Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/1f6de8-9e29-4cb3-aa4a-0a2e9336d6d0/1/kxKCxULXaJmpwU2DasODTJ_Xpik.roa
File:                     kxKCxULXaJmpwU2DasODTJ_Xpik.roa (raw, json)
Hash identifier:          pHz8U+D8pIVNPkH3yndLN4Sz2tgdp2F/zAa4sz6tgMQ=
Subject key identifier:   93:12:82:C5:42:D7:68:99:A9:C1:4D:83:6A:C3:83:4C:9F:D7:A6:29
Certificate issuer:       /CN=79ad074aface91ac3fdd0a3ebd60fadbc16de4fc
Certificate serial:       018CC500579C86E5D7EE9DBC02C9DCFF6CE2
Authority key identifier: 79:AD:07:4A:FA:CE:91:AC:3F:DD:0A:3E:BD:60:FA:DB:C1:6D:E4:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ea0HSvrOkaw_3Qo-vWD628Ft5Pw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/1f6de8-9e29-4cb3-aa4a-0a2e9336d6d0/1/kxKCxULXaJmpwU2DasODTJ_Xpik.roa
Signing time:             Mon 01 Jan 2024 12:29:43 +0000
ROA not before:           Mon 01 Jan 2024 12:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213027
IP address blocks:        45.92.51.0/24 maxlen: 24
                          45.92.48.0/22 maxlen: 22
                          45.92.48.0/24 maxlen: 24
                          45.92.49.0/24 maxlen: 24
                          45.92.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/1f6de8-9e29-4cb3-aa4a-0a2e9336d6d0/1/ea0HSvrOkaw_3Qo-vWD628Ft5Pw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/1f6de8-9e29-4cb3-aa4a-0a2e9336d6d0/1/ea0HSvrOkaw_3Qo-vWD628Ft5Pw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ea0HSvrOkaw_3Qo-vWD628Ft5Pw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:57:9c:86:e5:d7:ee:9d:bc:02:c9:dc:ff:6c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79ad074aface91ac3fdd0a3ebd60fadbc16de4fc
        Validity
            Not Before: Jan  1 12:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=931282c542d76899a9c14d836ac3834c9fd7a629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b5:8a:d1:07:70:e6:86:d5:c0:ff:30:c0:ed:
                    de:e0:ae:9a:95:9d:1d:9d:e5:89:2c:66:6e:a6:0c:
                    1b:70:3b:55:73:ff:cc:eb:62:6e:ec:c6:66:55:f9:
                    dd:eb:b3:2d:39:2c:60:0f:58:35:94:15:f3:7d:85:
                    dc:55:de:11:0a:68:85:c0:e3:11:45:55:06:1e:15:
                    57:c0:7c:f0:51:53:ca:1d:4a:b5:e7:52:be:36:25:
                    47:59:71:58:31:9c:a4:56:58:43:51:9e:f4:26:c7:
                    bb:5c:b8:0b:4d:ee:e8:c8:6b:6d:f2:4a:cc:b9:9a:
                    e5:45:a8:d3:40:74:b3:d3:cc:1b:24:54:2c:64:e9:
                    80:76:23:21:33:77:ca:da:b7:09:a8:62:34:03:86:
                    a6:2b:bc:13:84:ca:94:94:b3:20:29:9f:83:9a:2a:
                    cd:27:d5:55:86:82:bd:40:50:c7:46:18:5f:63:21:
                    fd:cb:85:13:35:35:07:d5:19:d2:7e:15:a5:2b:32:
                    4a:de:0b:4d:df:a6:4c:40:da:96:8c:f1:0b:18:3b:
                    f9:c5:e1:16:85:c9:c5:6f:8d:46:3c:7a:29:f1:06:
                    7f:f8:ce:db:9e:4d:a5:5a:7d:c6:75:f8:06:05:20:
                    12:8e:64:27:54:38:4f:3a:d5:17:2b:27:49:38:e1:
                    aa:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:12:82:C5:42:D7:68:99:A9:C1:4D:83:6A:C3:83:4C:9F:D7:A6:29
            X509v3 Authority Key Identifier:
                keyid:79:AD:07:4A:FA:CE:91:AC:3F:DD:0A:3E:BD:60:FA:DB:C1:6D:E4:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea0HSvrOkaw_3Qo-vWD628Ft5Pw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/1f6de8-9e29-4cb3-aa4a-0a2e9336d6d0/1/kxKCxULXaJmpwU2DasODTJ_Xpik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/1f6de8-9e29-4cb3-aa4a-0a2e9336d6d0/1/ea0HSvrOkaw_3Qo-vWD628Ft5Pw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:96:c4:c8:03:97:b9:ee:e3:aa:6a:9b:48:90:4b:39:f4:8d:
         60:ea:1a:04:d2:ee:fd:d5:fb:60:fe:9c:8e:66:fa:96:97:12:
         5e:8f:cb:89:63:ea:a6:99:db:e1:1c:ab:92:c2:76:96:94:9c:
         af:10:8b:aa:ce:a4:99:af:79:21:b1:a3:06:ff:21:b3:6f:20:
         b7:01:fc:bc:6b:9b:50:db:bc:02:6a:83:57:30:5f:6d:54:80:
         ac:97:75:64:5f:7a:2c:8c:fb:b9:b9:bc:7d:f7:12:eb:1b:6a:
         17:4a:fd:bb:5f:97:b5:26:19:a6:29:4b:51:fa:fa:89:c7:05:
         88:2d:34:06:0a:b1:bd:d0:83:29:c7:71:6a:b5:df:8a:b3:bf:
         17:43:1b:b9:4a:43:ae:33:8c:71:45:03:40:3b:f8:06:54:0d:
         d0:d5:89:d7:3b:5c:e6:84:2f:43:74:5c:cd:20:de:21:f2:2c:
         03:a6:cb:26:e6:bc:14:64:b9:40:26:c0:65:28:33:b7:b7:8b:
         eb:c7:60:31:a9:bc:2d:a2:d6:70:af:5e:ee:55:2a:d2:e8:19:
         31:7b:e1:07:96:fa:3d:0c:23:06:ce:dc:fc:c4:7c:67:37:d1:
         9a:86:50:20:43:1a:18:03:ea:36:3c:42:9d:0c:b4:f7:20:57:
         6c:4c:8c:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFechuXX7p28Asnc/2ziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YWQwNzRhZmFjZTkxYWMzZmRkMGEzZWJkNjBmYWRiYzE2
ZGU0ZmMwHhcNMjQwMTAxMTIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzEyODJjNTQyZDc2ODk5YTljMTRkODM2YWMzODM0YzlmZDdhNjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibWK0Qdw5obVwP8wwO3e4K6alZ0d
neWJLGZupgwbcDtVc//M62Ju7MZmVfnd67MtOSxgD1g1lBXzfYXcVd4RCmiFwOMR
RVUGHhVXwHzwUVPKHUq151K+NiVHWXFYMZykVlhDUZ70Jse7XLgLTe7oyGtt8krM
uZrlRajTQHSz08wbJFQsZOmAdiMhM3fK2rcJqGI0A4amK7wThMqUlLMgKZ+DmirN
J9VVhoK9QFDHRhhfYyH9y4UTNTUH1RnSfhWlKzJK3gtN36ZMQNqWjPELGDv5xeEW
hcnFb41GPHop8QZ/+M7bnk2lWn3GdfgGBSASjmQnVDhPOtUXKydJOOGqywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMSgsVC12iZqcFNg2rDg0yf16YpMB8GA1UdIwQY
MBaAFHmtB0r6zpGsP90KPr1g+tvBbeT8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWEwSFN2ck9rYXdfM1FvLXZXRDYyOEZ0NVB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8xZjZkZTgtOWUyOS00Y2IzLWFhNGEt
MGEyZTkzMzZkNmQwLzEva3hLQ3hVTFhhSm1wd1UyRGFzT0RUSl9YcGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8xZjZkZTgtOWUyOS00Y2IzLWFhNGEtMGEyZTkzMzZkNmQw
LzEvZWEwSFN2ck9rYXdfM1FvLXZXRDYyOEZ0NVB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVwwMA0G
CSqGSIb3DQEBCwUAA4IBAQABlsTIA5e57uOqaptIkEs59I1g6hoE0u791ftg/pyO
ZvqWlxJej8uJY+qmmdvhHKuSwnaWlJyvEIuqzqSZr3khsaMG/yGzbyC3Afy8a5tQ
27wCaoNXMF9tVICsl3VkX3osjPu5ubx99xLrG2oXSv27X5e1JhmmKUtR+vqJxwWI
LTQGCrG90IMpx3Fqtd+Ks78XQxu5SkOuM4xxRQNAO/gGVA3Q1YnXO1zmhC9DdFzN
IN4h8iwDpssm5rwUZLlAJsBlKDO3t4vrx2AxqbwtotZwr17uVSrS6Bkxe+EHlvo9
DCMGztz8xHxnN9GahlAgQxoYA+o2PEKdDLT3IFdsTIwQ
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:16:42 2024 by rpki-client on console-fra.rpki-client.org