Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/8Drqe2CqRBACFNDgDFKo-j04SS0.roa
File:                     8Drqe2CqRBACFNDgDFKo-j04SS0.roa (raw, json)
Hash identifier:          pXhwjnfA/ygM+CAyH+sjrKXtpFbpPh1xMWcbgL78jMk=
Subject key identifier:   F0:3A:EA:7B:60:AA:44:10:02:14:D0:E0:0C:52:A8:FA:3D:38:49:2D
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FB6D4DB3516508CEF742CB9123C09
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/8Drqe2CqRBACFNDgDFKo-j04SS0.roa
Signing time:             Tue 02 Jan 2024 04:30:13 +0000
ROA not before:           Tue 02 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212042
IP address blocks:        45.87.29.0/24 maxlen: 24
                          45.150.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Dec 2024 08:32:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b6:d4:db:35:16:50:8c:ef:74:2c:b9:12:3c:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f03aea7b60aa44100214d0e00c52a8fa3d38492d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3d:73:2f:bc:9f:21:6f:a9:37:d1:1e:6c:d4:
                    71:e4:09:93:ac:bd:1a:1d:70:56:d6:db:c5:d0:2c:
                    b7:34:5e:c4:9a:8e:dd:a9:2c:04:bb:2d:df:d1:62:
                    86:13:48:0a:c1:c3:6a:a6:6a:b4:c9:fb:d7:4e:a5:
                    38:ed:d9:5f:d3:8d:3e:25:e9:d4:24:0d:86:d2:4a:
                    fe:75:ca:73:c0:ad:d6:26:96:63:53:a2:ff:74:07:
                    88:90:e2:00:63:ca:2b:49:12:68:96:f3:6d:3a:da:
                    80:f8:fd:de:f5:45:df:fd:c2:08:b2:be:76:4f:6b:
                    e0:ec:b8:61:8a:f1:4c:c7:c4:95:34:35:15:66:a7:
                    4a:42:e9:a9:1d:04:b2:84:f2:ca:88:ce:4b:f4:05:
                    06:51:90:2e:c1:74:5f:db:fb:67:ec:ad:52:00:fd:
                    5f:c8:c8:c2:bf:dd:4d:f3:31:a1:a9:59:ff:c5:0c:
                    eb:bc:c0:23:fe:ed:ee:f7:b0:6a:35:16:76:7e:a8:
                    09:0c:97:9e:60:55:30:94:aa:24:3b:78:4e:fd:c4:
                    20:80:08:ce:9c:1a:ae:b0:78:1e:e0:4e:6a:b8:8f:
                    ac:d7:76:9a:e0:85:1a:c4:da:97:5f:54:a4:cc:ef:
                    be:46:e2:c3:fc:ad:68:43:d8:1f:e6:32:56:b4:14:
                    c0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:3A:EA:7B:60:AA:44:10:02:14:D0:E0:0C:52:A8:FA:3D:38:49:2D
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/8Drqe2CqRBACFNDgDFKo-j04SS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.29.0/24
                  45.150.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:63:b6:75:f2:41:a5:8e:58:9d:38:d2:2c:0c:da:f1:20:84:
         74:cd:ec:8e:a7:19:f4:e1:09:19:37:b5:57:09:99:13:3b:6f:
         62:70:3e:25:3b:14:76:0b:23:8c:6a:38:69:4e:51:66:2c:91:
         35:d0:25:06:a0:4a:5c:ae:04:b7:df:06:ae:7e:cc:92:74:ea:
         19:93:c4:c8:87:86:91:6c:14:3a:73:9d:2d:40:a9:43:03:f0:
         93:7e:1e:df:17:85:47:93:1d:17:5b:24:05:81:47:5c:af:ab:
         40:68:62:e7:ed:e4:40:d9:dd:98:e1:96:7e:bc:53:4f:c6:cf:
         8e:7d:fa:fc:66:da:5b:ee:ce:6a:92:32:50:f7:29:11:20:59:
         50:c8:b3:f3:81:39:cb:62:8e:9a:31:f4:c6:26:c1:06:35:49:
         a8:9a:3f:d5:ad:27:0a:c4:58:f3:a5:1b:2d:44:63:9a:74:f4:
         2b:d3:52:ac:70:7d:c2:a9:84:d0:0d:c2:c3:df:f8:90:31:e4:
         3c:5a:14:1d:4a:b8:77:fe:81:07:d4:c4:6f:f5:ef:82:a6:92:
         a9:89:e6:8a:69:fa:89:2d:51:d2:34:41:a2:f8:10:16:36:a8:
         bd:9c:9b:8e:c5:c5:11:0c:3e:32:5b:46:a5:a2:f4:d4:45:10:
         56:f8:c6:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb7bU2zUWUIzvdCy5EjwJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDNhZWE3YjYwYWE0NDEwMDIxNGQwZTAwYzUyYThmYTNkMzg0OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD1zL7yfIW+pN9EebNRx5AmTrL0a
HXBW1tvF0Cy3NF7Emo7dqSwEuy3f0WKGE0gKwcNqpmq0yfvXTqU47dlf040+JenU
JA2G0kr+dcpzwK3WJpZjU6L/dAeIkOIAY8orSRJolvNtOtqA+P3e9UXf/cIIsr52
T2vg7LhhivFMx8SVNDUVZqdKQumpHQSyhPLKiM5L9AUGUZAuwXRf2/tn7K1SAP1f
yMjCv91N8zGhqVn/xQzrvMAj/u3u97BqNRZ2fqgJDJeeYFUwlKokO3hO/cQggAjO
nBqusHge4E5quI+s13aa4IUaxNqXX1SkzO++RuLD/K1oQ9gf5jJWtBTAiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPA66ntgqkQQAhTQ4AxSqPo9OEktMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvOERycWUyQ3FSQkFDRk5EZ0RGS28tajA0U1MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVcdAwQA
LZZfMA0GCSqGSIb3DQEBCwUAA4IBAQCsY7Z18kGljlidONIsDNrxIIR0zeyOpxn0
4QkZN7VXCZkTO29icD4lOxR2CyOMajhpTlFmLJE10CUGoEpcrgS33waufsySdOoZ
k8TIh4aRbBQ6c50tQKlDA/CTfh7fF4VHkx0XWyQFgUdcr6tAaGLn7eRA2d2Y4ZZ+
vFNPxs+Offr8Ztpb7s5qkjJQ9ykRIFlQyLPzgTnLYo6aMfTGJsEGNUmomj/VrScK
xFjzpRstRGOadPQr01KscH3CqYTQDcLD3/iQMeQ8WhQdSrh3/oEH1MRv9e+CppKp
ieaKafqJLVHSNEGi+BAWNqi9nJuOxcURDD4yW0alovTURRBW+Mai
-----END CERTIFICATE-----
Generated at Mon Dec 9 13:19:34 2024 by rpki-client on console-ams.rpki-client.org