Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/TpZETRRGQ5RmRgUK27e-2L94feY.roa
File:                     TpZETRRGQ5RmRgUK27e-2L94feY.roa (raw, json)
Hash identifier:          NHTKIlkTwKqcAMo1nly3o2rnzYT8pj9h3eal6O12Z6k=
Subject key identifier:   4E:96:44:4D:14:46:43:94:66:46:05:0A:DB:B7:BE:D8:BF:78:7D:E6
Certificate issuer:       /CN=ad243dcff0cb38211f7fe7db3f913169b44cf456
Certificate serial:       018F4FF303E675C0D429E2A31FF2629296CC
Authority key identifier: AD:24:3D:CF:F0:CB:38:21:1F:7F:E7:DB:3F:91:31:69:B4:4C:F4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/TpZETRRGQ5RmRgUK27e-2L94feY.roa
Signing time:             Mon 06 May 2024 22:07:57 +0000
ROA not before:           Mon 06 May 2024 22:07:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198309
IP address blocks:        158.58.152.0/21 maxlen: 21
                          158.58.152.0/23 maxlen: 23
                          185.97.84.0/22 maxlen: 22
                          2a00:a540::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/rSQ9z_DLOCEff-fbP5ExabRM9FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/rSQ9z_DLOCEff-fbP5ExabRM9FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4f:f3:03:e6:75:c0:d4:29:e2:a3:1f:f2:62:92:96:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad243dcff0cb38211f7fe7db3f913169b44cf456
        Validity
            Not Before: May  6 22:07:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e96444d144643946646050adbb7bed8bf787de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:bf:0a:2f:39:6f:85:d6:e1:23:9b:51:f3:d7:
                    f9:8f:45:c2:43:6f:7e:27:b4:54:00:e3:fb:d2:11:
                    30:1f:a2:ca:a8:3c:d1:9b:44:b4:42:6b:20:fb:a9:
                    b0:ee:84:05:36:b0:c3:17:ab:e4:a2:cf:f4:88:48:
                    6b:f7:65:f5:c7:35:86:02:1c:fb:b1:be:ce:97:f5:
                    8f:ce:17:a0:0e:48:62:f8:69:2f:2e:a7:d7:b8:91:
                    6f:4b:e9:f6:5f:be:2f:ec:46:08:b3:fe:47:2a:5d:
                    aa:b6:d7:51:06:c6:ca:4d:63:b8:e7:86:27:7c:2a:
                    48:21:8d:4b:6f:53:cc:c4:dc:b6:b0:4d:c9:5a:01:
                    47:32:53:c1:d7:69:b1:2f:56:6f:8a:70:8d:b7:2f:
                    7e:0b:54:ed:35:da:57:59:b7:76:e4:fa:84:f8:41:
                    ef:18:6d:7a:0d:d0:43:5c:14:47:d0:68:ed:b8:36:
                    1e:af:a2:18:11:fa:75:27:a7:3d:1a:ee:18:4d:b1:
                    e1:be:0c:90:cf:95:7a:57:50:42:5e:76:14:70:24:
                    28:da:50:b2:cb:20:f3:82:27:17:57:67:bb:47:8c:
                    7f:b9:4e:4b:5c:b8:cd:60:64:a4:8e:68:50:e9:d9:
                    36:d4:07:d0:34:a7:fe:95:23:2b:ce:3d:84:4c:60:
                    26:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:96:44:4D:14:46:43:94:66:46:05:0A:DB:B7:BE:D8:BF:78:7D:E6
            X509v3 Authority Key Identifier:
                keyid:AD:24:3D:CF:F0:CB:38:21:1F:7F:E7:DB:3F:91:31:69:B4:4C:F4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/TpZETRRGQ5RmRgUK27e-2L94feY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/rSQ9z_DLOCEff-fbP5ExabRM9FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.58.152.0/21
                  185.97.84.0/22
                IPv6:
                  2a00:a540::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:f9:88:58:2e:03:cb:69:a3:04:b0:ec:30:59:6b:8e:4f:5d:
         1c:93:be:99:1c:11:88:85:19:e0:25:df:9f:14:7f:c1:62:09:
         51:84:e2:05:69:a0:8f:d9:18:65:af:48:48:ed:30:0b:00:95:
         43:1f:4f:ec:34:a9:b2:04:37:ad:1c:ad:ad:b5:ff:e4:5d:ff:
         9f:17:a1:a1:2f:69:a4:71:8b:9d:24:eb:27:f6:c8:13:92:92:
         c0:ed:dd:ab:88:ff:d9:74:af:e1:b6:a0:6d:9e:50:26:ee:08:
         ad:e5:62:57:0c:7c:85:91:0a:e1:74:13:5b:b7:e8:45:74:1f:
         fb:41:c3:57:1c:4d:5b:2f:4c:09:93:5b:09:b7:3e:b1:23:b6:
         de:88:76:f2:a8:f7:b1:16:db:cd:04:4e:0a:60:c4:a9:45:72:
         f2:74:77:94:fd:8c:94:97:de:01:c3:61:4c:e9:df:34:3c:05:
         cb:36:e4:4a:ef:6a:b6:ae:9b:67:28:a3:e4:35:8c:99:9a:a0:
         a5:d0:6b:18:7f:9d:35:7d:75:66:f1:7f:7f:ff:3d:09:1a:83:
         b8:bd:d1:a6:95:56:08:39:31:1b:e1:6d:d5:45:19:64:ad:ae:
         6b:de:e0:4e:10:92:b0:a4:33:1d:92:f6:74:b4:09:37:be:6a:
         8d:c0:ce:f1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY9P8wPmdcDUKeKjH/JikpbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMjQzZGNmZjBjYjM4MjExZjdmZTdkYjNmOTEzMTY5YjQ0
Y2Y0NTYwHhcNMjQwNTA2MjIwNzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTk2NDQ0ZDE0NDY0Mzk0NjY0NjA1MGFkYmI3YmVkOGJmNzg3ZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA778KLzlvhdbhI5tR89f5j0XCQ29+
J7RUAOP70hEwH6LKqDzRm0S0Qmsg+6mw7oQFNrDDF6vkos/0iEhr92X1xzWGAhz7
sb7Ol/WPzhegDkhi+GkvLqfXuJFvS+n2X74v7EYIs/5HKl2qttdRBsbKTWO454Yn
fCpIIY1Lb1PMxNy2sE3JWgFHMlPB12mxL1ZvinCNty9+C1TtNdpXWbd25PqE+EHv
GG16DdBDXBRH0GjtuDYer6IYEfp1J6c9Gu4YTbHhvgyQz5V6V1BCXnYUcCQo2lCy
yyDzgicXV2e7R4x/uU5LXLjNYGSkjmhQ6dk21AfQNKf+lSMrzj2ETGAmuwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE6WRE0URkOUZkYFCtu3vti/eH3mMB8GA1UdIwQY
MBaAFK0kPc/wyzghH3/n2z+RMWm0TPRWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclNROXpfRExPQ0VmZi1mYlA1RXhhYlJNOUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9hNWQyN2ItMjZjMC00ZWIzLTg5YmMt
YjlmMjk4YTc5OGU0LzEvVHBaRVRSUkdRNVJtUmdVSzI3ZS0yTDk0ZmVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9hNWQyN2ItMjZjMC00ZWIzLTg5YmMtYjlmMjk4YTc5OGU0
LzEvclNROXpfRExPQ0VmZi1mYlA1RXhhYlJNOUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDnjqYAwQC
uWFUMA0EAgACMAcDBQAqAKVAMA0GCSqGSIb3DQEBCwUAA4IBAQBH+YhYLgPLaaME
sOwwWWuOT10ck76ZHBGIhRngJd+fFH/BYglRhOIFaaCP2Rhlr0hI7TALAJVDH0/s
NKmyBDetHK2ttf/kXf+fF6GhL2mkcYudJOsn9sgTkpLA7d2riP/ZdK/htqBtnlAm
7git5WJXDHyFkQrhdBNbt+hFdB/7QcNXHE1bL0wJk1sJtz6xI7beiHbyqPexFtvN
BE4KYMSpRXLydHeU/YyUl94Bw2FM6d80PAXLNuRK72q2rptnKKPkNYyZmqCl0GsY
f501fXVm8X9//z0JGoO4vdGmlVYIOTEb4W3VRRlkra5r3uBOEJKwpDMdkvZ0tAk3
vmqNwM7x
-----END CERTIFICATE-----
Generated at Sat Nov 23 01:59:35 2024 by rpki-client on console-ams.rpki-client.org