Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/ab11c9-25d5-43fa-9bd3-b1ec28c67c74/1/tkX1zrkNxnMmgsvR8blnA6TgwdU.roa
File:                     tkX1zrkNxnMmgsvR8blnA6TgwdU.roa (raw, json)
Hash identifier:          aYx7H0em1kxYo1W7uT68KJ8eFGcB+2VbkKF7TfvMSyQ=
Subject key identifier:   B6:45:F5:CE:B9:0D:C6:73:26:82:CB:D1:F1:B9:67:03:A4:E0:C1:D5
Certificate issuer:       /CN=f08a08eb8fa7bee6a3183e32de51a2f3ccd4ae47
Certificate serial:       018CC348A7B1BFA60D961A1A7F045D32F8B6
Authority key identifier: F0:8A:08:EB:8F:A7:BE:E6:A3:18:3E:32:DE:51:A2:F3:CC:D4:AE:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8IoI64-nvuajGD4y3lGi88zUrkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/ab11c9-25d5-43fa-9bd3-b1ec28c67c74/1/tkX1zrkNxnMmgsvR8blnA6TgwdU.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135357
IP address blocks:        185.216.251.0/24 maxlen: 24
                          185.216.250.0/24 maxlen: 24
                          185.216.249.0/24 maxlen: 24
                          185.216.248.0/22 maxlen: 22
                          185.216.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/ab11c9-25d5-43fa-9bd3-b1ec28c67c74/1/8IoI64-nvuajGD4y3lGi88zUrkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/ab11c9-25d5-43fa-9bd3-b1ec28c67c74/1/8IoI64-nvuajGD4y3lGi88zUrkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8IoI64-nvuajGD4y3lGi88zUrkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a7:b1:bf:a6:0d:96:1a:1a:7f:04:5d:32:f8:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f08a08eb8fa7bee6a3183e32de51a2f3ccd4ae47
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b645f5ceb90dc6732682cbd1f1b96703a4e0c1d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6a:5a:59:9a:51:0a:4f:3c:51:97:32:92:5b:
                    1a:9a:98:3c:a2:7b:4f:63:66:75:54:01:f2:0c:7d:
                    70:0d:8d:eb:cd:eb:81:e0:48:c5:a5:d7:e2:50:40:
                    18:e6:ec:26:a5:03:07:8b:e3:07:57:80:4d:c3:e4:
                    ba:ba:20:97:12:70:64:4c:8d:8c:e5:ff:d5:e5:fc:
                    c1:2a:e2:6a:eb:d5:53:45:f2:52:00:c2:db:9a:0e:
                    84:14:bf:e3:6e:c9:56:d9:05:97:db:1e:1c:c8:d3:
                    43:4d:bf:7f:63:96:c0:29:c4:44:62:72:12:63:b9:
                    09:5f:d2:77:cc:d3:36:42:b4:d1:b1:7f:8f:bd:3f:
                    5f:8b:7b:4b:01:58:f0:25:e8:b7:cd:3e:b4:10:4b:
                    be:42:95:f2:08:c6:4d:34:d6:8e:bd:40:e1:bc:9f:
                    cb:6e:a2:b6:ce:a1:3e:8e:62:2b:65:cc:75:7d:da:
                    e7:48:ef:45:47:6f:21:a0:ec:30:b6:ed:51:08:70:
                    f7:80:30:e1:6f:8b:35:3b:52:b0:8f:d3:ea:1b:cc:
                    57:a8:80:a3:15:40:c7:9f:75:4a:e9:d8:0b:76:8b:
                    dd:ae:3d:04:0a:8f:e1:cd:b5:c3:e1:ad:b3:f7:8a:
                    3d:e4:f4:52:13:7d:45:5e:ad:b1:8c:a6:f4:65:75:
                    50:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:45:F5:CE:B9:0D:C6:73:26:82:CB:D1:F1:B9:67:03:A4:E0:C1:D5
            X509v3 Authority Key Identifier:
                keyid:F0:8A:08:EB:8F:A7:BE:E6:A3:18:3E:32:DE:51:A2:F3:CC:D4:AE:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8IoI64-nvuajGD4y3lGi88zUrkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/ab11c9-25d5-43fa-9bd3-b1ec28c67c74/1/tkX1zrkNxnMmgsvR8blnA6TgwdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/ab11c9-25d5-43fa-9bd3-b1ec28c67c74/1/8IoI64-nvuajGD4y3lGi88zUrkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:7b:48:0c:94:d1:65:8e:51:72:8d:16:5f:26:93:90:4b:85:
         a6:9f:51:d4:3e:a8:fa:32:8f:61:b2:ab:34:2a:48:f2:05:18:
         d7:5f:88:68:78:03:7d:11:39:a0:7b:0d:32:57:a0:17:37:05:
         46:aa:44:bc:b9:e4:10:a7:ba:7c:07:6a:33:c5:70:62:de:af:
         9d:e1:bb:b9:7a:90:a5:3d:ce:14:b0:b7:4c:fb:6e:bd:a5:87:
         ff:ad:3d:08:a7:dd:b6:54:ec:82:4e:9d:e8:9c:c3:99:98:e1:
         c8:b2:aa:b7:8f:49:46:a4:8c:90:58:3c:d1:ec:a3:70:67:47:
         2d:45:df:aa:05:29:ef:23:dc:47:9b:4d:35:43:02:04:3c:24:
         00:b5:2f:02:77:2a:a0:4a:fb:74:2e:6b:93:66:d2:db:00:3d:
         c6:f7:5f:0d:bb:33:0e:b6:29:9f:18:0e:6c:4a:ee:0f:f5:50:
         e4:ac:2c:8e:13:ed:d5:86:fa:c9:10:6d:0d:df:db:03:87:71:
         cc:d7:af:fd:17:94:42:68:b6:49:b3:79:13:2c:01:bf:3f:9d:
         79:77:cb:1f:5b:28:8b:f4:84:5e:4f:97:bd:49:49:50:f5:e3:
         a0:93:a3:c5:bc:72:13:fd:b2:2c:9a:b7:76:74:38:52:9e:54:
         c8:eb:38:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKexv6YNlhoafwRdMvi2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGEwOGViOGZhN2JlZTZhMzE4M2UzMmRlNTFhMmYzY2Nk
NGFlNDcwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjQ1ZjVjZWI5MGRjNjczMjY4MmNiZDFmMWI5NjcwM2E0ZTBjMWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2paWZpRCk88UZcyklsampg8ontP
Y2Z1VAHyDH1wDY3rzeuB4EjFpdfiUEAY5uwmpQMHi+MHV4BNw+S6uiCXEnBkTI2M
5f/V5fzBKuJq69VTRfJSAMLbmg6EFL/jbslW2QWX2x4cyNNDTb9/Y5bAKcREYnIS
Y7kJX9J3zNM2QrTRsX+PvT9fi3tLAVjwJei3zT60EEu+QpXyCMZNNNaOvUDhvJ/L
bqK2zqE+jmIrZcx1fdrnSO9FR28hoOwwtu1RCHD3gDDhb4s1O1Kwj9PqG8xXqICj
FUDHn3VK6dgLdovdrj0ECo/hzbXD4a2z94o95PRSE31FXq2xjKb0ZXVQ2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZF9c65DcZzJoLL0fG5ZwOk4MHVMB8GA1UdIwQY
MBaAFPCKCOuPp77moxg+Mt5RovPM1K5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOElvSTY0LW52dWFqR0Q0eTNsR2k4OHpVcmtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hYjExYzktMjVkNS00M2ZhLTliZDMt
YjFlYzI4YzY3Yzc0LzEvdGtYMXpya054bk1tZ3N2UjhibG5BNlRnd2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hYjExYzktMjVkNS00M2ZhLTliZDMtYjFlYzI4YzY3Yzc0
LzEvOElvSTY0LW52dWFqR0Q0eTNsR2k4OHpVcmtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudj4MA0G
CSqGSIb3DQEBCwUAA4IBAQCfe0gMlNFljlFyjRZfJpOQS4Wmn1HUPqj6Mo9hsqs0
KkjyBRjXX4hoeAN9ETmgew0yV6AXNwVGqkS8ueQQp7p8B2ozxXBi3q+d4bu5epCl
Pc4UsLdM+269pYf/rT0Ip922VOyCTp3onMOZmOHIsqq3j0lGpIyQWDzR7KNwZ0ct
Rd+qBSnvI9xHm001QwIEPCQAtS8CdyqgSvt0LmuTZtLbAD3G918NuzMOtimfGA5s
Su4P9VDkrCyOE+3VhvrJEG0N39sDh3HM16/9F5RCaLZJs3kTLAG/P515d8sfWyiL
9IReT5e9SUlQ9eOgk6PFvHIT/bIsmrd2dDhSnlTI6zio
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:55:35 2024 by rpki-client on console-fra.rpki-client.org