Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/t0ZSAUzte3ei_jgg3BFQV0LM4qo.roa
File:                     t0ZSAUzte3ei_jgg3BFQV0LM4qo.roa (raw, json)
Hash identifier:          tDexmUoJnT8MeuFeCHAS6D1phX10WtHuxkzof35xGdI=
Subject key identifier:   B7:46:52:01:4C:ED:7B:77:A2:FE:38:20:DC:11:50:57:42:CC:E2:AA
Certificate issuer:       /CN=4f908a6d868ab9e9bdb10472fbec31c966e94274
Certificate serial:       018CC727557C28B9A8ABF91667E5057050A7
Authority key identifier: 4F:90:8A:6D:86:8A:B9:E9:BD:B1:04:72:FB:EC:31:C9:66:E9:42:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5CKbYaKuem9sQRy--wxyWbpQnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/t0ZSAUzte3ei_jgg3BFQV0LM4qo.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20612
IP address blocks:        194.242.34.0/24 maxlen: 24
                          185.222.12.0/22 maxlen: 24
                          2a0c:d000::/29 maxlen: 64
                          2001:67c:20ac::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/T5CKbYaKuem9sQRy--wxyWbpQnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/T5CKbYaKuem9sQRy--wxyWbpQnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5CKbYaKuem9sQRy--wxyWbpQnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:55:7c:28:b9:a8:ab:f9:16:67:e5:05:70:50:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f908a6d868ab9e9bdb10472fbec31c966e94274
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b74652014ced7b77a2fe3820dc11505742cce2aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c1:20:59:c7:87:26:0a:d3:f3:0f:67:54:ce:
                    bb:59:07:07:88:23:73:05:88:01:23:7a:4a:65:7d:
                    a2:36:fd:e6:71:5e:b6:1f:b6:69:1b:a7:2c:e6:65:
                    96:c1:44:7c:2c:b4:14:2b:2c:08:38:12:05:bd:52:
                    8f:75:f7:2e:aa:24:6d:16:e4:81:8a:60:9b:62:81:
                    47:ac:8f:75:ec:99:bd:ef:6e:4d:6e:cb:41:96:0e:
                    e7:38:12:e8:34:b3:88:12:ac:0e:80:d9:fa:44:69:
                    70:03:ab:57:1e:cf:0c:46:1b:cd:84:6d:27:2a:0e:
                    68:a6:c4:16:2b:f5:13:5f:32:0d:37:2b:bd:09:c4:
                    a3:75:1b:f9:c1:38:50:c0:9d:1a:58:73:6b:ad:96:
                    2e:ad:3e:77:3b:c8:72:a8:6a:dc:10:a6:d0:2e:b6:
                    56:c0:10:2f:8d:17:7d:1b:2c:fb:69:70:c3:a9:43:
                    70:4e:a9:ae:83:b3:8c:cf:ce:7c:d4:31:f7:f8:ee:
                    3c:26:83:c2:2b:41:5e:4e:4e:70:d3:8a:e4:bd:85:
                    b9:d4:ee:23:79:f8:ee:5d:e3:1a:86:bf:f6:fd:50:
                    5f:a0:a9:cb:d6:8a:b6:99:9f:a1:9c:6f:db:95:99:
                    24:72:38:3e:90:16:49:c1:5a:4a:21:b4:03:ce:77:
                    3f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:46:52:01:4C:ED:7B:77:A2:FE:38:20:DC:11:50:57:42:CC:E2:AA
            X509v3 Authority Key Identifier:
                keyid:4F:90:8A:6D:86:8A:B9:E9:BD:B1:04:72:FB:EC:31:C9:66:E9:42:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5CKbYaKuem9sQRy--wxyWbpQnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/t0ZSAUzte3ei_jgg3BFQV0LM4qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/T5CKbYaKuem9sQRy--wxyWbpQnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.12.0/22
                  194.242.34.0/24
                IPv6:
                  2001:67c:20ac::/48
                  2a0c:d000::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:56:38:c4:dc:3f:d7:4b:4e:28:bc:84:3c:80:69:87:65:bd:
         1a:c7:16:d5:cd:5a:c3:3b:6f:17:2a:19:59:95:32:d2:36:9d:
         8c:ad:b8:14:ca:4e:37:50:68:0f:bd:f6:51:fb:60:c1:fb:54:
         62:1d:14:05:68:cd:80:80:c3:b1:1c:93:25:d1:88:ad:3a:84:
         ba:2f:f6:9b:28:bb:51:f8:23:ca:ba:66:39:18:b5:14:4c:d7:
         88:64:ee:47:6a:98:fc:97:12:99:87:94:72:15:97:86:2c:7e:
         ac:0f:d0:fd:5c:94:c8:4f:c0:bb:48:f7:33:9f:bd:30:45:bc:
         d7:b8:4e:43:82:15:3a:9a:e8:9d:a2:36:32:f1:be:f0:85:93:
         97:7c:50:da:a8:83:e7:7e:df:4e:b7:19:5b:2e:4f:fb:2b:9a:
         21:ff:46:c7:27:1b:2c:74:9e:11:fb:8d:3a:64:55:20:8f:ec:
         4c:33:02:db:94:e8:7c:22:96:e3:92:10:16:40:2e:f1:8e:72:
         f6:96:71:78:3e:c2:63:29:64:c6:6b:11:4a:48:88:5b:93:88:
         ad:fc:c1:88:21:35:15:88:7f:e2:0c:59:64:df:69:4b:5e:3f:
         48:df:b6:34:72:70:87:dc:bd:8e:41:f2:49:c3:eb:25:25:4d:
         76:72:b9:34
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzHJ1V8KLmoq/kWZ+UFcFCnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTA4YTZkODY4YWI5ZTliZGIxMDQ3MmZiZWMzMWM5NjZl
OTQyNzQwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzQ2NTIwMTRjZWQ3Yjc3YTJmZTM4MjBkYzExNTA1NzQyY2NlMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsEgWceHJgrT8w9nVM67WQcHiCNz
BYgBI3pKZX2iNv3mcV62H7ZpG6cs5mWWwUR8LLQUKywIOBIFvVKPdfcuqiRtFuSB
imCbYoFHrI917Jm9725NbstBlg7nOBLoNLOIEqwOgNn6RGlwA6tXHs8MRhvNhG0n
Kg5opsQWK/UTXzINNyu9CcSjdRv5wThQwJ0aWHNrrZYurT53O8hyqGrcEKbQLrZW
wBAvjRd9Gyz7aXDDqUNwTqmug7OMz8581DH3+O48JoPCK0FeTk5w04rkvYW51O4j
efjuXeMahr/2/VBfoKnL1oq2mZ+hnG/blZkkcjg+kBZJwVpKIbQDznc/awIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLdGUgFM7Xt3ov44INwRUFdCzOKqMB8GA1UdIwQY
MBaAFE+Qim2GirnpvbEEcvvsMclm6UJ0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVDS2JZYUt1ZW05c1FSeS0td3h5V2JwUW5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC80ZDc3ZDktYjBhMy00OGFkLWFhMmEt
MWM2ZWU1YmJlYjY2LzEvdDBaU0FVenRlM2VpX2pnZzNCRlFWMExNNHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC80ZDc3ZDktYjBhMy00OGFkLWFhMmEtMWM2ZWU1YmJlYjY2
LzEvVDVDS2JZYUt1ZW05c1FSeS0td3h5V2JwUW5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQCud4MAwQA
wvIiMBYEAgACMBADBwAgAQZ8IKwDBQMqDNAAMA0GCSqGSIb3DQEBCwUAA4IBAQAp
VjjE3D/XS04ovIQ8gGmHZb0axxbVzVrDO28XKhlZlTLSNp2MrbgUyk43UGgPvfZR
+2DB+1RiHRQFaM2AgMOxHJMl0YitOoS6L/abKLtR+CPKumY5GLUUTNeIZO5Hapj8
lxKZh5RyFZeGLH6sD9D9XJTIT8C7SPczn70wRbzXuE5DghU6muidojYy8b7whZOX
fFDaqIPnft9OtxlbLk/7K5oh/0bHJxssdJ4R+406ZFUgj+xMMwLblOh8IpbjkhAW
QC7xjnL2lnF4PsJjKWTGaxFKSIhbk4it/MGIITUViH/iDFlk32lLXj9I37Y0cnCH
3L2OQfJJw+slJU12crk0
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:16:21 2024 by rpki-client on console-ams.rpki-client.org