Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/_PqP39FzftfO-7VLMM2dmTLrMcs.roa
File:                     _PqP39FzftfO-7VLMM2dmTLrMcs.roa (raw, json)
Hash identifier:          CJ+28nkgf4oNGdqZSE90eYJxAT+csrK+YiNrA00VE1w=
Subject key identifier:   FC:FA:8F:DF:D1:73:7E:D7:CE:FB:B5:4B:30:CD:9D:99:32:EB:31:CB
Certificate issuer:       /CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
Certificate serial:       019420D65CD0E71A1E596C768F18A1DE595E
Authority key identifier: F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/_PqP39FzftfO-7VLMM2dmTLrMcs.roa
Signing time:             Wed 01 Jan 2025 07:48:26 +0000
ROA not before:           Wed 01 Jan 2025 07:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208064
IP address blocks:        45.157.132.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 07:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:5c:d0:e7:1a:1e:59:6c:76:8f:18:a1:de:59:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
        Validity
            Not Before: Jan  1 07:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcfa8fdfd1737ed7cefbb54b30cd9d9932eb31cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:de:6d:6d:bd:a3:3b:cc:c0:08:21:d2:65:b8:
                    c7:06:d8:b5:2a:5a:e3:11:e2:e0:5d:44:2c:a3:65:
                    63:54:9a:d9:08:84:ce:2f:79:db:3d:2c:89:83:85:
                    62:22:70:3a:e7:76:a2:02:1a:3b:8f:3d:2f:40:1b:
                    92:d0:c9:1e:56:c9:57:d4:24:ff:08:bf:bb:6b:cb:
                    cb:4b:70:63:3a:f1:6e:91:12:43:2d:3c:66:b5:ef:
                    d2:5d:dc:8d:9d:b1:ac:a9:3a:88:91:3e:08:9e:8d:
                    48:c3:e0:9b:59:62:0a:13:b6:0a:ab:da:a3:bf:7e:
                    08:1f:81:dd:c2:27:55:be:ce:45:33:eb:eb:0c:17:
                    f1:d5:d2:b8:59:23:fa:53:ce:de:b9:05:27:8c:21:
                    1c:8e:8c:f7:de:03:19:cb:34:06:fc:b9:c8:71:7f:
                    91:a4:d6:7e:87:0e:d6:21:8a:b8:20:6d:19:3f:5d:
                    ea:84:b6:34:d4:c2:1c:76:b0:b7:da:f7:c7:eb:fa:
                    f4:21:22:78:4c:da:02:d3:58:b0:96:82:2b:56:d7:
                    76:3b:5c:a8:7b:47:4b:d5:a6:7c:fd:13:14:ac:61:
                    04:73:3d:e1:ac:fe:59:c0:c0:77:ac:93:2f:62:7a:
                    0c:0a:d6:e7:a5:55:94:7e:f2:04:9a:6a:74:2e:f5:
                    ce:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:FA:8F:DF:D1:73:7E:D7:CE:FB:B5:4B:30:CD:9D:99:32:EB:31:CB
            X509v3 Authority Key Identifier:
                keyid:F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/_PqP39FzftfO-7VLMM2dmTLrMcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:5b:5e:d3:19:3e:a0:58:67:aa:1e:bc:07:9b:5b:46:6a:c3:
         0d:e2:07:80:7d:86:0f:23:a9:48:3e:d2:de:c7:51:3a:aa:95:
         82:33:b2:96:e4:f8:d1:84:4a:58:80:31:be:92:3a:92:d3:6b:
         9e:e7:4a:9f:33:a7:39:68:52:80:dc:8e:f9:2d:49:35:ac:ec:
         63:5e:2e:c7:1e:2e:f6:5f:e3:0a:cb:a0:86:d1:25:18:8b:f3:
         e0:b9:b3:3a:61:4b:2f:01:d8:9b:5f:c8:34:a0:a8:f4:cf:c6:
         67:e7:41:82:43:45:71:51:63:c2:1b:e1:31:b5:21:c0:80:76:
         58:03:ad:9f:75:51:ba:75:e5:7c:37:61:fe:cd:08:5e:27:76:
         ce:65:39:79:8b:a3:24:55:aa:cc:a6:5c:17:67:a1:d3:db:32:
         75:46:3b:b2:34:ca:65:70:53:49:c1:8e:bd:d8:fa:98:56:18:
         f7:62:c5:4a:b3:7f:97:00:25:c9:32:03:38:1f:42:42:f1:38:
         65:a8:e7:f7:97:0f:6b:c2:72:ad:92:f5:a7:dd:3c:27:31:fd:
         3f:55:30:f9:84:93:65:2c:ab:fa:81:c4:eb:7e:d5:ef:46:8b:
         de:24:8a:ca:d9:36:18:b4:d3:e0:ea:cf:3c:ca:78:27:09:83:
         c7:06:18:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lzQ5xoeWWx2jxih3lleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3Y2IxNGE0MWY4ZDllNjI4ZGFlODhmNDc1MjgyMmZjNzdk
ZmVjMDIwHhcNMjUwMTAxMDc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2ZhOGZkZmQxNzM3ZWQ3Y2VmYmI1NGIzMGNkOWQ5OTMyZWIzMWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4N5tbb2jO8zACCHSZbjHBti1Klrj
EeLgXUQso2VjVJrZCITOL3nbPSyJg4ViInA653aiAho7jz0vQBuS0MkeVslX1CT/
CL+7a8vLS3BjOvFukRJDLTxmte/SXdyNnbGsqTqIkT4Ino1Iw+CbWWIKE7YKq9qj
v34IH4HdwidVvs5FM+vrDBfx1dK4WSP6U87euQUnjCEcjoz33gMZyzQG/LnIcX+R
pNZ+hw7WIYq4IG0ZP13qhLY01MIcdrC32vfH6/r0ISJ4TNoC01iwloIrVtd2O1yo
e0dL1aZ8/RMUrGEEcz3hrP5ZwMB3rJMvYnoMCtbnpVWUfvIEmmp0LvXOEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPz6j9/Rc37Xzvu1SzDNnZky6zHLMB8GA1UdIwQY
MBaAFPfLFKQfjZ5ija6I9HUoIvx33+wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTkt
ZTdlZTRlNzVkM2FmLzEvX1BxUDM5RnpmdGZPLTdWTE1NMmRtVExyTWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTktZTdlZTRlNzVkM2Fm
LzEvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ2EMA0G
CSqGSIb3DQEBCwUAA4IBAQA/W17TGT6gWGeqHrwHm1tGasMN4geAfYYPI6lIPtLe
x1E6qpWCM7KW5PjRhEpYgDG+kjqS02ue50qfM6c5aFKA3I75LUk1rOxjXi7HHi72
X+MKy6CG0SUYi/PgubM6YUsvAdibX8g0oKj0z8Zn50GCQ0VxUWPCG+ExtSHAgHZY
A62fdVG6deV8N2H+zQheJ3bOZTl5i6MkVarMplwXZ6HT2zJ1RjuyNMplcFNJwY69
2PqYVhj3YsVKs3+XACXJMgM4H0JC8ThlqOf3lw9rwnKtkvWn3TwnMf0/VTD5hJNl
LKv6gcTrftXvRoveJIrK2TYYtNPg6s88yngnCYPHBhhd
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:51:29 2025 by rpki-client