Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/bdc09a-2b2a-4797-a296-9cfdf3c2b348/1/TpGytAzpqmvi6dFZqSeB0DjjCnc.roa
File:                     TpGytAzpqmvi6dFZqSeB0DjjCnc.roa (raw, json)
Hash identifier:          PAp4Z2U55FR4Xt28UJJq1Gy2HlRQ16sQ60otXjxdibE=
Subject key identifier:   4E:91:B2:B4:0C:E9:AA:6B:E2:E9:D1:59:A9:27:81:D0:38:E3:0A:77
Certificate issuer:       /CN=cbd757e913aace434e6dd6d6d50a7edf72ce888c
Certificate serial:       018CC4254F392D82B72EBC6F8F2B8D062259
Authority key identifier: CB:D7:57:E9:13:AA:CE:43:4E:6D:D6:D6:D5:0A:7E:DF:72:CE:88:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9dX6ROqzkNObdbW1Qp-33LOiIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/bdc09a-2b2a-4797-a296-9cfdf3c2b348/1/TpGytAzpqmvi6dFZqSeB0DjjCnc.roa
Signing time:             Mon 01 Jan 2024 08:30:28 +0000
ROA not before:           Mon 01 Jan 2024 08:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205099
IP address blocks:        185.194.202.0/23 maxlen: 24
                          185.230.80.0/22 maxlen: 24
                          2a0c:900::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/bdc09a-2b2a-4797-a296-9cfdf3c2b348/1/y9dX6ROqzkNObdbW1Qp-33LOiIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/bdc09a-2b2a-4797-a296-9cfdf3c2b348/1/y9dX6ROqzkNObdbW1Qp-33LOiIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9dX6ROqzkNObdbW1Qp-33LOiIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4f:39:2d:82:b7:2e:bc:6f:8f:2b:8d:06:22:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd757e913aace434e6dd6d6d50a7edf72ce888c
        Validity
            Not Before: Jan  1 08:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e91b2b40ce9aa6be2e9d159a92781d038e30a77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8a:d2:29:66:52:8b:58:fb:e2:2d:bd:51:b8:
                    cd:ca:32:b1:da:de:49:5e:08:97:e1:9b:b7:83:2b:
                    f7:e7:24:ab:8a:b0:11:d3:27:a1:ff:66:86:59:33:
                    9d:c3:69:e4:f2:d0:ca:07:af:0e:c3:2f:81:c1:33:
                    30:0c:e2:14:1e:69:eb:cf:72:39:a0:c9:6e:de:f2:
                    0b:9f:d3:0f:74:9e:60:83:4c:d6:8c:66:72:f9:2d:
                    02:38:2c:f7:fe:8f:f3:cb:cb:a7:6b:9a:83:74:c2:
                    51:f1:5b:83:5c:a2:d7:df:68:26:c1:58:c7:30:72:
                    1a:d5:be:9b:8d:f2:8c:25:d2:9d:0c:9c:1f:ad:c5:
                    bc:6d:35:8a:36:f7:a9:e2:14:5f:55:33:6e:d2:9d:
                    63:c7:87:69:6e:91:0d:c1:91:61:5f:2a:20:64:a6:
                    e9:86:9d:88:80:10:38:8b:7a:38:af:47:d2:4c:87:
                    e6:06:54:33:c4:89:85:5f:7d:98:a4:7d:a1:78:fe:
                    e4:1e:5a:76:51:56:32:fb:13:08:b8:57:03:28:d4:
                    f6:ec:11:33:5f:5a:86:97:f7:2c:19:13:f4:10:67:
                    d2:f0:eb:3e:65:da:a4:14:40:ac:8a:20:35:a9:13:
                    40:5a:d6:37:4c:90:30:3d:1a:ba:19:9c:e2:41:43:
                    b0:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:91:B2:B4:0C:E9:AA:6B:E2:E9:D1:59:A9:27:81:D0:38:E3:0A:77
            X509v3 Authority Key Identifier:
                keyid:CB:D7:57:E9:13:AA:CE:43:4E:6D:D6:D6:D5:0A:7E:DF:72:CE:88:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9dX6ROqzkNObdbW1Qp-33LOiIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/bdc09a-2b2a-4797-a296-9cfdf3c2b348/1/TpGytAzpqmvi6dFZqSeB0DjjCnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/bdc09a-2b2a-4797-a296-9cfdf3c2b348/1/y9dX6ROqzkNObdbW1Qp-33LOiIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.202.0/23
                  185.230.80.0/22
                IPv6:
                  2a0c:900::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:e0:c2:a9:34:b0:06:99:c1:2c:a2:d8:4b:8e:11:83:a4:ad:
         e4:8e:ff:67:30:02:cc:d6:e1:5f:42:ef:05:e0:5f:57:28:84:
         20:48:5e:f7:5d:66:4b:c8:df:c0:61:fa:85:ce:d6:6e:9e:59:
         89:9c:2f:ea:10:54:b0:d6:f3:62:4d:54:da:13:0a:59:be:1d:
         0d:cd:4d:7e:c6:44:64:3c:17:b7:09:63:de:d7:7b:e9:6f:2f:
         77:36:49:e9:fc:a2:f4:bb:c3:5d:e5:50:c8:4e:d4:bc:5d:5f:
         6d:1f:f1:f3:71:cb:c9:c6:8f:a1:94:78:27:e6:40:b5:92:ab:
         44:f2:72:d2:7f:74:86:b0:16:a9:9e:e8:a7:b9:0f:79:5f:70:
         09:ab:a0:8b:17:fb:56:b0:f8:e2:f3:9e:c2:19:13:11:40:dc:
         9c:2d:9f:ef:58:cd:a5:79:9c:dd:1f:92:fe:b7:e4:76:0a:c4:
         ce:42:b6:79:fc:0f:fe:38:73:5b:3e:46:b5:14:e8:ad:a2:ff:
         d4:02:33:3b:25:8c:e9:44:ab:ca:58:99:85:2b:43:05:7e:e0:
         05:1b:12:80:db:82:6d:12:8c:af:d3:1c:1e:5e:49:c3:71:4f:
         38:51:b0:12:de:5c:5e:e6:82:bf:b4:7d:87:3f:50:c6:17:27:
         fc:cd:bc:0a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJU85LYK3LrxvjyuNBiJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDc1N2U5MTNhYWNlNDM0ZTZkZDZkNmQ1MGE3ZWRmNzJj
ZTg4OGMwHhcNMjQwMTAxMDgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTkxYjJiNDBjZTlhYTZiZTJlOWQxNTlhOTI3ODFkMDM4ZTMwYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4rSKWZSi1j74i29UbjNyjKx2t5J
XgiX4Zu3gyv35ySrirAR0yeh/2aGWTOdw2nk8tDKB68Owy+BwTMwDOIUHmnrz3I5
oMlu3vILn9MPdJ5gg0zWjGZy+S0COCz3/o/zy8una5qDdMJR8VuDXKLX32gmwVjH
MHIa1b6bjfKMJdKdDJwfrcW8bTWKNvep4hRfVTNu0p1jx4dpbpENwZFhXyogZKbp
hp2IgBA4i3o4r0fSTIfmBlQzxImFX32YpH2heP7kHlp2UVYy+xMIuFcDKNT27BEz
X1qGl/csGRP0EGfS8Os+ZdqkFECsiiA1qRNAWtY3TJAwPRq6GZziQUOw6QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE6RsrQM6apr4unRWakngdA44wp3MB8GA1UdIwQY
MBaAFMvXV+kTqs5DTm3W1tUKft9yzoiMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlkWDZST3F6a05PYmRiVzFRcC0zM0xPaUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9iZGMwOWEtMmIyYS00Nzk3LWEyOTYt
OWNmZGYzYzJiMzQ4LzEvVHBHeXRBenBxbXZpNmRGWnFTZUIwRGpqQ25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9iZGMwOWEtMmIyYS00Nzk3LWEyOTYtOWNmZGYzYzJiMzQ4
LzEveTlkWDZST3F6a05PYmRiVzFRcC0zM0xPaUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBucLKAwQC
ueZQMA0EAgACMAcDBQMqDAkAMA0GCSqGSIb3DQEBCwUAA4IBAQBI4MKpNLAGmcEs
othLjhGDpK3kjv9nMALM1uFfQu8F4F9XKIQgSF73XWZLyN/AYfqFztZunlmJnC/q
EFSw1vNiTVTaEwpZvh0NzU1+xkRkPBe3CWPe13vpby93Nknp/KL0u8Nd5VDITtS8
XV9tH/HzccvJxo+hlHgn5kC1kqtE8nLSf3SGsBapnuinuQ95X3AJq6CLF/tWsPji
857CGRMRQNycLZ/vWM2leZzdH5L+t+R2CsTOQrZ5/A/+OHNbPka1FOitov/UAjM7
JYzpRKvKWJmFK0MFfuAFGxKA24JtEoyv0xweXknDcU84UbAS3lxe5oK/tH2HP1DG
Fyf8zbwK
-----END CERTIFICATE-----
Generated at Sun Jun 16 02:47:03 2024 by rpki-client on console-fra.rpki-client.org