Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UZtXOeAqgu8OJhJDBPd3ktykwoA.roa
File:                     UZtXOeAqgu8OJhJDBPd3ktykwoA.roa (raw, json)
Hash identifier:          0XrXeuKvjFlnreER7UGLx0OQy84o4msH3nLM5Hb9Nqs=
Subject key identifier:   51:9B:57:39:E0:2A:82:EF:0E:26:12:43:04:F7:77:92:DC:A4:C2:80
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE88DD002A1B268C2FD6D135457DB1
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UZtXOeAqgu8OJhJDBPd3ktykwoA.roa
Signing time:             Tue 02 Jan 2024 06:31:16 +0000
ROA not before:           Tue 02 Jan 2024 06:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        45.89.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Dec 2024 19:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:88:dd:00:2a:1b:26:8c:2f:d6:d1:35:45:7d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=519b5739e02a82ef0e26124304f77792dca4c280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:95:f0:a5:6c:8e:e3:cb:0d:b1:19:a6:73:ee:
                    02:40:8f:08:57:dd:06:28:ef:c1:8c:f1:be:55:6b:
                    e7:35:6d:59:27:b3:fa:04:f4:43:6e:c7:4a:e6:81:
                    3e:a7:da:63:e1:5d:d6:d7:85:76:f5:4b:61:b7:cb:
                    11:a5:7b:96:3c:04:ae:b3:d9:39:36:b8:a8:56:df:
                    35:10:49:1f:e0:75:db:4f:5f:78:5f:8c:65:5f:a2:
                    eb:3c:ca:1a:94:57:e5:71:a7:52:19:e1:69:a2:d6:
                    25:c2:b1:a6:70:ad:5f:83:fb:90:f9:19:11:e8:2b:
                    50:ed:a3:85:5f:6c:e3:bb:21:29:0b:a7:ae:ad:df:
                    7f:75:ba:c5:72:e9:d2:97:c0:6e:9b:85:93:b3:3a:
                    2f:4f:07:02:68:47:63:e0:61:c9:11:7e:82:3b:bd:
                    4d:de:07:3d:2b:cd:a3:24:5e:d4:cf:62:ce:12:de:
                    e8:3f:c5:ed:10:58:f5:b8:c5:bf:f6:d3:16:ec:96:
                    c7:80:4a:24:37:71:f3:d9:2a:0d:d8:47:b8:a5:99:
                    db:6f:4c:39:d2:7f:38:ac:1f:67:42:74:4b:a1:7c:
                    26:bb:1c:16:8c:02:50:92:c7:77:bd:1f:fb:2a:00:
                    e3:3b:b6:19:66:03:3b:9f:88:38:6c:84:6f:b2:a8:
                    6f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:9B:57:39:E0:2A:82:EF:0E:26:12:43:04:F7:77:92:DC:A4:C2:80
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UZtXOeAqgu8OJhJDBPd3ktykwoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:bc:a7:d7:28:73:69:0a:f8:02:4e:e4:1a:d0:7e:17:06:1f:
         20:7d:0d:8a:6d:c6:71:ac:d4:f7:7e:89:7d:01:1e:4e:d6:7b:
         19:18:bd:d5:bd:8d:6f:03:f8:48:59:4c:ff:95:5c:6a:d1:d9:
         22:7e:09:42:52:56:af:71:1c:ce:34:71:87:48:28:87:76:68:
         33:f5:c2:80:d4:0f:14:ff:f3:89:69:c9:dc:d5:4a:95:5a:68:
         0e:59:c3:9a:4a:bd:9e:54:21:ca:55:f1:55:73:eb:00:74:d6:
         c9:40:22:87:01:56:63:c8:1f:6b:56:3d:82:34:4f:a4:66:1e:
         04:71:7b:32:40:55:46:6e:26:78:5c:e9:d3:74:9d:f5:43:89:
         f4:1a:f9:66:41:c8:5a:e3:14:3c:9b:18:04:a1:7b:87:3a:ec:
         1c:97:9a:63:39:df:cd:b3:01:9c:06:be:73:11:12:8a:8b:a9:
         b6:56:0e:1f:ac:5a:2e:3c:9b:1c:7f:c7:96:77:60:c9:39:19:
         64:a7:6e:07:28:c0:48:fe:6f:39:b4:09:d3:f5:0c:bb:25:c9:
         98:e8:50:fc:50:27:3e:50:c7:34:3e:fc:9c:36:2b:8e:b8:ec:
         69:19:56:54:83:2b:60:55:62:a5:91:b4:37:da:9b:6b:fe:6a:
         2f:cb:c9:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ojdACobJowv1tE1RX2xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTliNTczOWUwMmE4MmVmMGUyNjEyNDMwNGY3Nzc5MmRjYTRjMjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpXwpWyO48sNsRmmc+4CQI8IV90G
KO/BjPG+VWvnNW1ZJ7P6BPRDbsdK5oE+p9pj4V3W14V29Utht8sRpXuWPASus9k5
NrioVt81EEkf4HXbT194X4xlX6LrPMoalFflcadSGeFpotYlwrGmcK1fg/uQ+RkR
6CtQ7aOFX2zjuyEpC6eurd9/dbrFcunSl8Bum4WTszovTwcCaEdj4GHJEX6CO71N
3gc9K82jJF7Uz2LOEt7oP8XtEFj1uMW/9tMW7JbHgEokN3Hz2SoN2Ee4pZnbb0w5
0n84rB9nQnRLoXwmuxwWjAJQksd3vR/7KgDjO7YZZgM7n4g4bIRvsqhv/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGbVzngKoLvDiYSQwT3d5LcpMKAMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvVVp0WE9lQXFndThPSmhKREJQZDNrdHlrd29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVloMA0G
CSqGSIb3DQEBCwUAA4IBAQBUvKfXKHNpCvgCTuQa0H4XBh8gfQ2KbcZxrNT3fol9
AR5O1nsZGL3VvY1vA/hIWUz/lVxq0dkifglCUlavcRzONHGHSCiHdmgz9cKA1A8U
//OJacnc1UqVWmgOWcOaSr2eVCHKVfFVc+sAdNbJQCKHAVZjyB9rVj2CNE+kZh4E
cXsyQFVGbiZ4XOnTdJ31Q4n0GvlmQcha4xQ8mxgEoXuHOuwcl5pjOd/NswGcBr5z
ERKKi6m2Vg4frFouPJscf8eWd2DJORlkp24HKMBI/m85tAnT9Qy7JcmY6FD8UCc+
UMc0PvycNiuOuOxpGVZUgytgVWKlkbQ32ptr/movy8m1
-----END CERTIFICATE-----
Generated at Tue Dec 10 04:44:58 2024 by rpki-client on console-ams.rpki-client.org