Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/CAm2zkoREjgdBIsA_W_0T788UbE.roa
File:                     CAm2zkoREjgdBIsA_W_0T788UbE.roa (raw, json)
Hash identifier:          qW5jzPiB72169zhmuwdI3hJAz642Vbl8rFARmIgA0AQ=
Subject key identifier:   08:09:B6:CE:4A:11:12:38:1D:04:8B:00:FD:6F:F4:4F:BF:3C:51:B1
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348AD345506CF7B7B62F9FC5A48541A
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/CAm2zkoREjgdBIsA_W_0T788UbE.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200094
IP address blocks:        94.240.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ad:34:55:06:cf:7b:7b:62:f9:fc:5a:48:54:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0809b6ce4a1112381d048b00fd6ff44fbf3c51b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:41:30:1d:00:6c:44:2a:f7:f3:93:45:ae:1a:
                    c2:e4:4a:a7:4b:e4:50:4f:83:cf:d3:0d:17:bf:e2:
                    ec:87:13:0c:25:50:33:c9:c7:1c:5d:9f:15:16:06:
                    79:49:68:0d:85:13:08:a2:82:b6:72:bc:f5:c4:e3:
                    b1:4c:bd:16:af:a1:f1:c0:dc:6d:df:72:68:71:20:
                    e3:d6:34:35:fc:c0:06:38:80:31:23:d9:3c:a7:85:
                    4b:9c:2f:44:a2:cc:d0:63:22:13:70:ae:13:b9:e7:
                    8a:1f:b1:2d:32:4e:bc:9c:88:61:bf:e3:50:d2:a0:
                    dc:9f:f2:3c:20:a3:3c:f4:ec:d2:b7:68:d2:53:63:
                    eb:b8:ee:25:15:b0:33:fb:da:c7:89:31:e5:83:dd:
                    32:08:5f:04:44:c2:1a:4c:21:0f:b0:c3:86:b3:a1:
                    23:1f:49:89:4b:22:3a:36:a1:67:a5:a5:a6:9d:01:
                    9e:d6:1c:30:2e:a6:d2:68:6f:2f:8d:1c:5f:8d:09:
                    87:f9:84:b3:3e:71:65:32:a6:4f:d0:7a:7f:49:0c:
                    8a:c3:6e:12:58:fa:14:33:84:53:42:9e:50:80:fe:
                    67:5e:5a:89:d3:4e:25:04:0c:b3:07:50:3e:80:4d:
                    f1:4d:94:e6:d0:9f:03:3d:a3:10:30:39:82:09:14:
                    7c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:09:B6:CE:4A:11:12:38:1D:04:8B:00:FD:6F:F4:4F:BF:3C:51:B1
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/CAm2zkoREjgdBIsA_W_0T788UbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:d0:cd:c9:e3:a6:43:ec:34:3e:fd:07:ab:77:7b:58:ef:a3:
         e5:6a:2f:da:c8:bd:cb:1b:e2:ee:16:7d:18:58:c0:fe:2f:cd:
         2c:85:f6:8d:bb:70:ec:2b:99:2c:37:49:ca:b3:fb:49:94:6b:
         ba:7c:39:5c:a4:b1:53:17:bb:c7:3c:87:32:e2:e4:92:97:d1:
         62:3e:5c:99:f2:9a:6a:75:86:80:7a:d5:f7:63:1d:ef:fa:1d:
         df:4d:67:bd:bb:5c:b6:82:56:bd:06:77:98:79:5d:b7:ca:dc:
         3d:57:ad:64:a3:a6:3e:1c:96:c8:2b:fb:23:04:b4:06:ce:bc:
         2d:41:59:2d:d3:5f:91:48:9f:3e:eb:2d:4d:c6:54:d9:24:f4:
         20:54:d0:60:76:1e:f0:89:e0:11:59:33:2e:c6:de:f0:bc:3d:
         d2:eb:86:aa:7d:62:af:34:17:30:b4:11:fa:bf:d3:2f:32:4a:
         bc:c0:2a:27:0b:6b:0b:40:06:0c:28:dc:43:0f:ec:91:61:01:
         eb:41:ef:f5:4e:63:17:8a:06:ff:34:75:c0:2e:e5:92:fa:b9:
         4e:91:95:bc:fd:bb:6b:6a:9a:d8:0d:c7:a5:c7:b0:bc:e3:ee:
         af:00:83:3c:84:3e:4b:41:d7:49:a7:0d:16:ac:1f:82:de:ab:
         31:89:f5:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSK00VQbPe3ti+fxaSFQaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODA5YjZjZTRhMTExMjM4MWQwNDhiMDBmZDZmZjQ0ZmJmM2M1MWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0EwHQBsRCr385NFrhrC5EqnS+RQ
T4PP0w0Xv+LshxMMJVAzycccXZ8VFgZ5SWgNhRMIooK2crz1xOOxTL0Wr6HxwNxt
33JocSDj1jQ1/MAGOIAxI9k8p4VLnC9EoszQYyITcK4TueeKH7EtMk68nIhhv+NQ
0qDcn/I8IKM89OzSt2jSU2PruO4lFbAz+9rHiTHlg90yCF8ERMIaTCEPsMOGs6Ej
H0mJSyI6NqFnpaWmnQGe1hwwLqbSaG8vjRxfjQmH+YSzPnFlMqZP0Hp/SQyKw24S
WPoUM4RTQp5QgP5nXlqJ004lBAyzB1A+gE3xTZTm0J8DPaMQMDmCCRR8xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgJts5KERI4HQSLAP1v9E+/PFGxMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvQ0FtMnprb1JFamdkQklzQV9XXzBUNzg4VWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvAuMA0G
CSqGSIb3DQEBCwUAA4IBAQBE0M3J46ZD7DQ+/Qerd3tY76Plai/ayL3LG+LuFn0Y
WMD+L80shfaNu3DsK5ksN0nKs/tJlGu6fDlcpLFTF7vHPIcy4uSSl9FiPlyZ8ppq
dYaAetX3Yx3v+h3fTWe9u1y2gla9BneYeV23ytw9V61ko6Y+HJbIK/sjBLQGzrwt
QVkt01+RSJ8+6y1NxlTZJPQgVNBgdh7wieARWTMuxt7wvD3S64aqfWKvNBcwtBH6
v9MvMkq8wConC2sLQAYMKNxDD+yRYQHrQe/1TmMXigb/NHXALuWS+rlOkZW8/btr
aprYDcelx7C84+6vAIM8hD5LQddJpw0WrB+C3qsxifXS
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:12:40 2024 by rpki-client on console-fra.rpki-client.org