Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/TZVMTbn2lC314qxspX8x-MT63kE.roa
File:                     TZVMTbn2lC314qxspX8x-MT63kE.roa (raw, json)
Hash identifier:          FdTosmC4QLTWBR4mPIa+OQthOXiBqzDjcX2oeplsdeE=
Subject key identifier:   4D:95:4C:4D:B9:F6:94:2D:F5:E2:AC:6C:A5:7F:31:F8:C4:FA:DE:41
Certificate issuer:       /CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Certificate serial:       018CF3397F32B8E0EC58154E8D1F15E7CEA6
Authority key identifier: 34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/TZVMTbn2lC314qxspX8x-MT63kE.roa
Signing time:             Wed 10 Jan 2024 11:54:40 +0000
ROA not before:           Wed 10 Jan 2024 11:54:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16125
IP address blocks:        46.166.160.0/20 maxlen: 32
                          185.8.104.0/22 maxlen: 32
                          5.199.160.0/20 maxlen: 32
                          5.199.165.0/24 maxlen: 32
                          93.115.24.0/21 maxlen: 32
                          185.150.116.0/22 maxlen: 32
                          188.214.128.0/21 maxlen: 32
                          2a02:ae00::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:39:7f:32:b8:e0:ec:58:15:4e:8d:1f:15:e7:ce:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
        Validity
            Not Before: Jan 10 11:54:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d954c4db9f6942df5e2ac6ca57f31f8c4fade41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:70:f8:35:7b:52:11:79:c0:0e:d2:0e:fb:01:
                    0e:82:2b:f6:1f:c7:c7:ec:72:b8:58:aa:1b:58:44:
                    fc:21:80:29:93:dd:21:b4:92:94:0d:67:77:ad:ea:
                    db:8c:88:b8:be:cf:eb:d5:70:e0:c0:6c:24:01:c5:
                    e3:63:4d:ee:ae:e3:86:48:cc:46:e6:ea:56:9d:ff:
                    c8:31:c2:20:66:8d:29:a1:dd:39:76:bb:15:d1:9a:
                    a1:81:a9:47:ae:19:9e:ba:0d:56:f0:ea:8e:f3:d4:
                    93:e2:ab:9b:ff:e5:88:6b:c7:a6:0a:8a:95:38:a2:
                    d0:90:44:0b:44:c0:84:8a:95:d0:a4:8e:8d:74:66:
                    0e:36:1e:12:39:8a:50:dd:e5:46:9b:15:39:17:79:
                    aa:64:e7:50:76:05:83:34:47:b0:64:27:99:7a:63:
                    c2:06:af:1f:3e:75:8b:86:68:6b:b5:fa:00:bb:6f:
                    46:9a:64:42:69:ca:99:bb:c6:b5:d0:9b:f4:0c:d8:
                    c9:65:49:20:6d:d1:55:dc:fd:f9:4d:42:32:95:7f:
                    91:7f:dd:65:47:6c:93:15:e5:5c:c6:c1:84:a4:fb:
                    e8:bb:6b:9e:42:41:87:83:ea:e1:7f:2c:16:20:c1:
                    30:09:46:a1:8d:8c:75:75:37:ac:04:c4:6a:e4:fb:
                    19:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:95:4C:4D:B9:F6:94:2D:F5:E2:AC:6C:A5:7F:31:F8:C4:FA:DE:41
            X509v3 Authority Key Identifier:
                keyid:34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/TZVMTbn2lC314qxspX8x-MT63kE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.160.0/20
                  46.166.160.0/20
                  93.115.24.0/21
                  185.8.104.0/22
                  185.150.116.0/22
                  188.214.128.0/21
                IPv6:
                  2a02:ae00::/36

    Signature Algorithm: sha256WithRSAEncryption
         c8:05:68:f1:79:1d:c2:43:ee:60:a9:3a:f5:50:8f:24:14:d6:
         75:bc:8a:46:f5:b0:1a:3a:58:d5:86:72:fb:54:02:2c:02:d0:
         e8:90:9b:8e:66:9d:22:2b:81:49:9a:83:4f:a4:88:90:c8:6c:
         ae:d9:97:02:c8:34:9a:c6:07:2b:ed:3a:e1:d3:2c:a6:f9:62:
         08:f5:b5:53:47:39:8f:35:0b:d1:72:d1:8e:d3:00:00:34:cf:
         6c:4c:cb:11:95:83:f4:ed:fb:73:9b:d7:76:e7:8d:64:eb:dd:
         48:7a:a3:96:54:05:9d:4f:de:0a:e9:57:86:71:d6:3a:31:29:
         7f:77:d7:3d:d6:e3:b7:6f:fe:46:17:31:56:7a:a0:b8:84:14:
         e6:e0:66:f8:cf:2b:38:69:55:46:6d:a0:c6:06:aa:8f:76:f2:
         c7:4a:d2:a0:bc:49:e1:41:7a:91:9d:91:92:ad:1a:06:75:75:
         53:a4:3e:59:07:7d:af:6c:21:46:35:27:2f:92:72:29:52:1c:
         6a:4f:94:2a:03:36:ae:2e:9b:81:b4:29:5f:df:74:84:fa:47:
         5a:0e:a5:2e:dd:52:69:c4:af:77:22:7c:18:8d:1a:8a:f5:c7:
         7d:1e:43:9d:82:58:87:ae:25:c8:0d:27:21:c4:41:e5:a6:8b:
         7d:c2:c3:57
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzzOX8yuODsWBVOjR8V586mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzNhZTFjNjA2NzJjNzU5MWE4Zjk3ZDY4Zjc5ZmIyYTVl
ZThkYTcwHhcNMjQwMTEwMTE1NDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDk1NGM0ZGI5ZjY5NDJkZjVlMmFjNmNhNTdmMzFmOGM0ZmFkZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3D4NXtSEXnADtIO+wEOgiv2H8fH
7HK4WKobWET8IYApk90htJKUDWd3rerbjIi4vs/r1XDgwGwkAcXjY03uruOGSMxG
5upWnf/IMcIgZo0pod05drsV0ZqhgalHrhmeug1W8OqO89ST4qub/+WIa8emCoqV
OKLQkEQLRMCEipXQpI6NdGYONh4SOYpQ3eVGmxU5F3mqZOdQdgWDNEewZCeZemPC
Bq8fPnWLhmhrtfoAu29GmmRCacqZu8a10Jv0DNjJZUkgbdFV3P35TUIylX+Rf91l
R2yTFeVcxsGEpPvou2ueQkGHg+rhfywWIMEwCUahjYx1dTesBMRq5PsZRwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFE2VTE259pQt9eKsbKV/MfjE+t5BMB8GA1UdIwQY
MBaAFDQzrhxgZyx1kaj5fWj3n7Kl7o2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYt
MzBjZTgzNzAxYjM5LzEvVFpWTVRibjJsQzMxNHF4c3BYOHgtTVQ2M2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYtMzBjZTgzNzAxYjM5
LzEvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAqBAIAATAkAwQEBcegAwQE
LqagAwQDXXMYAwQCuQhoAwQCuZZ0AwQDvNaAMA4EAgACMAgDBgQqAq4AADANBgkq
hkiG9w0BAQsFAAOCAQEAyAVo8XkdwkPuYKk69VCPJBTWdbyKRvWwGjpY1YZy+1QC
LALQ6JCbjmadIiuBSZqDT6SIkMhsrtmXAsg0msYHK+064dMspvliCPW1U0c5jzUL
0XLRjtMAADTPbEzLEZWD9O37c5vXdueNZOvdSHqjllQFnU/eCulXhnHWOjEpf3fX
Pdbjt2/+RhcxVnqguIQU5uBm+M8rOGlVRm2gxgaqj3byx0rSoLxJ4UF6kZ2Rkq0a
BnV1U6Q+WQd9r2whRjUnL5JyKVIcak+UKgM2ri6bgbQpX990hPpHWg6lLt1SacSv
dyJ8GI0aivXHfR5DnYJYh64lyA0nIcRB5aaLfcLDVw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:38:17 2024 by rpki-client on console-ams.rpki-client.org