Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/55d595-d0bc-4ba2-80a0-afbcf366bb07/1/tu6io-Lg6bwbnlNrcmKPbLtUDZs.roa
File:                     tu6io-Lg6bwbnlNrcmKPbLtUDZs.roa (raw, json)
Hash identifier:          NRqgUUKuEdEaSc5B0qwzIg7tiAsDI4L2fvnEeSXnwi0=
Subject key identifier:   B6:EE:A2:A3:E2:E0:E9:BC:1B:9E:53:6B:72:62:8F:6C:BB:54:0D:9B
Certificate issuer:       /CN=9e563c426d1aae4ed1e7f59536749022089e8479
Certificate serial:       018CC726F4A2AD438B8E1A9A5636C7C4CA3E
Authority key identifier: 9E:56:3C:42:6D:1A:AE:4E:D1:E7:F5:95:36:74:90:22:08:9E:84:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlY8Qm0ark7R5_WVNnSQIgiehHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/55d595-d0bc-4ba2-80a0-afbcf366bb07/1/tu6io-Lg6bwbnlNrcmKPbLtUDZs.roa
Signing time:             Mon 01 Jan 2024 22:31:07 +0000
ROA not before:           Mon 01 Jan 2024 22:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3238
IP address blocks:        213.204.32.0/19 maxlen: 24
                          79.133.0.0/19 maxlen: 19
                          194.110.176.0/20 maxlen: 24
                          212.17.160.0/19 maxlen: 24
                          194.112.0.0/20 maxlen: 24
                          82.199.160.0/19 maxlen: 24
                          2a00:5500::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/55d595-d0bc-4ba2-80a0-afbcf366bb07/1/nlY8Qm0ark7R5_WVNnSQIgiehHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/55d595-d0bc-4ba2-80a0-afbcf366bb07/1/nlY8Qm0ark7R5_WVNnSQIgiehHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nlY8Qm0ark7R5_WVNnSQIgiehHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f4:a2:ad:43:8b:8e:1a:9a:56:36:c7:c4:ca:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e563c426d1aae4ed1e7f59536749022089e8479
        Validity
            Not Before: Jan  1 22:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6eea2a3e2e0e9bc1b9e536b72628f6cbb540d9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3b:c8:0a:1c:d8:b5:d5:a0:b1:e6:fc:d2:15:
                    c7:eb:aa:81:bf:77:13:a5:55:78:9d:89:18:d1:6c:
                    99:73:5f:bd:cc:2f:4b:27:2f:2f:72:55:3d:56:c7:
                    e9:b3:50:ec:3d:b6:5d:9e:3c:7b:41:e8:30:0a:aa:
                    56:0e:cf:84:93:72:06:f5:e4:e6:6a:90:39:3e:33:
                    bb:41:4d:37:bd:a3:46:40:28:98:1e:f3:d0:af:b3:
                    7d:ea:b2:4a:b6:c7:7c:c6:a6:23:78:d8:c2:61:93:
                    a8:b9:43:18:35:2f:0a:c1:1d:41:8f:c5:12:c6:0a:
                    43:e4:5a:81:29:0b:ae:4f:f2:23:bc:95:1f:41:c0:
                    10:e2:59:39:58:56:72:f0:d3:1a:05:a2:c5:bd:c8:
                    54:9c:73:f9:de:e1:1f:7f:2b:08:99:a0:bd:c1:9d:
                    36:ee:f5:dd:05:52:b3:58:64:58:89:9c:0c:0d:1c:
                    1e:99:83:d6:d6:15:c8:df:ca:a0:12:8b:38:db:22:
                    a5:10:50:3e:21:c2:61:85:f5:62:8d:c3:8e:4b:cd:
                    05:d2:b5:fc:38:f5:72:42:0b:bf:b8:e2:d1:5b:3b:
                    b5:8f:7c:c9:ae:a9:58:d5:0b:15:1b:b8:13:7a:b7:
                    85:95:35:22:42:9f:85:72:48:bd:2a:e4:c2:1a:49:
                    74:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:EE:A2:A3:E2:E0:E9:BC:1B:9E:53:6B:72:62:8F:6C:BB:54:0D:9B
            X509v3 Authority Key Identifier:
                keyid:9E:56:3C:42:6D:1A:AE:4E:D1:E7:F5:95:36:74:90:22:08:9E:84:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlY8Qm0ark7R5_WVNnSQIgiehHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/55d595-d0bc-4ba2-80a0-afbcf366bb07/1/tu6io-Lg6bwbnlNrcmKPbLtUDZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/55d595-d0bc-4ba2-80a0-afbcf366bb07/1/nlY8Qm0ark7R5_WVNnSQIgiehHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.0.0/19
                  82.199.160.0/19
                  194.110.176.0/20
                  194.112.0.0/20
                  212.17.160.0/19
                  213.204.32.0/19
                IPv6:
                  2a00:5500::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:2f:0f:ae:5f:bf:3b:0a:35:74:9b:9f:be:b4:5e:f5:a6:de:
         95:89:97:29:6b:f7:66:70:a9:77:0c:33:9d:e1:71:e7:39:7b:
         6c:66:36:d7:d9:86:28:65:4e:19:8b:7a:8f:bb:38:6e:4e:8a:
         29:53:d6:8c:d5:c6:d4:08:36:47:c2:cc:00:5a:e1:95:77:21:
         55:84:ab:a4:cc:ec:73:b3:a9:37:bc:27:c1:6c:c1:8f:37:81:
         2d:9a:93:1d:32:9e:33:bb:36:3d:12:0b:a3:29:b9:16:a9:d4:
         6b:c4:da:c5:e3:e0:9b:5d:0f:e6:b1:a1:53:f6:15:99:0f:45:
         99:ba:fa:94:e1:6a:c7:d2:0b:74:ad:e7:37:6e:01:f2:0c:8d:
         4b:2a:d2:5d:47:3d:05:8b:0f:74:39:e1:6a:eb:23:54:4d:e6:
         77:94:f3:ab:47:97:94:50:da:de:4c:86:39:c4:d4:3e:0e:ce:
         ad:fb:63:7b:87:fd:c6:73:b9:90:02:bb:c7:3f:14:aa:a2:77:
         03:50:65:e3:fc:01:e3:ca:09:e6:21:d0:f0:e5:85:38:90:89:
         bf:b8:c5:97:94:a4:d4:f2:1a:43:ed:33:d5:33:61:dc:3c:bd:
         e0:02:9e:c7:58:f9:2c:22:fc:96:87:36:3d:a9:b0:67:f0:90:
         7f:b8:d9:2c
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzHJvSirUOLjhqaVjbHxMo+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTYzYzQyNmQxYWFlNGVkMWU3ZjU5NTM2NzQ5MDIyMDg5
ZTg0NzkwHhcNMjQwMTAxMjIzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmVlYTJhM2UyZTBlOWJjMWI5ZTUzNmI3MjYyOGY2Y2JiNTQwZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTvIChzYtdWgseb80hXH66qBv3cT
pVV4nYkY0WyZc1+9zC9LJy8vclU9Vsfps1DsPbZdnjx7QegwCqpWDs+Ek3IG9eTm
apA5PjO7QU03vaNGQCiYHvPQr7N96rJKtsd8xqYjeNjCYZOouUMYNS8KwR1Bj8US
xgpD5FqBKQuuT/IjvJUfQcAQ4lk5WFZy8NMaBaLFvchUnHP53uEffysImaC9wZ02
7vXdBVKzWGRYiZwMDRwemYPW1hXI38qgEos42yKlEFA+IcJhhfVijcOOS80F0rX8
OPVyQgu/uOLRWzu1j3zJrqlY1QsVG7gTereFlTUiQp+Fcki9KuTCGkl0YQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFLbuoqPi4Om8G55Ta3Jij2y7VA2bMB8GA1UdIwQY
MBaAFJ5WPEJtGq5O0ef1lTZ0kCIInoR5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxZOFFtMGFyazdSNV9XVk5uU1FJZ2llaEhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81NWQ1OTUtZDBiYy00YmEyLTgwYTAt
YWZiY2YzNjZiYjA3LzEvdHU2aW8tTGc2YndibmxOcmNtS1BiTHRVRFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81NWQ1OTUtZDBiYy00YmEyLTgwYTAtYWZiY2YzNjZiYjA3
LzEvbmxZOFFtMGFyazdSNV9XVk5uU1FJZ2llaEhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFT4UAAwQF
UsegAwQEwm6wAwQEwnAAAwQF1BGgAwQF1cwgMA0EAgACMAcDBQAqAFUAMA0GCSqG
SIb3DQEBCwUAA4IBAQAULw+uX787CjV0m5++tF71pt6ViZcpa/dmcKl3DDOd4XHn
OXtsZjbX2YYoZU4Zi3qPuzhuToopU9aM1cbUCDZHwswAWuGVdyFVhKukzOxzs6k3
vCfBbMGPN4EtmpMdMp4zuzY9EgujKbkWqdRrxNrF4+CbXQ/msaFT9hWZD0WZuvqU
4WrH0gt0rec3bgHyDI1LKtJdRz0Fiw90OeFq6yNUTeZ3lPOrR5eUUNreTIY5xNQ+
Ds6t+2N7h/3Gc7mQArvHPxSqoncDUGXj/AHjygnmIdDw5YU4kIm/uMWXlKTU8hpD
7TPVM2HcPL3gAp7HWPksIvyWhzY9qbBn8JB/uNks
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:38:45 2024 by rpki-client on console-ams.rpki-client.org