Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/t17giY7UZmxS5rVS02ZMETU5Nh4.roa
File:                     t17giY7UZmxS5rVS02ZMETU5Nh4.roa (raw, json)
Hash identifier:          edIMIL7YfBEDPE3/C8mCe/UEd75CPlBYXZwAJ9Ip2gI=
Subject key identifier:   B7:5E:E0:89:8E:D4:66:6C:52:E6:B5:52:D3:66:4C:11:35:39:36:1E
Certificate issuer:       /CN=064dcd0ee7014efb2e3b554fbb706384ef11d051
Certificate serial:       018CC6B8D9DC8E5108BA211C0C9FD8C0B0DC
Authority key identifier: 06:4D:CD:0E:E7:01:4E:FB:2E:3B:55:4F:BB:70:63:84:EF:11:D0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bk3NDucBTvsuO1VPu3BjhO8R0FE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/t17giY7UZmxS5rVS02ZMETU5Nh4.roa
Signing time:             Mon 01 Jan 2024 20:30:52 +0000
ROA not before:           Mon 01 Jan 2024 20:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209830
IP address blocks:        193.135.120.0/22 maxlen: 22
                          193.141.24.0/24 maxlen: 24
                          193.141.23.0/24 maxlen: 24
                          2a09:fb00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/Bk3NDucBTvsuO1VPu3BjhO8R0FE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/Bk3NDucBTvsuO1VPu3BjhO8R0FE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bk3NDucBTvsuO1VPu3BjhO8R0FE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d9:dc:8e:51:08:ba:21:1c:0c:9f:d8:c0:b0:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=064dcd0ee7014efb2e3b554fbb706384ef11d051
        Validity
            Not Before: Jan  1 20:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b75ee0898ed4666c52e6b552d3664c113539361e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:dd:71:5b:54:48:1b:05:75:cb:a3:74:c6:09:
                    e9:a3:18:d3:69:12:74:54:5e:05:4d:87:5a:45:a6:
                    2c:69:34:62:81:81:21:94:41:63:6e:3f:ca:96:96:
                    bc:20:80:a9:0f:15:9e:c8:d6:c6:74:44:ad:f0:d1:
                    d8:67:bf:37:12:a4:bf:6e:12:ea:d7:e0:fc:49:c7:
                    e4:b2:5e:c7:13:e8:fe:bc:e1:4a:51:a2:65:1d:89:
                    4a:de:c7:a7:a5:41:1b:98:9a:18:62:8e:bc:ee:e1:
                    6a:04:c5:d5:49:54:f8:45:6b:e2:c3:f7:b6:00:89:
                    c9:c5:38:26:84:2e:98:ed:4b:b3:a3:e2:23:35:5d:
                    af:ad:b6:59:68:a8:d4:2a:a0:42:0e:c7:5b:d1:39:
                    f4:71:f9:a3:36:aa:ec:b7:06:c7:5a:19:cd:87:66:
                    64:c9:41:43:23:49:4d:46:8a:25:f8:ac:53:1d:f3:
                    17:d3:9b:2a:82:4b:da:54:6b:d4:aa:d0:4e:29:c1:
                    18:93:38:fa:7b:13:e6:20:1d:8b:c5:78:31:ef:f4:
                    0d:79:4d:aa:2f:d6:c3:8f:ee:da:26:12:de:88:02:
                    07:43:77:37:45:5a:2f:0d:a5:c5:8f:67:18:79:be:
                    c9:db:94:46:60:8b:06:41:2e:3b:cc:99:c1:35:fd:
                    9f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:5E:E0:89:8E:D4:66:6C:52:E6:B5:52:D3:66:4C:11:35:39:36:1E
            X509v3 Authority Key Identifier:
                keyid:06:4D:CD:0E:E7:01:4E:FB:2E:3B:55:4F:BB:70:63:84:EF:11:D0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bk3NDucBTvsuO1VPu3BjhO8R0FE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/t17giY7UZmxS5rVS02ZMETU5Nh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/Bk3NDucBTvsuO1VPu3BjhO8R0FE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.120.0/22
                  193.141.23.0-193.141.24.255
                IPv6:
                  2a09:fb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:b5:2d:9d:10:f6:84:a7:3b:17:9e:79:51:1d:3d:3a:03:5f:
         f4:a4:d3:f9:3d:f7:d9:84:a7:0a:50:71:e9:60:fd:33:22:c2:
         2a:47:45:0f:80:bb:2f:d0:72:c5:e4:8e:c3:4a:2a:b5:27:97:
         60:24:07:3f:ea:56:14:36:eb:5e:c6:f5:60:d0:3c:6d:13:ab:
         6e:a7:cf:af:42:33:8e:f0:00:7e:c3:75:e7:c1:d1:34:03:87:
         f3:7b:54:30:b1:c4:5d:87:35:2c:9a:8d:14:51:ae:97:18:69:
         57:d7:4d:fd:35:2a:6b:3d:30:28:a3:04:07:e4:35:4c:e7:db:
         2f:2e:d6:69:8c:21:06:1a:82:2b:2b:a8:f6:a7:7c:63:fd:2a:
         95:05:40:30:6f:94:6d:77:19:ce:91:d3:53:52:5b:10:ff:4d:
         05:e9:24:ec:73:d4:55:c8:bd:12:b3:89:f0:31:f2:62:68:61:
         ac:b6:ca:71:f2:3f:89:5f:f6:4a:ea:3a:30:b4:b8:bf:ed:00:
         3b:bb:68:40:c8:66:c6:81:f2:86:7c:20:da:31:b0:b2:db:87:
         bf:aa:c0:00:15:a3:cb:6e:eb:96:11:37:d0:c8:80:8b:f8:ec:
         2c:f5:9f:bb:f8:46:aa:c1:4a:27:af:c5:f4:41:9e:d2:9c:14:
         60:da:dc:3a
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzGuNncjlEIuiEcDJ/YwLDcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NGRjZDBlZTcwMTRlZmIyZTNiNTU0ZmJiNzA2Mzg0ZWYx
MWQwNTEwHhcNMjQwMTAxMjAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzVlZTA4OThlZDQ2NjZjNTJlNmI1NTJkMzY2NGMxMTM1MzkzNjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd1xW1RIGwV1y6N0xgnpoxjTaRJ0
VF4FTYdaRaYsaTRigYEhlEFjbj/Klpa8IICpDxWeyNbGdESt8NHYZ783EqS/bhLq
1+D8Scfksl7HE+j+vOFKUaJlHYlK3senpUEbmJoYYo687uFqBMXVSVT4RWviw/e2
AInJxTgmhC6Y7Uuzo+IjNV2vrbZZaKjUKqBCDsdb0Tn0cfmjNqrstwbHWhnNh2Zk
yUFDI0lNRool+KxTHfMX05sqgkvaVGvUqtBOKcEYkzj6exPmIB2LxXgx7/QNeU2q
L9bDj+7aJhLeiAIHQ3c3RVovDaXFj2cYeb7J25RGYIsGQS47zJnBNf2fxwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFLde4ImO1GZsUua1UtNmTBE1OTYeMB8GA1UdIwQY
MBaAFAZNzQ7nAU77LjtVT7twY4TvEdBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmszTkR1Y0JUdnN1TzFWUHUzQmpoTzhSMEZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9kY2IwOGMtNTUxNS00NDVjLWFkOTkt
ZmI0NzQwZmRhMjUwLzEvdDE3Z2lZN1VabXhTNXJWUzAyWk1FVFU1Tmg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9kY2IwOGMtNTUxNS00NDVjLWFkOTktZmI0NzQwZmRhMjUw
LzEvQmszTkR1Y0JUdnN1TzFWUHUzQmpoTzhSMEZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQCwYd4MAwD
BADBjRcDBADBjRgwDQQCAAIwBwMFAyoJ+wAwDQYJKoZIhvcNAQELBQADggEBAIK1
LZ0Q9oSnOxeeeVEdPToDX/Sk0/k999mEpwpQcelg/TMiwipHRQ+Auy/QcsXkjsNK
KrUnl2AkBz/qVhQ2617G9WDQPG0Tq26nz69CM47wAH7DdefB0TQDh/N7VDCxxF2H
NSyajRRRrpcYaVfXTf01Kms9MCijBAfkNUzn2y8u1mmMIQYagisrqPanfGP9KpUF
QDBvlG13Gc6R01NSWxD/TQXpJOxz1FXIvRKzifAx8mJoYay2ynHyP4lf9krqOjC0
uL/tADu7aEDIZsaB8oZ8INoxsLLbh7+qwAAVo8tu65YRN9DIgIv47Cz1n7v4RqrB
SievxfRBntKcFGDa3Do=
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:42:14 2024 by rpki-client on console-ams.rpki-client.org