Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/xfxwGRtmBoGNmwOOyh5eFNYPfXY.roa
File:                     xfxwGRtmBoGNmwOOyh5eFNYPfXY.roa (raw, json)
Hash identifier:          AyiP/FF2qci3BxbNXp3IVhC0+1I+8uj6Wg87qOzx0Zo=
Subject key identifier:   C5:FC:70:19:1B:66:06:81:8D:9B:03:8E:CA:1E:5E:14:D6:0F:7D:76
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       018CC94CC5C99186A22EED1712D88DC6D323
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/xfxwGRtmBoGNmwOOyh5eFNYPfXY.roa
Signing time:             Tue 02 Jan 2024 08:31:40 +0000
ROA not before:           Tue 02 Jan 2024 08:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34665
IP address blocks:        45.143.202.0/24 maxlen: 24
                          92.63.202.0/24 maxlen: 24
                          92.63.200.0/24 maxlen: 24
                          185.156.75.0/24 maxlen: 24
                          2a0e:e5c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c5:c9:91:86:a2:2e:ed:17:12:d8:8d:c6:d3:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Jan  2 08:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5fc70191b6606818d9b038eca1e5e14d60f7d76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:71:e0:f9:de:ac:ef:a0:97:d5:03:cc:7d:b5:
                    83:66:5f:77:cf:69:e0:f4:28:58:bd:ef:f3:d9:dc:
                    5b:9d:71:da:05:84:b2:23:c6:d2:f9:60:f4:b8:96:
                    36:c8:f1:7d:be:f8:03:37:33:57:2f:26:91:81:d5:
                    7a:97:be:9b:b8:22:cf:1f:7d:a2:ad:72:82:44:d5:
                    3f:58:11:61:4f:a3:da:21:1d:f6:a9:17:fd:93:c6:
                    ca:45:f0:9b:43:c8:8d:e3:06:15:cf:56:3a:c9:5c:
                    ca:9d:29:16:aa:3f:e4:f0:45:23:af:87:7a:af:dd:
                    e3:1b:9c:43:2a:38:02:7b:e8:b4:f8:59:6e:07:94:
                    38:55:4b:25:99:b6:1b:2d:8f:7b:c1:a4:0e:da:90:
                    cc:56:83:65:e0:6e:83:eb:78:82:3a:cd:c6:49:8a:
                    da:b2:7c:03:8b:85:f1:6d:52:ab:bb:90:64:b1:59:
                    be:5f:d9:6c:04:c1:33:12:64:40:ef:db:d2:96:8e:
                    3f:62:eb:ff:43:a4:70:25:ae:33:11:a7:f7:33:ca:
                    53:7a:c6:86:9b:de:59:6a:d4:2e:e3:29:04:b5:53:
                    1c:b2:27:0e:b5:ca:cc:69:cf:3e:f0:92:72:a0:5b:
                    c4:78:0d:15:32:61:bf:3c:40:ec:fa:37:d7:63:a5:
                    80:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:FC:70:19:1B:66:06:81:8D:9B:03:8E:CA:1E:5E:14:D6:0F:7D:76
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/xfxwGRtmBoGNmwOOyh5eFNYPfXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.202.0/24
                  92.63.200.0/24
                  92.63.202.0/24
                  185.156.75.0/24
                IPv6:
                  2a0e:e5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:71:37:d9:5b:ab:cd:82:b7:43:e4:c5:a3:2d:d0:7c:b4:a5:
         70:d0:01:ff:45:6c:3e:40:9f:d0:4d:8e:ed:cb:57:ac:0f:13:
         fe:4c:ef:6f:73:7c:44:2b:1b:c8:c0:f1:6b:15:aa:8e:7f:56:
         f4:58:56:9c:e7:35:84:d4:8f:5f:96:ed:ba:00:38:b9:f0:04:
         76:72:d6:e7:22:f1:b4:40:bb:0d:20:6e:2e:e7:11:83:06:45:
         48:fa:4b:bf:1d:59:35:32:29:4d:4b:54:0e:fc:c5:d9:4d:99:
         bb:f2:25:5d:e2:8e:f1:05:38:9a:55:1d:58:06:51:62:01:bc:
         70:d0:5c:d3:51:2e:56:bb:3f:1c:33:dc:49:a8:52:d6:99:87:
         54:f8:26:70:04:b9:f0:41:75:6d:c1:48:1a:fc:b7:1a:d4:ea:
         f7:a5:84:88:25:db:d6:81:d4:2e:bb:24:7b:90:d7:9b:2d:d3:
         ea:01:e5:43:b2:5f:45:51:1b:d0:be:0e:20:c8:3d:6c:d3:a6:
         7a:be:75:f6:cd:99:11:55:e2:4f:cf:fb:39:19:7c:4b:91:3c:
         ea:08:6b:19:31:ee:7f:aa:de:89:b7:39:5c:d3:09:0c:25:4a:
         1a:b6:d0:4f:0f:d2:f0:36:a8:bf:99:e8:22:c4:f0:c3:bc:4a:
         72:13:d4:cf
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzJTMXJkYaiLu0XEtiNxtMjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjQwMTAyMDgzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWZjNzAxOTFiNjYwNjgxOGQ5YjAzOGVjYTFlNWUxNGQ2MGY3ZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3Hg+d6s76CX1QPMfbWDZl93z2ng
9ChYve/z2dxbnXHaBYSyI8bS+WD0uJY2yPF9vvgDNzNXLyaRgdV6l76buCLPH32i
rXKCRNU/WBFhT6PaIR32qRf9k8bKRfCbQ8iN4wYVz1Y6yVzKnSkWqj/k8EUjr4d6
r93jG5xDKjgCe+i0+FluB5Q4VUslmbYbLY97waQO2pDMVoNl4G6D63iCOs3GSYra
snwDi4XxbVKru5BksVm+X9lsBMEzEmRA79vSlo4/Yuv/Q6RwJa4zEaf3M8pTesaG
m95ZatQu4ykEtVMcsicOtcrMac8+8JJyoFvEeA0VMmG/PEDs+jfXY6WANQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMX8cBkbZgaBjZsDjsoeXhTWD312MB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEveGZ4d0dSdG1Cb0dObXdPT3loNWVGTllQZlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQALY/KAwQA
XD/IAwQAXD/KAwQAuZxLMA0EAgACMAcDBQMqDuXAMA0GCSqGSIb3DQEBCwUAA4IB
AQCccTfZW6vNgrdD5MWjLdB8tKVw0AH/RWw+QJ/QTY7ty1esDxP+TO9vc3xEKxvI
wPFrFaqOf1b0WFac5zWE1I9flu26ADi58AR2ctbnIvG0QLsNIG4u5xGDBkVI+ku/
HVk1MilNS1QO/MXZTZm78iVd4o7xBTiaVR1YBlFiAbxw0FzTUS5Wuz8cM9xJqFLW
mYdU+CZwBLnwQXVtwUga/Lca1Or3pYSIJdvWgdQuuyR7kNebLdPqAeVDsl9FURvQ
vg4gyD1s06Z6vnX2zZkRVeJPz/s5GXxLkTzqCGsZMe5/qt6Jtzlc0wkMJUoattBP
D9LwNqi/megixPDDvEpyE9TP
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:57:08 2024 by rpki-client on console-ams.rpki-client.org