Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/tvsibIsFIr3uRyURAQgbSEtProQ.roa
File:                     tvsibIsFIr3uRyURAQgbSEtProQ.roa (raw, json)
Hash identifier:          lrFF0t/O0T3rq/cTpkoDGNUqcf2E6Onqf+XEJZ3p3ds=
Subject key identifier:   B6:FB:22:6C:8B:05:22:BD:EE:47:25:11:01:08:1B:48:4B:4F:AE:84
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018CCA29C67881E49821C662B207330BE7BA
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/tvsibIsFIr3uRyURAQgbSEtProQ.roa
Signing time:             Tue 02 Jan 2024 12:33:04 +0000
ROA not before:           Tue 02 Jan 2024 12:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142578
IP address blocks:        213.176.76.0/22 maxlen: 24
                          213.176.80.0/21 maxlen: 24
                          213.176.96.0/20 maxlen: 24
                          213.176.8.0/21 maxlen: 24
                          213.176.16.0/22 maxlen: 24
                          213.176.32.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:c6:78:81:e4:98:21:c6:62:b2:07:33:0b:e7:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 12:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6fb226c8b0522bdee47251101081b484b4fae84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c0:26:58:ac:48:bc:3d:c4:48:41:2f:1d:08:
                    1d:b4:98:57:1c:58:c4:cb:8b:07:64:95:28:9b:39:
                    5f:3e:ec:79:81:fb:0e:fc:52:9c:06:90:3f:63:1b:
                    63:c7:06:dd:45:ce:79:42:24:45:95:a6:1b:80:5b:
                    4c:e0:bd:ad:17:2d:1d:5f:5b:1c:73:27:f0:cf:56:
                    9f:46:ad:a2:6b:b6:d4:03:37:aa:92:5e:a5:8f:6d:
                    d0:bc:b7:2b:83:b4:ae:a8:1e:a4:e2:22:cc:1e:92:
                    c3:76:72:e9:c2:0e:34:d7:f5:3d:da:21:f6:d6:a5:
                    9e:d9:f8:8c:de:db:83:c7:c8:08:3e:bf:35:2a:7c:
                    94:61:4b:f7:71:ff:86:44:5f:fc:80:dc:ee:08:39:
                    69:3c:3b:1c:9d:cc:75:d3:cd:4c:d9:81:3c:c9:95:
                    ac:b4:9e:0b:82:33:bc:f1:6f:a2:13:0e:7b:c8:f3:
                    ea:1c:8e:ba:34:b3:e6:59:c5:f9:3e:af:9e:ef:2b:
                    19:cc:d4:ab:c8:81:e1:8f:00:17:7b:47:d3:82:97:
                    83:1f:e2:90:fb:71:2d:40:13:7f:1e:46:f1:be:99:
                    82:46:7e:b8:1b:6b:4e:bf:5f:52:31:da:52:70:2e:
                    56:a1:cd:21:85:53:27:2a:3c:35:9f:4f:05:a3:27:
                    0c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:FB:22:6C:8B:05:22:BD:EE:47:25:11:01:08:1B:48:4B:4F:AE:84
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/tvsibIsFIr3uRyURAQgbSEtProQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.8.0-213.176.19.255
                  213.176.32.0/19
                  213.176.76.0-213.176.87.255
                  213.176.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         88:6e:fa:9d:4b:a8:23:5a:e6:78:78:42:0a:62:a3:80:1b:8f:
         09:ac:85:0c:fa:37:d6:74:ba:b0:80:4e:86:99:45:e5:89:c4:
         5d:1f:e6:e3:1e:bf:f9:1a:93:aa:59:96:be:50:62:55:19:8b:
         a2:ac:7b:b4:9e:b0:29:16:e4:3a:28:7e:1a:c0:6c:64:a9:a3:
         a6:ee:ea:18:ba:4b:95:31:16:c9:11:c2:7f:14:26:88:be:c7:
         a8:16:39:81:83:c2:dc:b8:d7:70:fe:c4:9b:6d:9e:4c:46:6b:
         be:50:ed:51:60:68:d5:ab:88:69:97:f6:9a:f1:18:ce:89:7d:
         09:ef:4d:8d:15:2b:1d:1f:26:a6:c6:1a:cc:f0:6f:09:61:ad:
         93:88:ac:4a:a8:ae:c5:5e:d7:3a:69:ac:d1:01:75:4e:b5:87:
         1c:0f:52:86:be:e5:56:50:1f:f4:49:2c:5a:37:47:99:d8:74:
         1f:64:02:1d:3c:5b:21:a9:5e:44:69:02:11:8b:ec:94:58:e0:
         0a:d6:a5:69:3d:3b:b2:6b:50:09:fa:b0:b9:78:37:26:73:cf:
         d0:db:70:f4:33:28:f1:e6:89:4d:87:85:47:1c:a1:5c:1c:90:
         5b:a7:10:a6:42:57:f5:5b:35:ed:07:d8:69:91:96:82:5d:63:
         24:2d:89:1c
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzKKcZ4geSYIcZisgczC+e6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwMTAyMTIzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmZiMjI2YzhiMDUyMmJkZWU0NzI1MTEwMTA4MWI0ODRiNGZhZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMAmWKxIvD3ESEEvHQgdtJhXHFjE
y4sHZJUomzlfPux5gfsO/FKcBpA/YxtjxwbdRc55QiRFlaYbgFtM4L2tFy0dX1sc
cyfwz1afRq2ia7bUAzeqkl6lj23QvLcrg7SuqB6k4iLMHpLDdnLpwg401/U92iH2
1qWe2fiM3tuDx8gIPr81KnyUYUv3cf+GRF/8gNzuCDlpPDscncx1081M2YE8yZWs
tJ4LgjO88W+iEw57yPPqHI66NLPmWcX5Pq+e7ysZzNSryIHhjwAXe0fTgpeDH+KQ
+3EtQBN/HkbxvpmCRn64G2tOv19SMdpScC5Woc0hhVMnKjw1n08FoycMbQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFLb7ImyLBSK97kclEQEIG0hLT66EMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvdHZzaWJJc0ZJcjN1UnlVUkFRZ2JTRXRQcm9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAPVsAgD
BALVsBADBAXVsCAwDAMEAtWwTAMEA9WwUAMEBNWwYDANBgkqhkiG9w0BAQsFAAOC
AQEAiG76nUuoI1rmeHhCCmKjgBuPCayFDPo31nS6sIBOhplF5YnEXR/m4x6/+RqT
qlmWvlBiVRmLoqx7tJ6wKRbkOih+GsBsZKmjpu7qGLpLlTEWyRHCfxQmiL7HqBY5
gYPC3LjXcP7Em22eTEZrvlDtUWBo1auIaZf2mvEYzol9Ce9NjRUrHR8mpsYazPBv
CWGtk4isSqiuxV7XOmms0QF1TrWHHA9Shr7lVlAf9EksWjdHmdh0H2QCHTxbIale
RGkCEYvslFjgCtalaT07smtQCfqwuXg3JnPP0Ntw9DMo8eaJTYeFRxyhXByQW6cQ
pkJX9Vs17QfYaZGWgl1jJC2JHA==
-----END CERTIFICATE-----
Generated at Thu Nov 21 22:43:12 2024 by rpki-client on console-fra.rpki-client.org