Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/xNgKUzUTB8K9wi4WxTPxBJ1YQK4.roa
File:                     xNgKUzUTB8K9wi4WxTPxBJ1YQK4.roa (raw, json)
Hash identifier:          RNFX7ZH2Q3tCIIXn6I9hnLNAc37OF2ay9Gxo9HokUTQ=
Subject key identifier:   C4:D8:0A:53:35:13:07:C2:BD:C2:2E:16:C5:33:F1:04:9D:58:40:AE
Certificate issuer:       /CN=1e514098a5a9736cda4303e0495e94652390aa91
Certificate serial:       018CC6B8C45365A2142E4D16F4D2DA08AF79
Authority key identifier: 1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/xNgKUzUTB8K9wi4WxTPxBJ1YQK4.roa
Signing time:             Mon 01 Jan 2024 20:30:46 +0000
ROA not before:           Mon 01 Jan 2024 20:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208959
IP address blocks:        46.232.210.0/23 maxlen: 23
                          185.207.164.0/22 maxlen: 22
                          45.86.221.0/24 maxlen: 24
                          2a11:b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c4:53:65:a2:14:2e:4d:16:f4:d2:da:08:af:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e514098a5a9736cda4303e0495e94652390aa91
        Validity
            Not Before: Jan  1 20:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4d80a53351307c2bdc22e16c533f1049d5840ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4c:d4:0b:e6:86:0c:ef:b9:8e:c4:bb:b9:29:
                    1d:16:f6:67:e1:0e:69:0e:85:ad:6a:2f:56:c1:bf:
                    d8:3a:3e:59:fa:5f:38:b9:3f:73:77:6c:be:3c:57:
                    04:d2:74:97:2d:4d:c1:80:de:23:2c:6a:0a:2f:c9:
                    2e:33:b5:d0:28:62:11:e4:a8:37:4a:3e:57:fd:9a:
                    2f:5a:ed:71:5c:4e:e0:27:e0:c9:5c:7d:fc:6e:3a:
                    0e:a6:e9:ec:9e:64:d1:0c:22:62:8b:00:fc:fd:91:
                    a8:54:da:66:a7:bb:ab:44:41:94:eb:ae:fc:6e:f5:
                    69:3a:ba:51:d2:8d:3c:fb:72:a7:c1:82:a8:f6:d2:
                    39:8a:78:3b:98:6e:91:29:28:8c:b6:c0:04:51:80:
                    04:f1:3e:2e:cd:f4:d2:34:47:20:87:33:02:67:3f:
                    8d:1c:a6:30:3d:4a:d5:88:dc:9b:e9:b4:07:a8:76:
                    c2:e4:fc:e0:1f:c9:9a:72:b9:fb:cb:99:b2:bf:11:
                    94:bb:ac:4c:e1:14:35:c0:4c:f5:53:7f:8c:33:f7:
                    b6:a2:7a:ab:87:c5:29:62:11:83:1e:07:02:e3:b8:
                    69:d8:97:b7:4f:fb:41:01:ce:7e:29:73:2d:57:3b:
                    d8:b4:66:4e:aa:a2:0f:7e:c5:72:22:a7:95:a8:1c:
                    d9:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:D8:0A:53:35:13:07:C2:BD:C2:2E:16:C5:33:F1:04:9D:58:40:AE
            X509v3 Authority Key Identifier:
                keyid:1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/xNgKUzUTB8K9wi4WxTPxBJ1YQK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.221.0/24
                  46.232.210.0/23
                  185.207.164.0/22
                IPv6:
                  2a11:b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:4b:83:b9:00:41:b8:fb:7e:28:2f:b1:40:48:0b:1f:b6:ce:
         25:7b:c8:24:04:f4:df:24:e4:7c:55:5f:da:37:e1:5f:1a:c3:
         f8:ce:43:b6:82:2d:be:bc:9c:01:89:e7:a1:33:b0:1d:74:a2:
         c9:5c:9e:f1:bd:54:22:7f:8d:cb:b2:e0:d1:83:2c:47:54:eb:
         7b:4a:e0:b2:ca:ad:d4:22:91:4b:30:8a:17:49:15:fe:f1:f4:
         90:87:c2:f0:ef:1a:6d:9e:13:ac:3b:40:98:39:79:d1:66:fe:
         c0:10:44:45:38:1f:3d:93:00:81:83:6e:63:65:29:f3:0f:95:
         a1:0e:13:ed:21:5d:0e:ec:c8:11:1a:bf:ea:d9:0a:9e:e1:ca:
         77:29:fb:65:1a:7a:03:4a:15:b5:45:12:73:e9:60:94:d6:f5:
         0a:f9:1f:04:89:e2:3e:54:3d:3c:a1:0e:b3:ab:e1:9f:a2:58:
         a8:e6:e7:6a:14:ac:ee:d4:ff:0d:ea:1f:d9:1c:68:d6:fd:76:
         a8:b1:49:f7:61:39:ba:d4:fc:12:7b:1e:8a:1c:29:91:fd:d4:
         a8:ba:59:25:1e:e3:66:94:77:0f:ac:d6:f1:8f:5a:42:78:1b:
         95:1e:a6:6d:2b:ea:bc:ac:34:a6:22:86:6a:af:57:43:be:e0:
         af:8c:07:df
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzGuMRTZaIULk0W9NLaCK95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNTE0MDk4YTVhOTczNmNkYTQzMDNlMDQ5NWU5NDY1MjM5
MGFhOTEwHhcNMjQwMTAxMjAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGQ4MGE1MzM1MTMwN2MyYmRjMjJlMTZjNTMzZjEwNDlkNTg0MGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUzUC+aGDO+5jsS7uSkdFvZn4Q5p
DoWtai9Wwb/YOj5Z+l84uT9zd2y+PFcE0nSXLU3BgN4jLGoKL8kuM7XQKGIR5Kg3
Sj5X/ZovWu1xXE7gJ+DJXH38bjoOpunsnmTRDCJiiwD8/ZGoVNpmp7urREGU6678
bvVpOrpR0o08+3KnwYKo9tI5ing7mG6RKSiMtsAEUYAE8T4uzfTSNEcghzMCZz+N
HKYwPUrViNyb6bQHqHbC5PzgH8macrn7y5myvxGUu6xM4RQ1wEz1U3+MM/e2onqr
h8UpYhGDHgcC47hp2Je3T/tBAc5+KXMtVzvYtGZOqqIPfsVyIqeVqBzZbQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMTYClM1EwfCvcIuFsUz8QSdWECuMB8GA1UdIwQY
MBaAFB5RQJilqXNs2kMD4ElelGUjkKqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQt
ODU0MzgxNjg2YzdiLzEveE5nS1V6VVRCOEs5d2k0V3hUUHhCSjFZUUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQtODU0MzgxNjg2Yzdi
LzEvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQALVbdAwQB
LujSAwQCuc+kMA0EAgACMAcDBQMqEQsAMA0GCSqGSIb3DQEBCwUAA4IBAQBGS4O5
AEG4+34oL7FASAsfts4le8gkBPTfJOR8VV/aN+FfGsP4zkO2gi2+vJwBieehM7Ad
dKLJXJ7xvVQif43LsuDRgyxHVOt7SuCyyq3UIpFLMIoXSRX+8fSQh8Lw7xptnhOs
O0CYOXnRZv7AEERFOB89kwCBg25jZSnzD5WhDhPtIV0O7MgRGr/q2Qqe4cp3Kftl
GnoDShW1RRJz6WCU1vUK+R8EieI+VD08oQ6zq+Gfolio5udqFKzu1P8N6h/ZHGjW
/XaosUn3YTm61PwSex6KHCmR/dSoulklHuNmlHcPrNbxj1pCeBuVHqZtK+q8rDSm
IoZqr1dDvuCvjAff
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:03:48 2024 by rpki-client on console-fra.rpki-client.org