Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/TFwbxPo9ptuvmqxcON6N5NC3pyE.roa
File:                     TFwbxPo9ptuvmqxcON6N5NC3pyE.roa (raw, json)
Hash identifier:          IhSi2fm+DZnUuTEl0OTeTbUsxae3Kn5COmAe7U6UpmU=
Subject key identifier:   4C:5C:1B:C4:FA:3D:A6:DB:AF:9A:AC:5C:38:DE:8D:E4:D0:B7:A7:21
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018CC56DF78D6A6C0080D2AF35356D12C0E7
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/TFwbxPo9ptuvmqxcON6N5NC3pyE.roa
Signing time:             Mon 01 Jan 2024 14:29:27 +0000
ROA not before:           Mon 01 Jan 2024 14:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        85.92.108.0/24 maxlen: 24
                          46.19.68.0/24 maxlen: 24
                          46.19.69.0/24 maxlen: 24
                          37.220.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f7:8d:6a:6c:00:80:d2:af:35:35:6d:12:c0:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jan  1 14:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c5c1bc4fa3da6dbaf9aac5c38de8de4d0b7a721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a0:40:17:62:87:39:e1:4b:d0:5d:eb:92:e5:
                    e7:d8:43:93:72:29:a1:2a:80:b3:cb:23:b8:94:b3:
                    93:fd:5e:38:c1:6a:2e:88:cc:05:d9:84:02:65:ee:
                    85:26:c5:2d:71:c4:74:42:29:79:17:f5:e3:0d:af:
                    94:6d:b8:20:05:0c:1c:26:46:a8:d3:45:69:f1:ea:
                    1a:57:c8:29:3e:6d:5c:db:62:26:84:20:58:19:8f:
                    9c:36:bb:5d:3d:19:91:1d:f6:4c:b9:36:40:e4:a4:
                    69:7c:cf:69:aa:1d:89:53:97:49:66:43:4c:41:48:
                    59:fc:68:a1:bb:5e:bc:31:75:96:16:52:9b:0e:e6:
                    39:4e:e4:af:2b:cf:40:df:ec:ee:47:b8:b2:25:68:
                    cc:77:e5:ac:4d:82:31:d7:e3:43:d8:00:cd:b5:ff:
                    8a:52:88:28:e9:6c:be:7b:75:f8:d4:7f:9e:a9:1d:
                    97:2b:4c:0a:cf:d9:e0:47:dc:80:c3:17:50:a1:4c:
                    ea:5f:8d:7c:9e:8c:2a:11:5d:b4:3f:20:c7:76:26:
                    0f:51:9c:51:6c:42:8a:3b:c8:bf:23:20:17:db:e0:
                    68:1f:6b:9b:47:75:08:b0:6d:b8:bf:6b:58:fd:e5:
                    8f:7c:ba:57:4c:b5:a3:58:11:40:7f:17:af:2c:40:
                    30:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:5C:1B:C4:FA:3D:A6:DB:AF:9A:AC:5C:38:DE:8D:E4:D0:B7:A7:21
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/TFwbxPo9ptuvmqxcON6N5NC3pyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.220.85.0/24
                  46.19.68.0/23
                  85.92.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:49:25:f7:ce:16:e3:58:37:6b:86:1f:78:b3:10:26:ab:5e:
         6c:be:ac:06:d9:fb:73:cd:e5:15:35:18:4f:18:53:44:53:32:
         e8:91:09:0f:39:70:10:73:74:6d:f6:e9:7b:4a:fd:14:1c:1d:
         af:f1:51:04:2d:9a:ad:98:8a:ef:93:0b:9a:d0:be:f4:6f:bd:
         72:45:6b:20:31:5d:c7:92:f7:d0:6f:ef:3c:b8:cb:ae:e4:76:
         75:b8:a5:95:3e:5e:da:42:74:0c:13:24:d6:24:27:20:09:73:
         03:fa:2d:76:8c:1a:79:8b:9f:7b:64:b6:32:73:fd:21:31:d7:
         3f:2b:31:a4:c7:67:d7:05:90:1d:8c:b1:35:10:62:df:1d:92:
         69:1c:c0:fd:47:a1:3a:4b:c8:62:da:67:67:fb:96:a2:a3:d9:
         aa:41:d0:9f:f7:f5:0d:e6:c5:87:95:8a:8c:7f:46:8d:a7:ae:
         62:3e:0e:1a:6f:a9:40:4e:00:6e:3b:54:6d:1f:a9:df:b5:27:
         4e:eb:ee:6e:eb:db:a9:f9:b6:bc:04:21:e5:23:cc:f4:8d:8f:
         99:b3:0d:9b:10:ee:31:58:e5:19:71:02:ad:d8:92:d3:de:b7:
         26:89:a1:20:49:7e:b0:b3:46:b4:c4:b5:86:6e:c9:7d:56:30:
         b7:c4:a8:8f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbfeNamwAgNKvNTVtEsDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwMTAxMTQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzVjMWJjNGZhM2RhNmRiYWY5YWFjNWMzOGRlOGRlNGQwYjdhNzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqBAF2KHOeFL0F3rkuXn2EOTcimh
KoCzyyO4lLOT/V44wWouiMwF2YQCZe6FJsUtccR0Qil5F/XjDa+UbbggBQwcJkao
00Vp8eoaV8gpPm1c22ImhCBYGY+cNrtdPRmRHfZMuTZA5KRpfM9pqh2JU5dJZkNM
QUhZ/Gihu168MXWWFlKbDuY5TuSvK89A3+zuR7iyJWjMd+WsTYIx1+ND2ADNtf+K
Uogo6Wy+e3X41H+eqR2XK0wKz9ngR9yAwxdQoUzqX418nowqEV20PyDHdiYPUZxR
bEKKO8i/IyAX2+BoH2ubR3UIsG24v2tY/eWPfLpXTLWjWBFAfxevLEAwOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFExcG8T6Pabbr5qsXDjejeTQt6chMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvVEZ3YnhQbzlwdHV2bXF4Y09ONk41TkMzcHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJdxVAwQB
LhNEAwQAVVxsMA0GCSqGSIb3DQEBCwUAA4IBAQA3SSX3zhbjWDdrhh94sxAmq15s
vqwG2ftzzeUVNRhPGFNEUzLokQkPOXAQc3Rt9ul7Sv0UHB2v8VEELZqtmIrvkwua
0L70b71yRWsgMV3HkvfQb+88uMuu5HZ1uKWVPl7aQnQMEyTWJCcgCXMD+i12jBp5
i597ZLYyc/0hMdc/KzGkx2fXBZAdjLE1EGLfHZJpHMD9R6E6S8hi2mdn+5aio9mq
QdCf9/UN5sWHlYqMf0aNp65iPg4ab6lATgBuO1RtH6nftSdO6+5u69up+ba8BCHl
I8z0jY+Zsw2bEO4xWOUZcQKt2JLT3rcmiaEgSX6ws0a0xLWGbsl9VjC3xKiP
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:06:22 2024 by rpki-client on console-fra.rpki-client.org