Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/28nyzvc8WoekT4gQz_aS76dp54k.roa
File:                     28nyzvc8WoekT4gQz_aS76dp54k.roa (raw, json)
Hash identifier:          bPD207i4lL0hojueHKP8KuHkMYjNfLayyVNIRcpDO6s=
Subject key identifier:   DB:C9:F2:CE:F7:3C:5A:87:A4:4F:88:10:CF:F6:92:EF:A7:69:E7:89
Certificate issuer:       /CN=19c91f1cb0874232a04fbc092baa688accecc9d7
Certificate serial:       018CC34906EF385CEFD6024D3FC1A5133A77
Authority key identifier: 19:C9:1F:1C:B0:87:42:32:A0:4F:BC:09:2B:AA:68:8A:CC:EC:C9:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GckfHLCHQjKgT7wJK6poiszsydc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/28nyzvc8WoekT4gQz_aS76dp54k.roa
Signing time:             Mon 01 Jan 2024 04:29:52 +0000
ROA not before:           Mon 01 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208759
IP address blocks:        45.85.237.0/24 maxlen: 24
                          45.85.236.0/24 maxlen: 24
                          45.85.239.0/24 maxlen: 24
                          45.85.238.0/24 maxlen: 24
                          2a0e:c885::/44 maxlen: 44
                          2a0e:c887::/44 maxlen: 44
                          2a0e:c884:3e80::/44 maxlen: 48
                          2a0e:c886::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/GckfHLCHQjKgT7wJK6poiszsydc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/GckfHLCHQjKgT7wJK6poiszsydc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GckfHLCHQjKgT7wJK6poiszsydc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:06:ef:38:5c:ef:d6:02:4d:3f:c1:a5:13:3a:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19c91f1cb0874232a04fbc092baa688accecc9d7
        Validity
            Not Before: Jan  1 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbc9f2cef73c5a87a44f8810cff692efa769e789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a0:bf:31:de:69:a6:52:5e:77:8f:c6:31:e6:
                    2d:b5:74:7b:42:cf:de:6b:e9:0e:37:81:7b:7f:84:
                    30:55:47:4d:a3:6c:52:e3:b9:07:2d:75:c3:38:77:
                    51:a2:6f:66:fc:9a:b1:d0:ff:0a:0d:d7:e3:5f:e1:
                    75:ef:06:53:b6:36:56:26:dd:fb:90:4d:4c:c8:31:
                    ab:66:c5:c0:a4:1c:32:93:1f:e9:79:f9:05:96:b0:
                    c4:e3:2a:a0:11:f1:cc:0e:eb:f5:90:40:bd:39:1f:
                    a8:87:3c:ff:96:4b:0f:f2:97:db:21:02:c2:d6:65:
                    7d:f0:76:e7:67:b7:04:80:3c:2c:ff:d5:47:e2:bd:
                    48:26:25:c1:0c:72:fe:50:d4:4f:16:f2:95:43:b9:
                    08:eb:ce:cb:a6:db:a4:d8:3b:51:1d:98:be:ef:bc:
                    8b:3d:69:82:59:2f:5a:63:ab:0e:ca:de:a8:d6:56:
                    0f:03:83:7f:65:94:97:f9:e0:8b:65:d1:84:1c:14:
                    25:35:a4:ec:a7:29:0e:55:3f:35:15:cd:09:9a:6a:
                    42:0a:8b:07:7b:fb:35:d5:01:91:3e:9c:16:d7:bf:
                    61:7b:01:f0:14:fd:0e:e6:4a:4d:5a:17:5b:14:91:
                    76:56:2e:d7:5f:de:cc:f4:7d:6c:b8:97:e6:2b:b9:
                    8b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C9:F2:CE:F7:3C:5A:87:A4:4F:88:10:CF:F6:92:EF:A7:69:E7:89
            X509v3 Authority Key Identifier:
                keyid:19:C9:1F:1C:B0:87:42:32:A0:4F:BC:09:2B:AA:68:8A:CC:EC:C9:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GckfHLCHQjKgT7wJK6poiszsydc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/28nyzvc8WoekT4gQz_aS76dp54k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/046337-4f1f-444e-83d7-054d65d7247f/1/GckfHLCHQjKgT7wJK6poiszsydc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.236.0/22
                IPv6:
                  2a0e:c884:3e80::/44
                  2a0e:c885::/44
                  2a0e:c886::/44
                  2a0e:c887::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:21:c4:ac:19:48:42:fb:3b:87:d2:89:92:8c:2a:47:d9:00:
         12:e4:60:b2:17:22:e3:7e:c3:46:e2:89:fc:ba:4b:f9:d2:52:
         83:7e:12:ef:2c:32:60:55:8d:7b:5c:f1:9d:1f:f8:78:e7:d9:
         24:0d:a2:ba:d1:3f:c8:4d:13:6a:b6:70:85:d3:e0:2e:cf:f9:
         f2:6a:51:0f:d9:b7:84:ed:cb:85:4b:68:ff:bb:c6:00:7c:38:
         b9:64:b3:10:b1:9d:4b:fc:f5:a2:0e:8a:25:43:18:f7:e3:7f:
         9b:e7:51:5a:a0:84:35:b7:ab:3d:61:6a:88:ee:7a:18:e2:32:
         db:49:e6:19:77:de:53:f8:c4:96:41:bb:1f:6f:73:de:49:8a:
         03:c9:f6:9e:30:47:d8:d3:0a:16:09:db:14:c5:42:20:7a:7b:
         1b:f4:a7:4a:cd:7b:0f:f9:c9:bd:3f:b7:d2:ab:51:01:5c:0f:
         ed:3c:74:1d:b3:ae:94:81:67:41:dc:36:96:8d:b6:de:22:11:
         48:a5:61:16:8b:fd:c6:13:45:14:26:0a:40:47:1c:b7:70:b8:
         8a:91:c4:40:81:e1:e2:a2:89:fb:e2:b9:8a:83:8d:11:00:c2:
         a1:20:a5:9f:5d:77:be:72:02:f6:6a:25:b9:f4:a6:7c:1a:0c:
         e6:a1:6e:c7
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzDSQbvOFzv1gJNP8GlEzp3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YzkxZjFjYjA4NzQyMzJhMDRmYmMwOTJiYWE2ODhhY2Nl
Y2M5ZDcwHhcNMjQwMTAxMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmM5ZjJjZWY3M2M1YTg3YTQ0Zjg4MTBjZmY2OTJlZmE3NjllNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6C/Md5pplJed4/GMeYttXR7Qs/e
a+kON4F7f4QwVUdNo2xS47kHLXXDOHdRom9m/Jqx0P8KDdfjX+F17wZTtjZWJt37
kE1MyDGrZsXApBwykx/pefkFlrDE4yqgEfHMDuv1kEC9OR+ohzz/lksP8pfbIQLC
1mV98HbnZ7cEgDws/9VH4r1IJiXBDHL+UNRPFvKVQ7kI687Lptuk2DtRHZi+77yL
PWmCWS9aY6sOyt6o1lYPA4N/ZZSX+eCLZdGEHBQlNaTspykOVT81Fc0JmmpCCosH
e/s11QGRPpwW179hewHwFP0O5kpNWhdbFJF2Vi7XX97M9H1suJfmK7mLVwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFNvJ8s73PFqHpE+IEM/2ku+naeeJMB8GA1UdIwQY
MBaAFBnJHxywh0IyoE+8CSuqaIrM7MnXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2NrZkhMQ0hRaktnVDd3Sks2cG9pc3pzeWRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8wNDYzMzctNGYxZi00NDRlLTgzZDct
MDU0ZDY1ZDcyNDdmLzEvMjhueXp2YzhXb2VrVDRnUXpfYVM3NmRwNTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8wNDYzMzctNGYxZi00NDRlLTgzZDctMDU0ZDY1ZDcyNDdm
LzEvR2NrZkhMQ0hRaktnVDd3Sks2cG9pc3pzeWRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAMBAIAATAGAwQCLVXsMCoE
AgACMCQDBwQqDsiEPoADBwQqDsiFAAADBwQqDsiGAAADBwQqDsiHAAAwDQYJKoZI
hvcNAQELBQADggEBAE0hxKwZSEL7O4fSiZKMKkfZABLkYLIXIuN+w0biify6S/nS
UoN+Eu8sMmBVjXtc8Z0f+Hjn2SQNorrRP8hNE2q2cIXT4C7P+fJqUQ/Zt4Tty4VL
aP+7xgB8OLlksxCxnUv89aIOiiVDGPfjf5vnUVqghDW3qz1haojuehjiMttJ5hl3
3lP4xJZBux9vc95JigPJ9p4wR9jTChYJ2xTFQiB6exv0p0rNew/5yb0/t9KrUQFc
D+08dB2zrpSBZ0HcNpaNtt4iEUilYRaL/cYTRRQmCkBHHLdwuIqRxECB4eKiifvi
uYqDjREAwqEgpZ9dd75yAvZqJbn0pnwaDOahbsc=
-----END CERTIFICATE-----
Generated at Fri Dec 27 20:42:32 2024 by rpki-client on console-fra.rpki-client.org