Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pBgr8z2YIeUfbXYQIj49rbpJUHU.roa
File:                     pBgr8z2YIeUfbXYQIj49rbpJUHU.roa (raw, json)
Hash identifier:          yoaI9P8cplgBNxv2L6XtL6X1gxRMp8ZQfosDkGp943Q=
Subject key identifier:   A4:18:2B:F3:3D:98:21:E5:1F:6D:76:10:22:3E:3D:AD:BA:49:50:75
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DD09FAE425810ADFA18FEC0250AD
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pBgr8z2YIeUfbXYQIj49rbpJUHU.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62805
IP address blocks:        45.87.166.0/24 maxlen: 24
                          45.87.165.0/24 maxlen: 24
                          45.87.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:dd:09:fa:e4:25:81:0a:df:a1:8f:ec:02:50:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4182bf33d9821e51f6d7610223e3dadba495075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ab:c2:bf:0e:3f:41:90:e4:ec:93:5e:f7:bb:
                    75:64:8f:b3:85:0b:d2:59:22:e1:70:7c:06:38:a2:
                    83:06:22:5c:5b:ac:09:10:13:a1:0c:be:23:9d:98:
                    65:db:87:4d:e3:e1:fe:16:7c:e5:f6:76:fc:23:07:
                    b1:c2:8f:5f:c0:96:1e:87:b6:39:42:63:af:89:d6:
                    c7:8a:6b:75:2a:10:c6:8e:69:aa:c4:26:74:7d:6a:
                    fd:60:5f:0c:ee:6c:0d:a3:85:6a:89:85:95:a6:24:
                    0d:c8:cc:a9:f4:91:35:17:c5:b1:03:72:11:6f:a8:
                    35:ee:16:07:a5:b0:66:bc:80:5f:e4:4e:9f:e4:31:
                    75:0b:7f:5e:31:4a:65:99:1a:86:85:41:4e:02:a6:
                    aa:c5:fb:b4:04:8b:5a:a7:a1:54:64:ef:fd:46:5d:
                    6f:79:98:f7:56:9a:dc:85:e3:e2:00:c6:9b:e0:4f:
                    a7:de:e2:75:bd:95:77:0e:b2:60:d0:63:b2:2b:96:
                    c3:a4:ea:19:5a:f9:3c:0a:1f:15:ed:80:11:f1:20:
                    a3:49:70:4a:f0:a6:f8:5c:c0:b1:ab:39:ea:89:c8:
                    61:73:5c:e9:d1:1a:bb:1d:53:55:2f:4e:72:b2:19:
                    e0:27:14:e8:b6:b4:5e:d6:98:e6:a2:15:23:e3:62:
                    10:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:18:2B:F3:3D:98:21:E5:1F:6D:76:10:22:3E:3D:AD:BA:49:50:75
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pBgr8z2YIeUfbXYQIj49rbpJUHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.165.0-45.87.167.255

    Signature Algorithm: sha256WithRSAEncryption
         4f:fa:d1:41:0b:f6:7c:3c:ad:fd:87:af:fd:c1:50:78:90:d1:
         ad:41:89:b0:dc:21:2a:37:d2:b9:9f:ca:64:05:d7:8f:e2:dc:
         7f:a8:43:12:96:38:8d:f3:a7:94:b8:cb:40:91:e1:0d:b5:ed:
         ce:f2:00:31:f7:4b:d2:20:6f:cf:bc:9c:e1:1f:21:cc:40:90:
         3a:74:25:5a:d3:b0:ad:99:21:b6:1c:30:b2:6d:17:ad:a1:8c:
         b9:e0:bc:67:7a:17:1f:50:3a:fd:d0:e0:76:89:1d:d6:fb:7a:
         74:28:d8:8f:17:7c:8b:c7:e2:7b:79:f3:19:9d:c3:7e:0f:73:
         f6:93:ca:a8:3b:f5:6d:86:8a:86:4a:67:19:e7:ae:c6:92:da:
         4e:e3:98:30:cb:db:7f:5f:52:a6:d2:af:09:ba:6c:2a:3b:c2:
         65:17:d2:53:b6:af:1c:e6:c7:42:b2:84:07:07:05:55:17:1c:
         ce:e3:8a:3b:0b:ae:48:cd:7d:4d:dd:f1:6a:b9:26:a5:5a:c6:
         06:bc:63:5c:19:8a:41:a8:1f:60:0a:1a:72:b8:93:c9:2c:c9:
         4d:68:79:a1:fb:2a:b7:fd:2e:e2:9b:b7:2e:54:aa:ec:fb:5c:
         aa:d3:71:36:c5:28:d2:5a:af:0b:b5:13:2a:64:81:47:a9:ca:
         05:67:f4:55
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIAd0J+uQlgQrfoY/sAlCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDE4MmJmMzNkOTgyMWU1MWY2ZDc2MTAyMjNlM2RhZGJhNDk1MDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqvCvw4/QZDk7JNe97t1ZI+zhQvS
WSLhcHwGOKKDBiJcW6wJEBOhDL4jnZhl24dN4+H+Fnzl9nb8Iwexwo9fwJYeh7Y5
QmOvidbHimt1KhDGjmmqxCZ0fWr9YF8M7mwNo4VqiYWVpiQNyMyp9JE1F8WxA3IR
b6g17hYHpbBmvIBf5E6f5DF1C39eMUplmRqGhUFOAqaqxfu0BItap6FUZO/9Rl1v
eZj3VprchePiAMab4E+n3uJ1vZV3DrJg0GOyK5bDpOoZWvk8Ch8V7YAR8SCjSXBK
8Kb4XMCxqznqichhc1zp0Rq7HVNVL05yshngJxTotrRe1pjmohUj42IQ2QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKQYK/M9mCHlH212ECI+Pa26SVB1MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvcEJncjh6MllJZVVmYlhZUUlqNDlyYnBKVUhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtV6UD
BAMtV6AwDQYJKoZIhvcNAQELBQADggEBAE/60UEL9nw8rf2Hr/3BUHiQ0a1BibDc
ISo30rmfymQF14/i3H+oQxKWOI3zp5S4y0CR4Q217c7yADH3S9Igb8+8nOEfIcxA
kDp0JVrTsK2ZIbYcMLJtF62hjLngvGd6Fx9QOv3Q4HaJHdb7enQo2I8XfIvH4nt5
8xmdw34Pc/aTyqg79W2GioZKZxnnrsaS2k7jmDDL239fUqbSrwm6bCo7wmUX0lO2
rxzmx0KyhAcHBVUXHM7jijsLrkjNfU3d8Wq5JqVaxga8Y1wZikGoH2AKGnK4k8ks
yU1oeaH7Krf9LuKbty5Uquz7XKrTcTbFKNJarwu1EypkgUepygVn9FU=
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:29:03 2024 by rpki-client on console-fra.rpki-client.org