Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0e4506-174f-440a-a31c-bfff5142053f/1/fLx6ARp_XELZuUhU7kDXAjpPuwk.roa
File:                     fLx6ARp_XELZuUhU7kDXAjpPuwk.roa (raw, json)
Hash identifier:          uTCowJPAT95hr4395tl8GegbA7fdKD/i94UzJqvmAWc=
Subject key identifier:   7C:BC:7A:01:1A:7F:5C:42:D9:B9:48:54:EE:40:D7:02:3A:4F:BB:09
Certificate issuer:       /CN=a52f6524085fa10e8c098ac2b5828a1f88c6913c
Certificate serial:       018CC86F3E10CEE55FAD39AB61872FFB02E2
Authority key identifier: A5:2F:65:24:08:5F:A1:0E:8C:09:8A:C2:B5:82:8A:1F:88:C6:91:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pS9lJAhfoQ6MCYrCtYKKH4jGkTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0e4506-174f-440a-a31c-bfff5142053f/1/fLx6ARp_XELZuUhU7kDXAjpPuwk.roa
Signing time:             Tue 02 Jan 2024 04:29:42 +0000
ROA not before:           Tue 02 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208734
IP address blocks:        45.84.116.0/24 maxlen: 24
                          45.84.118.0/24 maxlen: 24
                          45.84.117.0/24 maxlen: 24
                          45.84.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/0e4506-174f-440a-a31c-bfff5142053f/1/pS9lJAhfoQ6MCYrCtYKKH4jGkTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/0e4506-174f-440a-a31c-bfff5142053f/1/pS9lJAhfoQ6MCYrCtYKKH4jGkTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pS9lJAhfoQ6MCYrCtYKKH4jGkTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3e:10:ce:e5:5f:ad:39:ab:61:87:2f:fb:02:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a52f6524085fa10e8c098ac2b5828a1f88c6913c
        Validity
            Not Before: Jan  2 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cbc7a011a7f5c42d9b94854ee40d7023a4fbb09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:55:5c:18:3e:27:7c:e7:0d:10:f8:76:41:d5:
                    7d:94:99:06:b1:09:e4:f8:72:6a:91:8b:40:5e:6e:
                    8f:f2:4c:bd:cd:bb:7d:1b:08:ee:19:0c:f6:a8:8d:
                    f0:68:e8:39:f6:9e:f7:d7:10:35:f9:de:28:35:25:
                    7f:22:8f:96:63:15:5c:24:5d:c7:ef:6f:83:39:09:
                    31:e2:e1:26:b7:8e:f5:af:e3:bd:28:55:81:2e:17:
                    80:ef:1c:3a:56:a3:71:97:99:a3:19:e3:3b:22:76:
                    6f:8f:08:57:ea:8c:5d:d5:69:42:bc:72:06:d4:13:
                    da:2a:9a:9d:04:46:fd:7f:34:43:73:5e:e5:69:8b:
                    e3:d6:57:6a:c7:04:90:c0:63:eb:43:d0:d3:f9:02:
                    be:93:8a:6f:14:70:85:0a:5e:87:c8:f9:55:99:8d:
                    c7:11:f6:00:cf:5f:18:8a:08:e4:61:c3:6a:3a:a9:
                    e7:1f:ef:a4:d7:14:af:58:0c:a7:4f:c7:cd:4f:eb:
                    29:01:7e:ad:03:50:09:3c:08:85:15:15:a5:c7:8a:
                    ff:41:39:31:9c:33:4d:f6:fe:80:db:47:b8:a2:49:
                    76:8e:a9:34:9e:e9:de:c6:d5:42:9b:f7:c9:b6:de:
                    d0:99:8a:be:76:89:52:54:a0:55:9c:1e:fd:4c:df:
                    a6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:BC:7A:01:1A:7F:5C:42:D9:B9:48:54:EE:40:D7:02:3A:4F:BB:09
            X509v3 Authority Key Identifier:
                keyid:A5:2F:65:24:08:5F:A1:0E:8C:09:8A:C2:B5:82:8A:1F:88:C6:91:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pS9lJAhfoQ6MCYrCtYKKH4jGkTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0e4506-174f-440a-a31c-bfff5142053f/1/fLx6ARp_XELZuUhU7kDXAjpPuwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0e4506-174f-440a-a31c-bfff5142053f/1/pS9lJAhfoQ6MCYrCtYKKH4jGkTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:0c:3e:e5:a2:ca:78:2f:66:c3:18:ab:4a:32:74:c9:4c:b6:
         93:24:f0:62:81:df:0d:b1:4a:9f:21:b2:b9:fe:15:e1:94:5d:
         b1:fd:22:91:e6:69:9b:b2:28:c3:74:bb:82:6d:80:f2:5b:95:
         60:3e:3e:3e:e3:df:8c:d5:08:22:26:8b:01:b2:12:5b:6d:f9:
         31:56:a0:62:f5:20:cb:ef:87:6b:da:a8:cc:a4:de:57:2d:59:
         cc:d3:37:74:f0:9e:fd:6b:ec:40:58:eb:22:be:14:e7:6f:b5:
         b5:52:25:9b:7c:bd:95:94:1e:e0:02:51:3a:5d:24:fb:5b:5b:
         2c:48:92:6a:63:14:63:60:36:f4:ee:98:8a:dc:40:3b:57:44:
         6a:76:ba:83:a5:6a:66:bf:ee:19:da:7a:3c:ec:51:f9:c3:1a:
         8e:63:42:fb:e8:fd:2c:77:f9:6c:85:c5:2e:e0:48:2c:98:92:
         a5:56:ce:79:e2:66:33:8e:92:97:66:f8:e5:d5:68:23:f7:0f:
         99:76:3b:73:38:19:dc:37:40:cf:49:96:f1:37:ec:9c:fd:95:
         2d:ed:6f:cd:aa:c6:60:a5:a7:93:c4:bc:e0:ca:ea:fa:55:73:
         ba:d9:08:0c:bb:94:92:9c:a4:e8:09:a8:05:dc:f2:30:a7:22:
         fc:9d:94:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbz4QzuVfrTmrYYcv+wLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MmY2NTI0MDg1ZmExMGU4YzA5OGFjMmI1ODI4YTFmODhj
NjkxM2MwHhcNMjQwMTAyMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2JjN2EwMTFhN2Y1YzQyZDliOTQ4NTRlZTQwZDcwMjNhNGZiYjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklVcGD4nfOcNEPh2QdV9lJkGsQnk
+HJqkYtAXm6P8ky9zbt9GwjuGQz2qI3waOg59p731xA1+d4oNSV/Io+WYxVcJF3H
72+DOQkx4uEmt471r+O9KFWBLheA7xw6VqNxl5mjGeM7InZvjwhX6oxd1WlCvHIG
1BPaKpqdBEb9fzRDc17laYvj1ldqxwSQwGPrQ9DT+QK+k4pvFHCFCl6HyPlVmY3H
EfYAz18YigjkYcNqOqnnH++k1xSvWAynT8fNT+spAX6tA1AJPAiFFRWlx4r/QTkx
nDNN9v6A20e4okl2jqk0nunextVCm/fJtt7QmYq+dolSVKBVnB79TN+mnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHy8egEaf1xC2blIVO5A1wI6T7sJMB8GA1UdIwQY
MBaAFKUvZSQIX6EOjAmKwrWCih+IxpE8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFM5bEpBaGZvUTZNQ1lyQ3RZS0tINGpHa1R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wZTQ1MDYtMTc0Zi00NDBhLWEzMWMt
YmZmZjUxNDIwNTNmLzEvZkx4NkFScF9YRUxadVVoVTdrRFhBanBQdXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wZTQ1MDYtMTc0Zi00NDBhLWEzMWMtYmZmZjUxNDIwNTNm
LzEvcFM5bEpBaGZvUTZNQ1lyQ3RZS0tINGpHa1R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVR0MA0G
CSqGSIb3DQEBCwUAA4IBAQA8DD7losp4L2bDGKtKMnTJTLaTJPBigd8NsUqfIbK5
/hXhlF2x/SKR5mmbsijDdLuCbYDyW5VgPj4+49+M1QgiJosBshJbbfkxVqBi9SDL
74dr2qjMpN5XLVnM0zd08J79a+xAWOsivhTnb7W1UiWbfL2VlB7gAlE6XST7W1ss
SJJqYxRjYDb07piK3EA7V0RqdrqDpWpmv+4Z2no87FH5wxqOY0L76P0sd/lshcUu
4EgsmJKlVs554mYzjpKXZvjl1Wgj9w+ZdjtzOBncN0DPSZbxN+yc/ZUt7W/NqsZg
paeTxLzgyur6VXO62QgMu5SSnKToCagF3PIwpyL8nZTx
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:01:22 2024 by rpki-client on console-fra.rpki-client.org