Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/0ZxpJXAYYbfoHoi_eFL2AW43xEU.roa
File:                     0ZxpJXAYYbfoHoi_eFL2AW43xEU.roa (raw, json)
Hash identifier:          qJJLtGKDpBjw+g4HM+ATgoRwp69DzQ12MXlq9RHZKjo=
Subject key identifier:   D1:9C:69:25:70:18:61:B7:E8:1E:88:BF:78:52:F6:01:6E:37:C4:45
Certificate issuer:       /CN=fcb6b17bd2e5f14bd375a0c0e69dfc77d9702f4a
Certificate serial:       018CC3B7389CB268B91809F6565445C0F4CA
Authority key identifier: FC:B6:B1:7B:D2:E5:F1:4B:D3:75:A0:C0:E6:9D:FC:77:D9:70:2F:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Laxe9Ll8UvTdaDA5p38d9lwL0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/0ZxpJXAYYbfoHoi_eFL2AW43xEU.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203244
IP address blocks:        177.8.68.0/24 maxlen: 24
                          45.80.85.0/24 maxlen: 24
                          45.80.86.0/24 maxlen: 24
                          45.80.87.0/24 maxlen: 24
                          185.246.196.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/_Laxe9Ll8UvTdaDA5p38d9lwL0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/_Laxe9Ll8UvTdaDA5p38d9lwL0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Laxe9Ll8UvTdaDA5p38d9lwL0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:38:9c:b2:68:b9:18:09:f6:56:54:45:c0:f4:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcb6b17bd2e5f14bd375a0c0e69dfc77d9702f4a
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d19c6925701861b7e81e88bf7852f6016e37c445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:77:c6:84:04:9c:8f:c6:5a:7a:0d:6a:01:95:
                    64:30:01:b8:48:30:f1:55:d1:84:d4:32:ff:34:34:
                    66:e4:d9:0e:c6:97:e4:a4:95:00:79:04:10:14:93:
                    aa:4d:9f:d9:6c:0d:79:5f:70:f5:b0:73:23:18:76:
                    98:4b:39:fc:24:0b:c1:92:80:6a:c3:e6:79:76:eb:
                    d7:6b:91:25:45:05:b0:87:26:be:67:36:08:57:2a:
                    db:56:07:27:62:11:cd:8b:6d:4f:92:36:ea:2e:4d:
                    62:18:67:a4:89:5b:95:87:72:d7:20:f9:b6:17:3c:
                    47:90:c7:16:77:b8:00:01:4a:38:27:fd:dc:59:3e:
                    86:c6:3f:8d:64:0b:52:73:de:c0:5c:5a:c3:d0:4d:
                    e2:86:be:dd:33:e0:f5:4b:67:79:d0:14:66:89:b5:
                    3e:1d:d2:a4:25:2f:03:bc:b1:f7:bc:fd:cc:96:bd:
                    91:37:16:49:f6:7c:c9:6e:e3:b7:9c:32:16:4c:cc:
                    6c:70:00:35:c3:b1:2b:58:65:8f:e4:a0:fb:bc:29:
                    fc:80:db:84:c6:0d:d5:9b:a1:a5:2f:11:2d:fb:ec:
                    4f:30:74:b3:16:ce:ce:dc:77:6f:cd:f8:5b:a8:aa:
                    f2:7c:59:58:b5:f5:c9:07:29:7d:a6:92:3b:a7:a2:
                    42:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:9C:69:25:70:18:61:B7:E8:1E:88:BF:78:52:F6:01:6E:37:C4:45
            X509v3 Authority Key Identifier:
                keyid:FC:B6:B1:7B:D2:E5:F1:4B:D3:75:A0:C0:E6:9D:FC:77:D9:70:2F:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Laxe9Ll8UvTdaDA5p38d9lwL0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/0ZxpJXAYYbfoHoi_eFL2AW43xEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/_Laxe9Ll8UvTdaDA5p38d9lwL0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.85.0-45.80.87.255
                  177.8.68.0/24
                  185.246.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:cc:e4:03:34:ed:e2:69:bb:69:ad:f8:50:3b:be:85:4b:f2:
         b3:26:60:00:dd:ea:f7:1f:8f:e4:5f:26:df:47:bc:9e:2e:33:
         66:b4:d5:9c:2f:7f:e2:9c:a2:29:f7:40:b1:a8:74:dc:4b:6d:
         7b:88:83:7e:0d:ca:2d:67:87:30:5f:a1:95:57:71:34:7c:7c:
         28:7e:2f:a0:09:ff:cf:13:af:63:37:3c:7a:33:67:21:48:28:
         7c:80:f4:25:db:09:49:f7:da:2c:c5:4d:81:42:6c:8e:a6:2f:
         b5:2a:0f:d1:97:61:b4:3c:f5:7f:48:94:78:3e:88:39:89:3b:
         1f:51:73:90:b1:a6:dc:5e:de:5a:7e:94:57:59:cc:b2:44:fb:
         cc:25:9d:54:88:83:16:50:bb:2e:af:6c:44:1c:6f:70:fa:38:
         00:92:eb:43:34:1d:f4:4f:0f:83:4a:28:44:53:62:ea:10:1f:
         0c:1c:10:63:37:30:0f:86:1c:1e:f0:36:36:d1:e3:67:3b:ff:
         4e:9f:31:ee:2c:44:30:4a:10:b5:96:7a:3f:c9:19:b1:99:d6:
         c2:fe:46:10:03:6d:bc:08:70:58:16:55:e1:7f:01:94:f0:08:
         74:bf:4b:02:63:8d:a5:a1:57:5e:17:02:92:bb:b3:70:97:fc:
         39:48:cd:31
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzDtzicsmi5GAn2VlRFwPTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYjZiMTdiZDJlNWYxNGJkMzc1YTBjMGU2OWRmYzc3ZDk3
MDJmNGEwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTljNjkyNTcwMTg2MWI3ZTgxZTg4YmY3ODUyZjYwMTZlMzdjNDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3fGhAScj8Zaeg1qAZVkMAG4SDDx
VdGE1DL/NDRm5NkOxpfkpJUAeQQQFJOqTZ/ZbA15X3D1sHMjGHaYSzn8JAvBkoBq
w+Z5duvXa5ElRQWwhya+ZzYIVyrbVgcnYhHNi21PkjbqLk1iGGekiVuVh3LXIPm2
FzxHkMcWd7gAAUo4J/3cWT6Gxj+NZAtSc97AXFrD0E3ihr7dM+D1S2d50BRmibU+
HdKkJS8DvLH3vP3Mlr2RNxZJ9nzJbuO3nDIWTMxscAA1w7ErWGWP5KD7vCn8gNuE
xg3Vm6GlLxEt++xPMHSzFs7O3HdvzfhbqKryfFlYtfXJByl9ppI7p6JCtwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNGcaSVwGGG36B6Iv3hS9gFuN8RFMB8GA1UdIwQY
MBaAFPy2sXvS5fFL03WgwOad/HfZcC9KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0xheGU5TGw4VXZUZGFEQTVwMzhkOWx3TDBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wMWE0MjEtYmRiZi00M2UwLThhZWIt
MmM0OGNiMjk4NjQ2LzEvMFp4cEpYQVlZYmZvSG9pX2VGTDJBVzQzeEVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wMWE0MjEtYmRiZi00M2UwLThhZWItMmM0OGNiMjk4NjQ2
LzEvX0xheGU5TGw4VXZUZGFEQTVwMzhkOWx3TDBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAAtUFUD
BAMtUFADBACxCEQDBAK59sQwDQYJKoZIhvcNAQELBQADggEBAJ7M5AM07eJpu2mt
+FA7voVL8rMmYADd6vcfj+RfJt9HvJ4uM2a01Zwvf+Kcoin3QLGodNxLbXuIg34N
yi1nhzBfoZVXcTR8fCh+L6AJ/88Tr2M3PHozZyFIKHyA9CXbCUn32izFTYFCbI6m
L7UqD9GXYbQ89X9IlHg+iDmJOx9Rc5Cxptxe3lp+lFdZzLJE+8wlnVSIgxZQuy6v
bEQcb3D6OACS60M0HfRPD4NKKERTYuoQHwwcEGM3MA+GHB7wNjbR42c7/06fMe4s
RDBKELWWej/JGbGZ1sL+RhADbbwIcFgWVeF/AZTwCHS/SwJjjaWhV14XApK7s3CX
/DlIzTE=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:53:35 2024 by rpki-client on console-ams.rpki-client.org