Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/bf2d8c-e38b-463a-b26b-ecf2217f9867/1/thed-l6Hqgw3bEK-oFYf4KS9Cnw.roa
File:                     thed-l6Hqgw3bEK-oFYf4KS9Cnw.roa (raw, json)
Hash identifier:          F/C6KO0kkWCFUWJ0VBjBj0LzNMxOuF3eZfmn3QQ+WjI=
Subject key identifier:   B6:17:9D:FA:5E:87:AA:0C:37:6C:42:BE:A0:56:1F:E0:A4:BD:0A:7C
Certificate issuer:       /CN=c4fbe8422432727d3874b1564baeac8a80557b2d
Certificate serial:       018CC64B1DAF2B1AD766E3A6E98687BC7A34
Authority key identifier: C4:FB:E8:42:24:32:72:7D:38:74:B1:56:4B:AE:AC:8A:80:55:7B:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xPvoQiQycn04dLFWS66sioBVey0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/bf2d8c-e38b-463a-b26b-ecf2217f9867/1/thed-l6Hqgw3bEK-oFYf4KS9Cnw.roa
Signing time:             Mon 01 Jan 2024 18:31:00 +0000
ROA not before:           Mon 01 Jan 2024 18:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        45.148.4.0/24 maxlen: 24
                          193.104.211.0/24 maxlen: 24
                          193.104.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/bf2d8c-e38b-463a-b26b-ecf2217f9867/1/xPvoQiQycn04dLFWS66sioBVey0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/bf2d8c-e38b-463a-b26b-ecf2217f9867/1/xPvoQiQycn04dLFWS66sioBVey0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xPvoQiQycn04dLFWS66sioBVey0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1d:af:2b:1a:d7:66:e3:a6:e9:86:87:bc:7a:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4fbe8422432727d3874b1564baeac8a80557b2d
        Validity
            Not Before: Jan  1 18:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6179dfa5e87aa0c376c42bea0561fe0a4bd0a7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:96:09:3a:ec:fa:e4:65:c3:bd:6b:54:49:73:
                    89:f3:ad:f4:e1:03:d2:b2:32:3d:51:a1:5a:f8:21:
                    a0:c1:82:0e:3f:25:97:2d:a4:bd:7b:36:d9:ee:c3:
                    cc:1a:6b:bb:2f:62:5a:c5:11:76:4a:de:88:44:46:
                    fd:92:ba:47:84:eb:f7:19:74:94:5d:34:2c:39:55:
                    a5:61:a9:a0:cf:56:0c:74:3c:6e:a6:ed:63:6d:0f:
                    40:15:88:b6:91:87:07:73:82:ad:40:de:ec:ca:b1:
                    7e:aa:61:4c:1f:5b:cd:a7:f7:99:2a:22:f1:3b:0d:
                    43:a4:c3:f2:6f:5b:d2:63:23:24:eb:be:8e:ab:a4:
                    e3:8b:0d:91:d7:50:b8:25:77:96:d1:d0:93:8f:16:
                    10:99:8f:b4:e8:a9:57:f9:fb:74:2a:db:b2:5a:5a:
                    53:6c:20:87:f1:10:04:99:af:35:7d:d8:d5:7f:30:
                    83:9c:7b:f9:f3:0d:15:84:81:1c:09:d3:7f:a0:ce:
                    e5:1b:d3:3c:7d:e7:0c:81:fe:88:31:3d:16:c0:cc:
                    9d:50:0d:ae:4e:9d:a2:53:84:c3:52:d2:af:5a:24:
                    fa:2d:4f:fa:2e:db:2e:52:5f:f3:db:79:5f:b3:d3:
                    74:e0:a1:c0:06:9e:5d:46:94:8c:51:58:3e:12:7b:
                    1a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:17:9D:FA:5E:87:AA:0C:37:6C:42:BE:A0:56:1F:E0:A4:BD:0A:7C
            X509v3 Authority Key Identifier:
                keyid:C4:FB:E8:42:24:32:72:7D:38:74:B1:56:4B:AE:AC:8A:80:55:7B:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xPvoQiQycn04dLFWS66sioBVey0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/bf2d8c-e38b-463a-b26b-ecf2217f9867/1/thed-l6Hqgw3bEK-oFYf4KS9Cnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/bf2d8c-e38b-463a-b26b-ecf2217f9867/1/xPvoQiQycn04dLFWS66sioBVey0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.4.0/24
                  193.104.211.0/24
                  193.104.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:98:9c:46:86:32:65:d5:de:08:12:4c:6c:e8:67:ff:4b:e3:
         2d:32:71:a0:3d:b0:06:36:70:67:16:f4:9d:0c:f5:3c:7a:67:
         f7:80:f9:85:f8:f3:b8:78:1d:39:20:7c:6c:b5:ee:af:57:0d:
         39:8e:81:31:6b:6c:59:e0:6e:8d:33:d6:eb:d0:6f:7a:6f:a2:
         e6:10:a1:11:ec:f4:19:ea:e7:0b:dc:65:c5:ba:a2:cf:39:67:
         1a:24:f0:41:77:a7:48:0c:4e:44:ba:e7:b5:2f:80:b1:40:3c:
         43:e4:af:fc:b0:30:d7:12:12:18:d2:a0:6c:78:02:d5:7b:e8:
         6f:9d:5e:89:25:c9:9e:5f:3d:8b:ff:ba:f9:3c:10:dd:37:33:
         2d:b3:62:43:d7:0f:b8:fb:fc:a0:fa:c6:82:1e:25:db:e6:f8:
         9b:36:24:54:73:90:79:5a:ac:9b:c2:11:00:b3:15:63:3c:b2:
         f0:d9:48:0b:e6:c9:e2:23:c4:36:a9:27:fd:b0:91:0f:ef:81:
         b9:f7:cf:1e:4c:29:28:f5:8c:80:86:e4:b5:ae:4f:c2:ce:00:
         1c:5d:d5:e9:de:5a:40:95:73:ec:5d:2b:c0:d5:b3:b0:e3:5d:
         fd:2f:e6:35:ba:b6:dd:1b:ea:6a:09:59:67:ef:20:39:22:d7:
         2f:ef:e1:ab
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGSx2vKxrXZuOm6YaHvHo0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZmJlODQyMjQzMjcyN2QzODc0YjE1NjRiYWVhYzhhODA1
NTdiMmQwHhcNMjQwMTAxMTgzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjE3OWRmYTVlODdhYTBjMzc2YzQyYmVhMDU2MWZlMGE0YmQwYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05YJOuz65GXDvWtUSXOJ86304QPS
sjI9UaFa+CGgwYIOPyWXLaS9ezbZ7sPMGmu7L2JaxRF2St6IREb9krpHhOv3GXSU
XTQsOVWlYamgz1YMdDxupu1jbQ9AFYi2kYcHc4KtQN7syrF+qmFMH1vNp/eZKiLx
Ow1DpMPyb1vSYyMk676Oq6Tjiw2R11C4JXeW0dCTjxYQmY+06KlX+ft0KtuyWlpT
bCCH8RAEma81fdjVfzCDnHv58w0VhIEcCdN/oM7lG9M8fecMgf6IMT0WwMydUA2u
Tp2iU4TDUtKvWiT6LU/6LtsuUl/z23lfs9N04KHABp5dRpSMUVg+EnsapwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLYXnfpeh6oMN2xCvqBWH+CkvQp8MB8GA1UdIwQY
MBaAFMT76EIkMnJ9OHSxVkuurIqAVXstMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFB2b1FpUXljbjA0ZExGV1M2NnNpb0JWZXkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9iZjJkOGMtZTM4Yi00NjNhLWIyNmIt
ZWNmMjIxN2Y5ODY3LzEvdGhlZC1sNkhxZ3czYkVLLW9GWWY0S1M5Q253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9iZjJkOGMtZTM4Yi00NjNhLWIyNmItZWNmMjIxN2Y5ODY3
LzEveFB2b1FpUXljbjA0ZExGV1M2NnNpb0JWZXkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZQEAwQA
wWjTAwQAwWjeMA0GCSqGSIb3DQEBCwUAA4IBAQATmJxGhjJl1d4IEkxs6Gf/S+Mt
MnGgPbAGNnBnFvSdDPU8emf3gPmF+PO4eB05IHxste6vVw05joExa2xZ4G6NM9br
0G96b6LmEKER7PQZ6ucL3GXFuqLPOWcaJPBBd6dIDE5Euue1L4CxQDxD5K/8sDDX
EhIY0qBseALVe+hvnV6JJcmeXz2L/7r5PBDdNzMts2JD1w+4+/yg+saCHiXb5vib
NiRUc5B5WqybwhEAsxVjPLLw2UgL5sniI8Q2qSf9sJEP74G5988eTCko9YyAhuS1
rk/CzgAcXdXp3lpAlXPsXSvA1bOw4139L+Y1urbdG+pqCVln7yA5Itcv7+Gr
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:31:29 2024 by rpki-client on console-fra.rpki-client.org