Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/TaleU1iKC6o8F0pMl4mP1INV_Dk.roa
File:                     TaleU1iKC6o8F0pMl4mP1INV_Dk.roa (raw, json)
Hash identifier:          Vw4zCitEzPFpjmHNKSvq6yisCwoT2ZpIYFkaPnxlGeA=
Subject key identifier:   4D:A9:5E:53:58:8A:0B:AA:3C:17:4A:4C:97:89:8F:D4:83:55:FC:39
Certificate issuer:       /CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
Certificate serial:       018CC5DC45BD4450E809D1D0CA3302A49C4B
Authority key identifier: E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/TaleU1iKC6o8F0pMl4mP1INV_Dk.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20884
IP address blocks:        160.218.96.0/21 maxlen: 21
                          160.218.212.0/22 maxlen: 22
                          160.218.104.0/21 maxlen: 21
                          160.218.112.0/20 maxlen: 20
                          160.218.244.0/22 maxlen: 22
                          160.218.176.0/21 maxlen: 21
                          160.218.184.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:45:bd:44:50:e8:09:d1:d0:ca:33:02:a4:9c:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4da95e53588a0baa3c174a4c97898fd48355fc39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:85:42:ed:62:ce:2c:f0:61:2a:6c:47:df:c7:
                    f8:70:21:4c:95:b6:b6:ca:d2:3b:d6:91:50:16:f4:
                    73:ec:e6:0c:d0:6e:49:db:85:ac:e4:9b:56:3b:a2:
                    73:c3:03:f3:a8:98:94:b2:03:68:a6:85:d4:30:db:
                    4e:fc:1b:b2:88:7b:27:e9:36:dc:91:8c:ba:3a:97:
                    12:66:cb:9b:7e:17:1b:4e:ae:20:0c:13:55:13:9b:
                    2d:f7:81:21:c5:56:c8:90:c1:e3:25:67:fc:60:97:
                    bd:10:ee:07:b1:f4:47:49:7b:7e:28:bd:bc:17:3f:
                    3c:b4:45:b2:20:78:5e:60:8f:fc:65:7f:c4:de:fc:
                    1d:de:9c:ff:87:bf:24:38:fb:cd:23:25:60:bc:fb:
                    4e:96:0d:c4:15:8f:eb:d3:0a:98:d1:48:6c:5c:52:
                    27:9b:29:2c:6d:a5:28:5f:c1:99:f9:69:c3:68:a6:
                    ea:b5:a7:c9:62:d6:a6:6f:5b:0c:2c:5a:ac:0a:37:
                    fc:bd:61:fb:29:8e:66:69:0b:85:98:58:f9:e6:5c:
                    aa:24:15:48:9b:69:2e:2b:dd:91:32:0d:16:7a:1a:
                    27:22:75:d3:22:0c:95:43:d7:c8:ac:48:7d:b2:74:
                    e3:57:c3:18:4f:0a:d7:f5:fc:54:16:a8:a4:c7:70:
                    3b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:A9:5E:53:58:8A:0B:AA:3C:17:4A:4C:97:89:8F:D4:83:55:FC:39
            X509v3 Authority Key Identifier:
                keyid:E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/TaleU1iKC6o8F0pMl4mP1INV_Dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.218.96.0/19
                  160.218.176.0/20
                  160.218.212.0/22
                  160.218.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:f5:26:a9:43:b9:58:bc:ec:4f:ef:48:e6:2e:73:c1:3f:0c:
         cf:84:39:4c:18:22:df:0f:14:ed:40:13:b8:ba:6a:3e:3b:3f:
         f1:47:74:5d:fd:84:0f:d1:d0:51:a5:c1:29:09:64:a9:cd:b2:
         9c:2e:a9:5f:24:84:26:5c:d1:92:99:16:1a:df:a0:84:41:38:
         e6:6c:7a:92:6c:b3:27:c5:97:41:21:65:69:e7:0c:b1:70:02:
         6b:42:42:de:17:fd:48:27:53:11:e5:1b:31:60:2b:fe:cb:c9:
         54:77:29:e6:43:4d:d6:c0:11:02:1b:96:60:16:37:27:82:57:
         dc:3f:ae:b5:7b:09:6b:51:ed:9a:3c:58:b7:bf:df:ec:8e:b0:
         61:01:6c:c0:7c:d1:e4:dc:06:dd:49:9a:be:d5:2e:b6:aa:f7:
         89:0a:28:1f:d3:0f:e1:9e:02:78:43:14:50:28:af:c1:e6:9e:
         29:18:98:ae:8a:48:28:12:7e:f7:ca:b2:23:bd:b4:dc:d4:29:
         f2:0e:98:06:76:2b:0b:ca:b0:8b:76:e8:77:4c:1a:22:c9:9c:
         2c:95:24:7a:86:df:3e:76:3f:f2:7e:52:77:a9:c0:56:32:2c:
         10:25:50:95:11:a4:ff:6e:79:25:bb:f8:61:01:9b:b0:76:62:
         1f:0a:99:a8
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzF3EW9RFDoCdHQyjMCpJxLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZDZjNmU4YmNlZDQwYmQwMzJkMTc3MThjMWIxZTM5YWU4
NDFhZTgwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGE5NWU1MzU4OGEwYmFhM2MxNzRhNGM5Nzg5OGZkNDgzNTVmYzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4VC7WLOLPBhKmxH38f4cCFMlba2
ytI71pFQFvRz7OYM0G5J24Ws5JtWO6JzwwPzqJiUsgNopoXUMNtO/BuyiHsn6Tbc
kYy6OpcSZsubfhcbTq4gDBNVE5st94EhxVbIkMHjJWf8YJe9EO4HsfRHSXt+KL28
Fz88tEWyIHheYI/8ZX/E3vwd3pz/h78kOPvNIyVgvPtOlg3EFY/r0wqY0UhsXFIn
myksbaUoX8GZ+WnDaKbqtafJYtamb1sMLFqsCjf8vWH7KY5maQuFmFj55lyqJBVI
m2kuK92RMg0WehonInXTIgyVQ9fIrEh9snTjV8MYTwrX9fxUFqikx3A7LwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFE2pXlNYiguqPBdKTJeJj9SDVfw5MB8GA1UdIwQY
MBaAFOXWxui87UC9Ay0XcYwbHjmuhBroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQt
YmQyNDliNjI1Nzk3LzEvVGFsZVUxaUtDNm84RjBwTWw0bVAxSU5WX0RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQtYmQyNDliNjI1Nzk3
LzEvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQFoNpgAwQE
oNqwAwQCoNrUAwQCoNr0MA0GCSqGSIb3DQEBCwUAA4IBAQCT9SapQ7lYvOxP70jm
LnPBPwzPhDlMGCLfDxTtQBO4umo+Oz/xR3Rd/YQP0dBRpcEpCWSpzbKcLqlfJIQm
XNGSmRYa36CEQTjmbHqSbLMnxZdBIWVp5wyxcAJrQkLeF/1IJ1MR5RsxYCv+y8lU
dynmQ03WwBECG5ZgFjcnglfcP661ewlrUe2aPFi3v9/sjrBhAWzAfNHk3AbdSZq+
1S62qveJCigf0w/hngJ4QxRQKK/B5p4pGJiuikgoEn73yrIjvbTc1CnyDpgGdisL
yrCLduh3TBoiyZwslSR6ht8+dj/yflJ3qcBWMiwQJVCVEaT/bnklu/hhAZuwdmIf
Cpmo
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:40:41 2024 by rpki-client on console-ams.rpki-client.org