Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/TdS5kXAq_qdaaZAQWWL5OhLp4mE.roa
File:                     TdS5kXAq_qdaaZAQWWL5OhLp4mE.roa (raw, json)
Hash identifier:          e1wRlh4VFYz1kqpRVUuP1aXN28nKzIblAAP3XfPWMNE=
Subject key identifier:   4D:D4:B9:91:70:2A:FE:A7:5A:69:90:10:59:62:F9:3A:12:E9:E2:61
Certificate issuer:       /CN=f91a8223002e3124e5bb06e82d4f60a379b93dcd
Certificate serial:       018CC794166ECA1A232D3A71A734676588F4
Authority key identifier: F9:1A:82:23:00:2E:31:24:E5:BB:06:E8:2D:4F:60:A3:79:B9:3D:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-RqCIwAuMSTluwboLU9go3m5Pc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/TdS5kXAq_qdaaZAQWWL5OhLp4mE.roa
Signing time:             Tue 02 Jan 2024 00:30:20 +0000
ROA not before:           Tue 02 Jan 2024 00:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211734
IP address blocks:        185.147.137.0/24 maxlen: 24
                          185.147.136.0/24 maxlen: 24
                          185.147.136.0/22 maxlen: 22
                          2a07:3780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/1-RqCIwAuMSTluwboLU9go3m5Pc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/1-RqCIwAuMSTluwboLU9go3m5Pc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-RqCIwAuMSTluwboLU9go3m5Pc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:16:6e:ca:1a:23:2d:3a:71:a7:34:67:65:88:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f91a8223002e3124e5bb06e82d4f60a379b93dcd
        Validity
            Not Before: Jan  2 00:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dd4b991702afea75a6990105962f93a12e9e261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:7f:ed:72:8b:43:3a:c5:3b:f8:20:37:a5:1c:
                    d1:b4:3f:86:56:d8:72:f0:6b:f6:de:af:8b:4a:e4:
                    82:04:e1:9a:79:01:7a:34:1c:e1:8f:fe:5c:2e:92:
                    a3:96:41:b8:49:ae:85:41:db:78:f4:a5:70:56:e8:
                    82:ef:11:52:41:3e:c9:b1:87:5d:13:bb:59:c3:dd:
                    34:00:99:dd:ae:58:c3:d3:ed:b8:30:f8:49:dc:5d:
                    dd:7a:89:af:1b:41:c2:3b:83:e1:f2:f3:35:d2:4a:
                    7a:85:ae:d5:c1:22:43:6a:89:11:a7:29:0c:a6:3f:
                    a9:2e:ad:a6:6c:1a:f3:a0:62:c1:7f:1f:62:9e:4d:
                    1c:8d:1c:ad:1f:4a:99:f8:47:8c:7f:29:34:d3:10:
                    e9:51:5d:4c:03:3e:dc:4b:ed:a8:c4:cf:3a:44:41:
                    40:5f:b2:d8:ae:17:d7:3c:7b:70:5e:03:65:68:ac:
                    85:0b:3d:f2:de:d0:40:a1:bb:76:ae:82:ca:7d:a5:
                    bd:cb:b5:70:d4:51:83:d6:52:37:2f:8c:49:a1:67:
                    ac:f3:d7:6a:b9:00:62:6d:fd:81:96:36:f9:20:68:
                    b5:53:a2:8a:61:d7:8c:fd:f1:6b:6b:96:c6:c4:e7:
                    d0:71:9f:e5:ad:e1:a6:22:19:80:7b:5f:d2:a9:52:
                    c0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:D4:B9:91:70:2A:FE:A7:5A:69:90:10:59:62:F9:3A:12:E9:E2:61
            X509v3 Authority Key Identifier:
                keyid:F9:1A:82:23:00:2E:31:24:E5:BB:06:E8:2D:4F:60:A3:79:B9:3D:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-RqCIwAuMSTluwboLU9go3m5Pc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/TdS5kXAq_qdaaZAQWWL5OhLp4mE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/943732-9621-4a42-87da-b2de3ebf3e7e/1/1-RqCIwAuMSTluwboLU9go3m5Pc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.136.0/22
                IPv6:
                  2a07:3780::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:24:32:a7:04:0d:b7:8a:83:21:6a:4c:6e:ec:83:ec:ee:94:
         b3:e4:f6:3a:86:84:ae:f0:fe:53:16:33:7e:e0:c1:51:08:7e:
         d7:2b:d5:8d:06:3a:63:21:d3:82:77:50:73:b9:cc:c5:fa:f7:
         3d:9f:be:9a:03:85:61:03:81:20:aa:74:e4:f7:36:82:2b:ae:
         4a:82:8d:f6:40:0d:72:63:cc:9e:d5:77:25:74:8a:d7:88:7f:
         6d:5b:24:0e:3f:f4:4b:0d:9e:9a:7a:d1:4f:0f:74:39:34:7b:
         32:d7:8a:24:fa:6c:74:68:a0:d4:7c:56:9d:41:90:31:13:bc:
         d0:71:54:31:db:91:86:95:69:81:2f:af:c5:7b:a4:6d:8e:94:
         62:f1:3d:11:1f:83:db:19:ee:e7:66:23:18:ba:4b:b3:69:d1:
         4c:06:f2:d0:07:17:e4:67:98:48:68:6e:e9:bf:33:56:29:f2:
         e0:78:70:87:a0:e4:63:96:93:98:01:03:7c:16:10:e9:18:80:
         59:f9:2c:a8:39:05:c1:38:f7:37:a0:7d:d7:bf:92:40:2c:22:
         9a:7d:32:1a:41:56:fc:c0:f0:51:47:a3:42:4f:f2:da:66:53:
         20:64:27:bc:e1:43:98:2b:e8:12:2c:5e:ee:96:46:f4:80:5d:
         b7:95:2f:80
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlBZuyhojLTpxpzRnZYj0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MWE4MjIzMDAyZTMxMjRlNWJiMDZlODJkNGY2MGEzNzli
OTNkY2QwHhcNMjQwMTAyMDAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGQ0Yjk5MTcwMmFmZWE3NWE2OTkwMTA1OTYyZjkzYTEyZTllMjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgX/tcotDOsU7+CA3pRzRtD+GVthy
8Gv23q+LSuSCBOGaeQF6NBzhj/5cLpKjlkG4Sa6FQdt49KVwVuiC7xFSQT7JsYdd
E7tZw900AJndrljD0+24MPhJ3F3deomvG0HCO4Ph8vM10kp6ha7VwSJDaokRpykM
pj+pLq2mbBrzoGLBfx9ink0cjRytH0qZ+EeMfyk00xDpUV1MAz7cS+2oxM86REFA
X7LYrhfXPHtwXgNlaKyFCz3y3tBAobt2roLKfaW9y7Vw1FGD1lI3L4xJoWes89dq
uQBibf2Bljb5IGi1U6KKYdeM/fFra5bGxOfQcZ/lreGmIhmAe1/SqVLAGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE3UuZFwKv6nWmmQEFli+ToS6eJhMB8GA1UdIwQY
MBaAFPkagiMALjEk5bsG6C1PYKN5uT3NMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ScUNJd0F1TVNUbHV3Ym9MVTlnbzNtNVBjMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgvOTQzNzMyLTk2MjEtNGE0Mi04N2Rh
LWIyZGUzZWJmM2U3ZS8xL1RkUzVrWEFxX3FkYWFaQVFXV0w1T2hMcDRtRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTgvOTQzNzMyLTk2MjEtNGE0Mi04N2RhLWIyZGUzZWJmM2U3
ZS8xLzEtUnFDSXdBdU1TVGx1d2JvTFU5Z28zbTVQYzAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAK5k4gw
DQQCAAIwBwMFAyoHN4AwDQYJKoZIhvcNAQELBQADggEBAAEkMqcEDbeKgyFqTG7s
g+zulLPk9jqGhK7w/lMWM37gwVEIftcr1Y0GOmMh04J3UHO5zMX69z2fvpoDhWED
gSCqdOT3NoIrrkqCjfZADXJjzJ7VdyV0iteIf21bJA4/9EsNnpp60U8PdDk0ezLX
iiT6bHRooNR8Vp1BkDETvNBxVDHbkYaVaYEvr8V7pG2OlGLxPREfg9sZ7udmIxi6
S7Np0UwG8tAHF+RnmEhobum/M1Yp8uB4cIeg5GOWk5gBA3wWEOkYgFn5LKg5BcE4
9zegfde/kkAsIpp9MhpBVvzA8FFHo0JP8tpmUyBkJ7zhQ5gr6BIsXu6WRvSAXbeV
L4A=
-----END CERTIFICATE-----
Generated at Wed Nov 27 02:31:25 2024 by rpki-client on console-ams.rpki-client.org