f:77:69:
         b4:c8:0c:11:50:5d:6e:93:1a:11:e3:54:6d:d1:ba:ed:17:29:
         d1:2e:3f:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlTkc83dx1UkbOlTFL3+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhN2NmMWEyYWE4M2IxMjZmZjRjZWVmNDczYTQ3Mzk3YWJm
OGZmMGQwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTAzYjE0ZDg2MDM5ODZmODRhODU1OWU5Nzg3MWMxZTE2N2RjNWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk63Hwh+TFicvTuBP2d5Qv3QYp8oI
d+gHK4/ZQ8Wk1IPUotk7bJPrKlx3sOsdKDuk46s3h3TvMIujowmUqwLtSwGn0+Pv
DGG6YzH/I5tX2eILUodf11L0adlFAIX+WAm8ru/i5YEO8fld0KD/cxPSgUBz9ZCa
+7qo00sJWAh/zK2QIB3EojZz0P0Qr1DfKojyENOioUXAY9dd9HRLWxs55lDTrFDo
FyhKphmUph+XDFzkKka4zx16kV50iJ7kF/zqRr8ir53h/E4zQUn/uqLeId7uz8dq
KjB6c2F3i3SI5DOItPmNeOtDGgzz9mhcEi6ADECYyyxbtj2wlt6tBP6AswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO4DsU2GA5hvhKhVnpeHHB4WfcWjMB8GA1UdIwQY
MBaAFHp88aKqg7Em/0zu9HOkc5er+P8NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZW56eG9xcURzU2JfVE83MGM2UnpsNnY0X3cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84YWY4ZTYtMTljMS00YmUxLWFmMjMt
MTk5MTZhNGFlZWIzLzEvN2dPeFRZWURtRy1FcUZXZWw0Y2NIaFo5eGFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84YWY4ZTYtMTljMS00YmUxLWFmMjMtMTk5MTZhNGFlZWIz
LzEvZW56eG9xcURzU2JfVE83MGM2UnpsNnY0X3cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVScAwQD
Lvl4MA0GCSqGSIb3DQEBCwUAA4IBAQBMICB58c67aXyFvdsca60hQNG4h7oenRMS
j+Sh1QJzU8DwondiYkEqOLE66WF8Z1PhcN1v9hmvJ/dVob+mHa/R6ZS1PoPxSJo0
o4Fh7MzJVC0Fi83ae9jbWTaotvgGhLw2/vrJ6Sb3+UtUoS5JylyyKlnbphA4OtyI
QeK3diqK77V9UZoq81qHU5DNgWHCHyalKrMlPCv3Py6E3OfGMDfRQ4ZGXfWolqCu
dK4VL/bWwpuD7knGmYCJ9i0f2SPuJxZfqULCd40L5kkZQ0cr7zjAVlN1Gj0eDSG3
y3JfwAfBLfpuvvELoUaPd2m0yAwRUF1ukxoR41Rt0brtFynRLj9F
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:08:47 2024 by rpki-client on console-ams.rpki-client.org