Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/j5dl_qSZegCRVIp-ZsJPu9e2wn8.roa
File:                     j5dl_qSZegCRVIp-ZsJPu9e2wn8.roa (raw, json)
Hash identifier:          XEM8iy5hJ0V2M53SNxtmW90+DXerImdLN07EqFlOyhE=
Subject key identifier:   8F:97:65:FE:A4:99:7A:00:91:54:8A:7E:66:C2:4F:BB:D7:B6:C2:7F
Certificate issuer:       /CN=7b87f6b9119fa9dcd3e12e7e6bfb706dff978825
Certificate serial:       018CC2DB110706FEA42526ABE63E5FB219D6
Authority key identifier: 7B:87:F6:B9:11:9F:A9:DC:D3:E1:2E:7E:6B:FB:70:6D:FF:97:88:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e4f2uRGfqdzT4S5-a_twbf-XiCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/j5dl_qSZegCRVIp-ZsJPu9e2wn8.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12859
IP address blocks:        185.173.21.0/24 maxlen: 24
                          185.173.22.0/24 maxlen: 24
                          185.173.20.0/24 maxlen: 24
                          2a0b:3100:100::/40 maxlen: 48
                          2a0b:3100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/e4f2uRGfqdzT4S5-a_twbf-XiCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/e4f2uRGfqdzT4S5-a_twbf-XiCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e4f2uRGfqdzT4S5-a_twbf-XiCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:11:07:06:fe:a4:25:26:ab:e6:3e:5f:b2:19:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b87f6b9119fa9dcd3e12e7e6bfb706dff978825
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f9765fea4997a0091548a7e66c24fbbd7b6c27f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:bb:35:39:b0:ce:11:22:56:b2:56:cf:6a:66:
                    80:47:73:35:6f:b5:0b:0a:a8:1a:7c:22:7c:0f:40:
                    55:a2:3f:dc:b7:ed:f6:66:fc:3d:f4:3d:9e:a8:07:
                    58:18:51:7a:92:b5:b0:65:7e:bd:58:05:61:13:65:
                    d7:6a:c3:5c:af:60:63:6f:74:a5:8a:53:02:35:a5:
                    64:0d:54:87:4e:27:d0:d1:a8:4c:c3:16:72:4f:b6:
                    93:c3:da:ed:32:56:20:83:a2:87:05:f2:d1:d7:e3:
                    41:1c:65:2c:1b:a5:04:f0:76:dc:ce:ab:33:a2:72:
                    b3:ff:c4:c1:51:46:76:f6:72:46:a2:0d:cd:02:7f:
                    b0:37:d7:6f:c4:ba:a7:49:43:13:67:c5:14:a1:e4:
                    14:f1:5f:63:ac:e5:65:c8:ae:23:4b:e9:af:51:ab:
                    e2:3c:95:aa:ac:20:5b:47:90:65:ab:80:cf:6b:05:
                    bd:3f:a2:12:e1:cc:88:98:b2:f8:13:2d:76:28:ea:
                    fb:ec:38:16:27:9d:81:8c:2e:30:ef:73:07:2b:9a:
                    2d:77:d7:b3:ce:a2:0d:ec:da:85:35:08:11:df:5a:
                    ee:65:a7:b0:12:21:7b:5f:48:62:ba:a4:dc:d9:85:
                    d7:de:cb:f0:77:20:8e:a8:f5:62:6d:8b:c8:7c:65:
                    77:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:97:65:FE:A4:99:7A:00:91:54:8A:7E:66:C2:4F:BB:D7:B6:C2:7F
            X509v3 Authority Key Identifier:
                keyid:7B:87:F6:B9:11:9F:A9:DC:D3:E1:2E:7E:6B:FB:70:6D:FF:97:88:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4f2uRGfqdzT4S5-a_twbf-XiCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/j5dl_qSZegCRVIp-ZsJPu9e2wn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3f3ab1-5959-45a8-bc0f-d78514e9e812/1/e4f2uRGfqdzT4S5-a_twbf-XiCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.20.0-185.173.22.255
                IPv6:
                  2a0b:3100::/39

    Signature Algorithm: sha256WithRSAEncryption
         2f:e9:96:5c:ff:54:d8:0e:af:68:13:bf:91:64:04:d9:3c:fb:
         a9:5e:e6:31:76:c4:62:e2:30:da:fa:d7:6d:d8:62:f9:67:9a:
         32:b3:2c:91:42:26:2f:27:1c:33:8c:06:92:56:b3:ae:f5:24:
         c2:7c:a9:48:70:0e:81:1f:2d:49:b2:a8:1b:6b:f0:2f:38:07:
         4a:fa:9e:e1:cb:b1:25:e3:f4:f3:90:7b:a9:72:a9:eb:68:bc:
         64:01:2b:e4:8f:b4:40:3d:63:2d:88:68:35:d7:e4:5f:c5:2d:
         55:a1:18:5b:4f:d8:b9:c5:0f:e4:8d:1f:5d:e8:56:b4:16:5d:
         1b:7f:dd:16:d9:33:d0:fe:70:5b:50:42:d5:45:6d:dc:a2:13:
         9a:fc:47:4e:06:7e:7b:94:de:fa:59:97:ce:fd:a8:9e:21:24:
         d0:2c:3d:41:c4:fb:a9:e3:f8:c9:dc:d1:f3:a6:0c:d5:96:7d:
         5f:3b:1e:c4:41:a4:70:1a:19:fd:2c:12:e9:e9:87:08:19:0a:
         52:91:07:3c:bc:94:ef:74:a3:81:05:d2:81:b6:8e:2a:1d:f5:
         03:dd:82:ed:b4:91:5e:c9:18:7f:4c:d8:d6:57:53:83:42:88:
         ef:b3:2f:49:16:b3:3f:98:80:b2:a8:c5:c8:24:c3:18:1c:56:
         da:0b:0d:4f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzC2xEHBv6kJSar5j5fshnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiODdmNmI5MTE5ZmE5ZGNkM2UxMmU3ZTZiZmI3MDZkZmY5
Nzg4MjUwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjk3NjVmZWE0OTk3YTAwOTE1NDhhN2U2NmMyNGZiYmQ3YjZjMjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7s1ObDOESJWslbPamaAR3M1b7UL
CqgafCJ8D0BVoj/ct+32Zvw99D2eqAdYGFF6krWwZX69WAVhE2XXasNcr2Bjb3Sl
ilMCNaVkDVSHTifQ0ahMwxZyT7aTw9rtMlYgg6KHBfLR1+NBHGUsG6UE8Hbczqsz
onKz/8TBUUZ29nJGog3NAn+wN9dvxLqnSUMTZ8UUoeQU8V9jrOVlyK4jS+mvUavi
PJWqrCBbR5Blq4DPawW9P6IS4cyImLL4Ey12KOr77DgWJ52BjC4w73MHK5otd9ez
zqIN7NqFNQgR31ruZaewEiF7X0hiuqTc2YXX3svwdyCOqPVibYvIfGV3WQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFI+XZf6kmXoAkVSKfmbCT7vXtsJ/MB8GA1UdIwQY
MBaAFHuH9rkRn6nc0+Eufmv7cG3/l4glMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTRmMnVSR2ZxZHpUNFM1LWFfdHdiZi1YaUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zZjNhYjEtNTk1OS00NWE4LWJjMGYt
ZDc4NTE0ZTllODEyLzEvajVkbF9xU1plZ0NSVklwLVpzSlB1OWUyd244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zZjNhYjEtNTk1OS00NWE4LWJjMGYtZDc4NTE0ZTllODEy
LzEvZTRmMnVSR2ZxZHpUNFM1LWFfdHdiZi1YaUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBAK5rRQD
BAC5rRYwDgQCAAIwCAMGASoLMQAAMA0GCSqGSIb3DQEBCwUAA4IBAQAv6ZZc/1TY
Dq9oE7+RZATZPPupXuYxdsRi4jDa+tdt2GL5Z5oysyyRQiYvJxwzjAaSVrOu9STC
fKlIcA6BHy1Jsqgba/AvOAdK+p7hy7El4/TzkHupcqnraLxkASvkj7RAPWMtiGg1
1+RfxS1VoRhbT9i5xQ/kjR9d6Fa0Fl0bf90W2TPQ/nBbUELVRW3cohOa/EdOBn57
lN76WZfO/aieISTQLD1BxPup4/jJ3NHzpgzVln1fOx7EQaRwGhn9LBLp6YcIGQpS
kQc8vJTvdKOBBdKBto4qHfUD3YLttJFeyRh/TNjWV1ODQojvsy9JFrM/mICyqMXI
JMMYHFbaCw1P
-----END CERTIFICATE-----
Generated at Sun Jun 16 11:05:44 2024 by rpki-client on console-fra.rpki-client.org