Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/B6aiypPBJwF9WF96eM1aliv6Ytc.roa
File:                     B6aiypPBJwF9WF96eM1aliv6Ytc.roa (raw, json)
Hash identifier:          SUocFgW7haypZNKnRVVtFvn7JGuwypnhcmngeyRkyUE=
Subject key identifier:   07:A6:A2:CA:93:C1:27:01:7D:58:5F:7A:78:CD:5A:96:2B:FA:62:D7
Certificate issuer:       /CN=291f0b73e67d63c5a4c9046814166a9e21625f28
Certificate serial:       018CC2DB1780F40E8C62CDE7B23B7DFCA9A8
Authority key identifier: 29:1F:0B:73:E6:7D:63:C5:A4:C9:04:68:14:16:6A:9E:21:62:5F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/B6aiypPBJwF9WF96eM1aliv6Ytc.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56595
IP address blocks:        198.52.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:17:80:f4:0e:8c:62:cd:e7:b2:3b:7d:fc:a9:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=291f0b73e67d63c5a4c9046814166a9e21625f28
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07a6a2ca93c127017d585f7a78cd5a962bfa62d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:20:4a:05:84:8b:6a:c9:83:c7:d1:32:c8:99:
                    af:e6:44:90:ad:e1:8d:d5:a6:56:fc:d8:b6:45:0a:
                    9d:38:be:76:91:32:3b:66:9d:b8:7c:1c:8a:d5:c3:
                    4a:c4:ac:7d:17:2c:a0:f7:ae:f4:a2:44:e8:2b:b6:
                    38:c1:6c:03:0e:a8:84:a0:fb:05:e2:9b:9c:20:f8:
                    39:39:e3:96:36:53:4e:d2:40:ca:e4:2e:47:ac:86:
                    0c:cb:8d:ae:30:12:10:0a:82:e7:0b:17:0a:e6:4e:
                    aa:f1:c6:19:7e:d8:63:51:af:6a:db:4a:43:0b:56:
                    26:3a:aa:b9:1e:9a:99:ee:76:47:47:74:cc:f8:c7:
                    0b:56:a2:90:9d:f8:3a:16:cf:97:b2:6e:30:d2:b1:
                    7f:07:ed:98:31:9c:b3:7f:1e:71:f6:54:26:53:3b:
                    40:51:a7:ad:76:57:f2:6a:2f:11:b8:39:c8:dd:5b:
                    e8:dc:e5:bc:fd:98:aa:12:b7:72:99:c6:d0:8e:ad:
                    6a:ee:30:c3:9e:79:db:72:86:43:0b:dc:9a:e7:e8:
                    cf:67:b4:ad:7d:95:e4:af:6c:42:48:19:c6:65:c5:
                    48:b7:3a:f0:9f:63:ba:13:0c:53:2c:7d:07:66:f7:
                    5d:b6:98:8c:69:09:08:27:7d:19:30:7b:5b:db:df:
                    4f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A6:A2:CA:93:C1:27:01:7D:58:5F:7A:78:CD:5A:96:2B:FA:62:D7
            X509v3 Authority Key Identifier:
                keyid:29:1F:0B:73:E6:7D:63:C5:A4:C9:04:68:14:16:6A:9E:21:62:5F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/B6aiypPBJwF9WF96eM1aliv6Ytc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/48d609-088d-41e4-bec4-38ee8fd64e7d/1/KR8Lc-Z9Y8WkyQRoFBZqniFiXyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.52.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:e5:95:af:9a:2f:7a:ac:80:9c:72:0d:69:f9:0c:86:34:77:
         83:43:b5:6f:bf:73:b6:08:b5:41:f7:48:7f:64:a7:e2:32:8a:
         51:39:41:d8:de:7a:b8:1f:1d:03:4b:19:d2:bc:e5:b0:fd:22:
         1e:c1:bd:6d:e5:39:ba:61:a2:19:0d:6f:22:bd:29:4f:fc:88:
         32:09:c7:ff:97:0e:19:75:8e:8d:5e:b2:37:af:e1:35:ba:5f:
         69:50:4a:3d:91:b2:bd:77:3d:03:60:5f:57:e7:99:83:21:0f:
         66:7b:d7:70:79:69:9c:b8:c9:af:e9:30:f0:12:e8:ac:ad:22:
         9e:bf:a4:b4:1b:d6:c1:3f:c6:7d:a0:56:a2:45:d3:0a:f7:78:
         b4:5a:35:2e:da:13:4b:d8:aa:71:d3:80:13:ee:51:a5:32:9b:
         11:02:76:72:f7:35:46:21:16:87:e3:41:3b:2a:29:88:19:52:
         5b:3f:66:da:90:5d:be:d1:dc:d1:e4:50:94:88:de:56:8e:f4:
         e8:ce:93:20:fb:c9:51:7b:8d:d1:ee:2a:d0:05:96:49:45:b1:
         c9:47:e4:73:ec:fe:04:8b:50:4e:8c:0e:ac:93:8f:15:ac:37:
         1f:bd:02:d7:a4:f4:78:8f:83:31:d2:ff:3c:54:0b:27:12:54:
         23:eb:11:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xeA9A6MYs3nsjt9/KmoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MWYwYjczZTY3ZDYzYzVhNGM5MDQ2ODE0MTY2YTllMjE2
MjVmMjgwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2E2YTJjYTkzYzEyNzAxN2Q1ODVmN2E3OGNkNWE5NjJiZmE2MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCBKBYSLasmDx9EyyJmv5kSQreGN
1aZW/Ni2RQqdOL52kTI7Zp24fByK1cNKxKx9Fyyg9670okToK7Y4wWwDDqiEoPsF
4pucIPg5OeOWNlNO0kDK5C5HrIYMy42uMBIQCoLnCxcK5k6q8cYZfthjUa9q20pD
C1YmOqq5HpqZ7nZHR3TM+McLVqKQnfg6Fs+Xsm4w0rF/B+2YMZyzfx5x9lQmUztA
Uaetdlfyai8RuDnI3Vvo3OW8/ZiqErdymcbQjq1q7jDDnnnbcoZDC9ya5+jPZ7St
fZXkr2xCSBnGZcVItzrwn2O6EwxTLH0HZvddtpiMaQkIJ30ZMHtb299P7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAemosqTwScBfVhfenjNWpYr+mLXMB8GA1UdIwQY
MBaAFCkfC3PmfWPFpMkEaBQWap4hYl8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1I4TGMtWjlZOFdreVFSb0ZCWnFuaUZpWHlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80OGQ2MDktMDg4ZC00MWU0LWJlYzQt
MzhlZThmZDY0ZTdkLzEvQjZhaXlwUEJKd0Y5V0Y5NmVNMWFsaXY2WXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80OGQ2MDktMDg4ZC00MWU0LWJlYzQtMzhlZThmZDY0ZTdk
LzEvS1I4TGMtWjlZOFdreVFSb0ZCWnFuaUZpWHlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAxjQtMA0G
CSqGSIb3DQEBCwUAA4IBAQBp5ZWvmi96rICccg1p+QyGNHeDQ7Vvv3O2CLVB90h/
ZKfiMopROUHY3nq4Hx0DSxnSvOWw/SIewb1t5Tm6YaIZDW8ivSlP/IgyCcf/lw4Z
dY6NXrI3r+E1ul9pUEo9kbK9dz0DYF9X55mDIQ9me9dweWmcuMmv6TDwEuisrSKe
v6S0G9bBP8Z9oFaiRdMK93i0WjUu2hNL2Kpx04AT7lGlMpsRAnZy9zVGIRaH40E7
KimIGVJbP2bakF2+0dzR5FCUiN5WjvTozpMg+8lRe43R7irQBZZJRbHJR+Rz7P4E
i1BOjA6sk48VrDcfvQLXpPR4j4Mx0v88VAsnElQj6xFm
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:28:39 2024 by rpki-client on console-fra.rpki-client.org