Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/7rVjxosQnGiU5mwut_AFDi6Q8Vs.roa
File:                     7rVjxosQnGiU5mwut_AFDi6Q8Vs.roa (raw, json)
Hash identifier:          582qOKWd2kg9kfGJt6Cr5ES3veuiAWpDTaXK9dyqv44=
Subject key identifier:   EE:B5:63:C6:8B:10:9C:68:94:E6:6C:2E:B7:F0:05:0E:2E:90:F1:5B
Certificate issuer:       /CN=86fa564cf97577c07633ba4e640ea78c76fc17dd
Certificate serial:       018CC50147A0D40FCD059CF8B74BA9703A86
Authority key identifier: 86:FA:56:4C:F9:75:77:C0:76:33:BA:4E:64:0E:A7:8C:76:FC:17:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/7rVjxosQnGiU5mwut_AFDi6Q8Vs.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39294
IP address blocks:        45.82.219.0/24 maxlen: 24
                          45.82.218.0/24 maxlen: 24
                          45.82.216.0/24 maxlen: 24
                          195.88.135.0/24 maxlen: 24
                          195.88.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:47:a0:d4:0f:cd:05:9c:f8:b7:4b:a9:70:3a:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86fa564cf97577c07633ba4e640ea78c76fc17dd
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eeb563c68b109c6894e66c2eb7f0050e2e90f15b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ab:52:7a:fd:3e:5c:35:af:e4:3f:fc:60:9a:
                    b7:3b:61:77:4f:ea:7f:59:ab:b4:3b:54:6c:99:65:
                    fd:37:9d:0b:22:ff:7f:d1:78:8e:d7:e9:bc:ac:35:
                    36:37:75:09:e7:62:81:03:77:56:05:aa:e0:8e:3d:
                    a8:1e:a5:8e:a8:e5:ed:6a:42:8a:63:d5:11:22:e0:
                    2a:84:2a:c3:86:92:da:bc:53:e7:ea:ce:1d:bc:03:
                    d3:2c:09:9a:65:36:f7:dd:86:96:85:ac:41:ba:d2:
                    56:a6:43:f4:05:91:29:79:ec:9a:12:43:4f:f1:3e:
                    cf:cb:ba:18:3b:f0:57:15:c1:93:e2:e6:a9:84:31:
                    04:21:9f:8f:af:3c:35:86:c4:b8:ab:50:86:6c:4f:
                    bc:11:2d:d5:54:55:17:7c:79:90:41:08:fa:a8:dd:
                    42:41:75:34:ea:af:ab:80:96:88:6a:43:f5:bf:f6:
                    20:23:e9:3c:b6:31:f2:63:88:3d:1c:c5:b5:9b:4f:
                    96:7d:4c:5a:3c:e4:5d:31:ed:a6:b0:15:cb:fe:03:
                    52:0d:04:a4:a1:e2:9e:cf:b7:7d:05:5d:01:af:fd:
                    15:14:04:03:49:25:94:bf:0c:d9:4b:6e:33:95:48:
                    43:e5:01:89:f0:81:24:3f:66:ce:69:b9:a2:6f:ce:
                    de:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B5:63:C6:8B:10:9C:68:94:E6:6C:2E:B7:F0:05:0E:2E:90:F1:5B
            X509v3 Authority Key Identifier:
                keyid:86:FA:56:4C:F9:75:77:C0:76:33:BA:4E:64:0E:A7:8C:76:FC:17:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/7rVjxosQnGiU5mwut_AFDi6Q8Vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.216.0/24
                  45.82.218.0/23
                  195.88.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:e9:77:28:2e:70:cf:32:e2:0d:96:7a:1f:d5:55:b9:80:b9:
         b4:d5:7b:4e:7d:c6:37:1e:2f:06:0a:ab:21:d4:f9:a9:e3:4a:
         65:da:3b:0d:c6:e9:94:41:d7:9b:f8:3e:be:d9:2a:f7:46:6c:
         74:78:b3:34:09:52:56:99:90:e7:a2:2e:fd:da:f7:98:b4:f3:
         ba:3c:40:75:53:b6:85:59:94:30:48:91:99:b0:20:9c:91:ad:
         a6:42:b5:9c:50:0a:25:8e:fd:b8:11:b9:da:3a:4c:96:56:8c:
         6e:3c:e9:8b:35:8b:4f:b0:dc:1b:d3:2e:dd:d0:44:d7:0e:9b:
         d1:01:2e:f8:3c:2d:14:ba:75:ec:36:f6:8a:aa:38:1e:e7:7d:
         14:d9:76:eb:23:28:43:c8:bc:29:a9:b4:01:1e:a3:8c:b0:c3:
         06:78:f7:2f:99:b8:a4:fd:60:2b:38:a0:83:51:10:ce:bb:3a:
         86:7a:55:21:00:da:41:5a:0d:24:7a:7e:2e:9e:49:ff:a4:15:
         76:a8:26:08:4e:e1:e9:ac:b6:65:f5:e1:a3:03:45:8e:3b:a0:
         d0:22:58:6a:1a:50:5f:14:55:1f:b5:69:a8:46:f2:1a:da:77:
         37:5d:2d:ee:32:c7:61:91:cf:8e:07:50:35:32:79:06:e2:f6:
         4b:b4:a3:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFAUeg1A/NBZz4t0upcDqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZmE1NjRjZjk3NTc3YzA3NjMzYmE0ZTY0MGVhNzhjNzZm
YzE3ZGQwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWI1NjNjNjhiMTA5YzY4OTRlNjZjMmViN2YwMDUwZTJlOTBmMTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6tSev0+XDWv5D/8YJq3O2F3T+p/
Wau0O1RsmWX9N50LIv9/0XiO1+m8rDU2N3UJ52KBA3dWBargjj2oHqWOqOXtakKK
Y9URIuAqhCrDhpLavFPn6s4dvAPTLAmaZTb33YaWhaxButJWpkP0BZEpeeyaEkNP
8T7Py7oYO/BXFcGT4uaphDEEIZ+Przw1hsS4q1CGbE+8ES3VVFUXfHmQQQj6qN1C
QXU06q+rgJaIakP1v/YgI+k8tjHyY4g9HMW1m0+WfUxaPORdMe2msBXL/gNSDQSk
oeKez7d9BV0Br/0VFAQDSSWUvwzZS24zlUhD5QGJ8IEkP2bOabmib87ekQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO61Y8aLEJxolOZsLrfwBQ4ukPFbMB8GA1UdIwQY
MBaAFIb6Vkz5dXfAdjO6TmQOp4x2/BfdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHZwV1RQbDFkOEIyTTdwT1pBNm5qSGI4RjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zOWNiNGYtY2E4OC00ODBlLTk3ZDkt
MDczZDBkMTRkZGRlLzEvN3JWanhvc1FuR2lVNW13dXRfQUZEaTZROFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zOWNiNGYtY2E4OC00ODBlLTk3ZDktMDczZDBkMTRkZGRl
LzEvaHZwV1RQbDFkOEIyTTdwT1pBNm5qSGI4RjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVLYAwQB
LVLaAwQBw1iGMA0GCSqGSIb3DQEBCwUAA4IBAQCH6XcoLnDPMuINlnof1VW5gLm0
1XtOfcY3Hi8GCqsh1Pmp40pl2jsNxumUQdeb+D6+2Sr3Rmx0eLM0CVJWmZDnoi79
2veYtPO6PEB1U7aFWZQwSJGZsCCcka2mQrWcUAoljv24EbnaOkyWVoxuPOmLNYtP
sNwb0y7d0ETXDpvRAS74PC0UunXsNvaKqjge530U2XbrIyhDyLwpqbQBHqOMsMMG
ePcvmbik/WArOKCDURDOuzqGelUhANpBWg0ken4unkn/pBV2qCYITuHprLZl9eGj
A0WOO6DQIlhqGlBfFFUftWmoRvIa2nc3XS3uMsdhkc+OB1A1MnkG4vZLtKPQ
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:32:17 2024 by rpki-client on console-ams.rpki-client.org