Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/tlc1T8u60VRapK--KSEO93sv-LA.roa
File:                     tlc1T8u60VRapK--KSEO93sv-LA.roa (raw, json)
Hash identifier:          0w0wCGq77oheNDUDukPTYFmyMnOSYUF12f7RnqXgVoI=
Subject key identifier:   B6:57:35:4F:CB:BA:D1:54:5A:A4:AF:BE:29:21:0E:F7:7B:2F:F8:B0
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A89531EE09C863CFDB791DD78608E
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/tlc1T8u60VRapK--KSEO93sv-LA.roa
Signing time:             Mon 01 Jan 2024 18:30:22 +0000
ROA not before:           Mon 01 Jan 2024 18:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208356
IP address blocks:        188.72.90.0/24 maxlen: 24
                          188.72.91.0/24 maxlen: 24
                          188.72.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:89:53:1e:e0:9c:86:3c:fd:b7:91:dd:78:60:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b657354fcbbad1545aa4afbe29210ef77b2ff8b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:04:ef:1a:2b:a6:74:bf:b6:fd:c9:38:7f:69:
                    45:67:fb:93:10:73:ba:06:74:e5:ee:2c:0f:2e:6c:
                    49:61:30:2d:02:a0:4d:91:dd:d0:77:fa:34:0f:ce:
                    bb:1c:d9:4d:76:ae:23:df:3a:f6:5b:44:87:1a:b5:
                    2e:92:5f:d0:5d:2d:6a:49:b2:04:99:e3:56:4e:02:
                    6f:48:c4:23:e6:4b:e5:75:65:36:c4:27:18:9d:c4:
                    41:b0:a2:9c:9b:9c:e6:c9:3f:7e:4f:79:af:35:e3:
                    2f:a7:b8:95:12:89:dd:58:27:d2:06:0d:eb:08:52:
                    75:a6:80:1b:53:c5:dd:8d:f2:71:01:41:c0:e1:05:
                    3c:05:bf:a5:17:05:4c:54:79:ce:72:e3:be:ca:51:
                    00:e1:a0:73:90:3b:6a:44:96:66:a6:2e:c9:84:ed:
                    ad:99:63:c6:88:6d:2b:08:6b:b8:dd:59:68:93:8a:
                    c6:12:ec:d7:cf:a3:1d:3c:ff:b6:8e:90:45:ef:22:
                    d4:44:52:40:20:2f:29:75:0f:d8:dc:54:46:f0:43:
                    9b:ec:a7:2b:26:cf:a6:89:a5:7b:09:1a:36:41:82:
                    2a:98:7a:0b:e9:94:56:c8:00:1b:3c:66:1b:82:3c:
                    85:53:56:43:08:55:9e:20:60:70:12:2b:9f:23:8d:
                    eb:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:57:35:4F:CB:BA:D1:54:5A:A4:AF:BE:29:21:0E:F7:7B:2F:F8:B0
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/tlc1T8u60VRapK--KSEO93sv-LA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.88.0/24
                  188.72.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:7a:3b:18:4e:25:87:07:c2:2d:46:3a:2b:d4:ed:46:92:84:
         26:66:14:4d:48:c4:99:de:79:72:ca:8d:f0:c6:b2:7d:90:e5:
         93:08:7f:0c:d9:3f:19:eb:d3:0a:cb:9d:05:4e:ba:1c:2a:cf:
         72:25:47:b3:5a:7a:cc:74:ab:b2:a2:4c:71:3d:6e:bf:1b:c4:
         ca:1c:56:c3:d9:17:b4:94:7f:90:80:4a:4f:4f:33:6c:14:45:
         00:ba:4e:b0:08:b0:3f:2e:57:43:91:01:1e:6f:59:b7:27:56:
         ed:26:6d:c9:1e:d8:ee:30:db:92:f3:99:16:70:7f:ec:bb:e8:
         8f:be:8f:2c:87:e0:47:59:3a:57:eb:bf:34:61:97:5b:e5:9b:
         71:47:08:f0:84:95:74:c5:4a:9d:06:36:a1:a6:96:cb:47:4b:
         75:df:e6:55:ba:e2:f4:42:18:42:12:c7:4e:c2:24:7e:f6:9a:
         94:51:3d:8c:6c:4a:b0:12:2b:47:d7:a3:f9:77:12:b5:fb:8e:
         dc:21:08:31:51:13:96:8f:a6:c4:c1:64:c3:2d:43:62:b5:55:
         30:c0:da:ce:68:57:df:df:55:54:0e:06:89:d2:99:a9:e6:01:
         71:44:8c:fd:5c:51:f7:1d:69:30:4a:c6:e7:26:b7:c6:cb:9d:
         12:31:eb:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSolTHuCchjz9t5HdeGCOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjU3MzU0ZmNiYmFkMTU0NWFhNGFmYmUyOTIxMGVmNzdiMmZmOGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwTvGiumdL+2/ck4f2lFZ/uTEHO6
BnTl7iwPLmxJYTAtAqBNkd3Qd/o0D867HNlNdq4j3zr2W0SHGrUukl/QXS1qSbIE
meNWTgJvSMQj5kvldWU2xCcYncRBsKKcm5zmyT9+T3mvNeMvp7iVEondWCfSBg3r
CFJ1poAbU8XdjfJxAUHA4QU8Bb+lFwVMVHnOcuO+ylEA4aBzkDtqRJZmpi7JhO2t
mWPGiG0rCGu43Vlok4rGEuzXz6MdPP+2jpBF7yLURFJAIC8pdQ/Y3FRG8EOb7Kcr
Js+miaV7CRo2QYIqmHoL6ZRWyAAbPGYbgjyFU1ZDCFWeIGBwEiufI43rgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLZXNU/LutFUWqSvvikhDvd7L/iwMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvdGxjMVQ4dTYwVlJhcEstLUtTRU85M3N2LUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvEhYAwQB
vEhaMA0GCSqGSIb3DQEBCwUAA4IBAQCjejsYTiWHB8ItRjor1O1GkoQmZhRNSMSZ
3nlyyo3wxrJ9kOWTCH8M2T8Z69MKy50FTrocKs9yJUezWnrMdKuyokxxPW6/G8TK
HFbD2Re0lH+QgEpPTzNsFEUAuk6wCLA/LldDkQEeb1m3J1btJm3JHtjuMNuS85kW
cH/su+iPvo8sh+BHWTpX6780YZdb5ZtxRwjwhJV0xUqdBjahppbLR0t13+ZVuuL0
QhhCEsdOwiR+9pqUUT2MbEqwEitH16P5dxK1+47cIQgxUROWj6bEwWTDLUNitVUw
wNrOaFff31VUDgaJ0pmp5gFxRIz9XFH3HWkwSsbnJrfGy50SMesO
-----END CERTIFICATE-----
Generated at Mon Jun 17 12:12:24 2024 by rpki-client on console-fra.rpki-client.org