Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/TIwrGc1p0nn9A0iN37DTwfp2oFg.roa
File:                     TIwrGc1p0nn9A0iN37DTwfp2oFg.roa (raw, json)
Hash identifier:          P9MfCbnjTwO+zhmkxqCkzusLQpmW8Ih0V6FQsHlURL0=
Subject key identifier:   4C:8C:2B:19:CD:69:D2:79:FD:03:48:8D:DF:B0:D3:C1:FA:76:A0:58
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BCA4D40EFCC4DC079AB726A527CED4
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/TIwrGc1p0nn9A0iN37DTwfp2oFg.roa
Signing time:             Tue 02 Jan 2024 10:33:52 +0000
ROA not before:           Tue 02 Jan 2024 10:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2687
IP address blocks:        145.30.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a4:d4:0e:fc:c4:dc:07:9a:b7:26:a5:27:ce:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c8c2b19cd69d279fd03488ddfb0d3c1fa76a058
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:5c:f7:1b:5c:bc:06:78:5d:f8:e4:ce:3d:8b:
                    04:3e:16:bb:f7:e8:69:b2:dc:e8:5e:f5:f9:10:bc:
                    ea:c6:86:74:9a:a1:ec:1e:6f:10:20:29:5b:ad:24:
                    76:c4:f4:dd:1a:25:67:83:f8:82:51:4c:46:df:19:
                    fa:55:76:f2:6f:e3:d9:00:8d:f5:62:cf:cd:c2:1c:
                    86:17:2f:23:57:b1:e4:71:99:10:18:6d:83:61:b5:
                    c1:e8:16:5f:b7:89:45:78:93:28:08:a3:74:9d:70:
                    f0:35:7f:6b:0a:b4:07:2b:27:af:34:76:48:bc:42:
                    e7:25:f7:7a:b5:83:76:4c:fb:b1:51:34:a7:94:14:
                    e6:da:f4:ba:80:bf:b5:ef:6b:b9:a0:40:bc:de:c6:
                    0c:37:f7:db:99:36:a4:75:bc:67:08:b9:8f:e6:65:
                    09:ff:3b:b4:ac:cf:49:4a:cb:02:35:fc:dd:90:9f:
                    00:78:da:c4:cb:70:0f:7e:ed:c3:e7:06:64:af:f9:
                    c7:e2:4e:6a:98:96:7d:ed:2c:fc:f4:80:f5:bc:04:
                    e8:6f:f2:6d:00:52:11:23:ec:ec:38:ac:27:7c:d3:
                    1c:33:a4:64:0c:61:7c:8c:1e:3e:3d:f0:81:cf:80:
                    db:5d:6d:05:5a:ae:b9:3e:1a:f1:8c:d9:24:56:bd:
                    5c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:8C:2B:19:CD:69:D2:79:FD:03:48:8D:DF:B0:D3:C1:FA:76:A0:58
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/TIwrGc1p0nn9A0iN37DTwfp2oFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.30.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:9d:c9:d4:7a:bb:f5:87:4e:ae:77:6e:53:21:1d:32:53:36:
         b3:15:24:5f:bd:c8:23:86:46:62:5d:91:ca:87:da:ec:2b:15:
         ce:01:7b:67:8e:39:fd:5d:45:c3:1f:14:38:8b:a8:5f:34:cd:
         6f:10:e6:a7:3c:4a:6f:ba:9c:b5:9f:4b:4f:f0:c2:d3:d3:58:
         a2:34:ed:44:db:e0:db:ca:d1:b3:84:22:03:97:86:a0:5f:40:
         7d:9a:e1:67:f7:51:88:c9:0b:f1:07:6c:00:a5:05:31:d0:3b:
         e3:3f:d7:dc:cd:6e:ff:f9:48:c8:29:76:78:17:e1:cc:17:e2:
         09:0a:fb:14:57:56:77:e3:78:3a:82:0b:10:ed:52:9f:88:bd:
         a5:60:69:ae:71:64:e0:b4:03:ee:cf:c4:70:c8:46:46:6f:24:
         29:84:3d:a4:3c:21:6a:2b:94:8e:6a:91:1f:13:89:3f:75:9d:
         dd:d8:f4:31:d6:b1:09:49:f9:73:be:b4:af:99:9b:19:d4:b2:
         95:4c:3a:c8:76:64:c3:46:05:ab:e4:fe:ad:e9:31:0e:cd:bf:
         b4:fa:73:24:0f:21:e7:1d:ad:5b:96:e0:c5:01:3b:a7:d2:19:
         1f:8a:47:15:69:34:07:97:f5:de:e0:46:a7:98:c3:8d:36:ba:
         4e:3e:be:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKTUDvzE3AeatyalJ87UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzhjMmIxOWNkNjlkMjc5ZmQwMzQ4OGRkZmIwZDNjMWZhNzZhMDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFz3G1y8Bnhd+OTOPYsEPha79+hp
stzoXvX5ELzqxoZ0mqHsHm8QIClbrSR2xPTdGiVng/iCUUxG3xn6VXbyb+PZAI31
Ys/NwhyGFy8jV7HkcZkQGG2DYbXB6BZft4lFeJMoCKN0nXDwNX9rCrQHKyevNHZI
vELnJfd6tYN2TPuxUTSnlBTm2vS6gL+172u5oEC83sYMN/fbmTakdbxnCLmP5mUJ
/zu0rM9JSssCNfzdkJ8AeNrEy3APfu3D5wZkr/nH4k5qmJZ97Sz89ID1vATob/Jt
AFIRI+zsOKwnfNMcM6RkDGF8jB4+PfCBz4DbXW0FWq65PhrxjNkkVr1cSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyMKxnNadJ5/QNIjd+w08H6dqBYMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvVEl3ckdjMXAwbm45QTBpTjM3RFR3ZnAyb0ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkR7iMA0G
CSqGSIb3DQEBCwUAA4IBAQAOncnUerv1h06ud25TIR0yUzazFSRfvcgjhkZiXZHK
h9rsKxXOAXtnjjn9XUXDHxQ4i6hfNM1vEOanPEpvupy1n0tP8MLT01iiNO1E2+Db
ytGzhCIDl4agX0B9muFn91GIyQvxB2wApQUx0DvjP9fczW7/+UjIKXZ4F+HMF+IJ
CvsUV1Z343g6ggsQ7VKfiL2lYGmucWTgtAPuz8RwyEZGbyQphD2kPCFqK5SOapEf
E4k/dZ3d2PQx1rEJSflzvrSvmZsZ1LKVTDrIdmTDRgWr5P6t6TEOzb+0+nMkDyHn
Ha1bluDFATun0hkfikcVaTQHl/Xe4EanmMONNrpOPr4d
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:27:53 2024 by rpki-client on console-ams.rpki-client.org