Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/afef12-1f08-4b46-947b-ca0c62621098/1/TPGthfRSwY7FrDmNwyFWXVI_Ywk.roa
File:                     TPGthfRSwY7FrDmNwyFWXVI_Ywk.roa (raw, json)
Hash identifier:          5fGbDnZdNVMQDIL4RL+d/MzV+ZD6KlWyirl3P8EbR2I=
Subject key identifier:   4C:F1:AD:85:F4:52:C1:8E:C5:AC:39:8D:C3:21:56:5D:52:3F:63:09
Certificate issuer:       /CN=6a57ffe822b3ba7bc194db7a734c85efcef2f283
Certificate serial:       018CC5DC02CEF884D4A20FB091E46603B6F2
Authority key identifier: 6A:57:FF:E8:22:B3:BA:7B:C1:94:DB:7A:73:4C:85:EF:CE:F2:F2:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alf_6CKzunvBlNt6c0yF787y8oM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/afef12-1f08-4b46-947b-ca0c62621098/1/TPGthfRSwY7FrDmNwyFWXVI_Ywk.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200070
IP address blocks:        193.29.206.0/24 maxlen: 24
                          212.237.229.0/24 maxlen: 24
                          194.0.14.0/24 maxlen: 24
                          194.0.12.0/23 maxlen: 30
                          185.43.134.0/24 maxlen: 24
                          2001:678:10::/47 maxlen: 64
                          2001:148f:fffb::/48 maxlen: 48
                          2001:678:1::/48 maxlen: 48
                          2001:148f:fffd::/48 maxlen: 48
                          2001:678:f::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/afef12-1f08-4b46-947b-ca0c62621098/1/alf_6CKzunvBlNt6c0yF787y8oM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/afef12-1f08-4b46-947b-ca0c62621098/1/alf_6CKzunvBlNt6c0yF787y8oM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alf_6CKzunvBlNt6c0yF787y8oM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:02:ce:f8:84:d4:a2:0f:b0:91:e4:66:03:b6:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a57ffe822b3ba7bc194db7a734c85efcef2f283
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cf1ad85f452c18ec5ac398dc321565d523f6309
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:65:f1:8b:ac:5a:e5:8c:2e:d4:56:cd:33:ba:
                    49:33:48:ab:a1:da:85:7c:cf:f2:5b:e5:b0:f5:aa:
                    92:8a:96:07:39:5e:57:ad:89:97:87:ef:37:81:ce:
                    6e:7e:2c:a8:a3:a0:29:af:2a:26:e1:32:22:64:de:
                    82:35:b4:0d:f2:53:ae:62:86:26:40:02:bc:18:a6:
                    d8:74:1b:d3:0f:3e:29:49:98:5a:13:c4:41:d0:22:
                    f7:8f:e0:87:37:bb:ba:cd:51:d6:a8:5c:5a:58:20:
                    87:12:2d:35:af:6d:a1:2e:80:45:36:9e:0a:35:96:
                    e5:55:b1:64:16:e8:e6:5b:92:58:cd:88:11:f5:3c:
                    21:67:d8:35:1a:7d:e1:e9:f5:b4:2b:bd:0e:0d:61:
                    82:8e:dd:78:94:4e:17:b1:a2:fb:cc:da:cc:ec:9a:
                    ae:75:4f:33:84:11:f2:14:16:be:75:62:8d:ff:71:
                    ff:be:61:7c:87:a7:e6:0d:4c:6e:6c:c7:67:9d:62:
                    e4:b2:fa:a7:56:35:d0:83:ad:15:6e:68:7f:97:9a:
                    b8:54:d2:ba:b1:28:73:65:c5:28:8b:37:52:cf:d9:
                    eb:df:f5:26:03:83:8d:16:18:3a:f1:a2:9b:e3:ff:
                    60:a2:2c:9b:bb:5f:09:92:d7:c1:d5:07:97:bf:ad:
                    aa:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:F1:AD:85:F4:52:C1:8E:C5:AC:39:8D:C3:21:56:5D:52:3F:63:09
            X509v3 Authority Key Identifier:
                keyid:6A:57:FF:E8:22:B3:BA:7B:C1:94:DB:7A:73:4C:85:EF:CE:F2:F2:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alf_6CKzunvBlNt6c0yF787y8oM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/afef12-1f08-4b46-947b-ca0c62621098/1/TPGthfRSwY7FrDmNwyFWXVI_Ywk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/afef12-1f08-4b46-947b-ca0c62621098/1/alf_6CKzunvBlNt6c0yF787y8oM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.134.0/24
                  193.29.206.0/24
                  194.0.12.0-194.0.14.255
                  212.237.229.0/24
                IPv6:
                  2001:678:1::/48
                  2001:678:f::-2001:678:11:ffff:ffff:ffff:ffff:ffff
                  2001:148f:fffb::/48
                  2001:148f:fffd::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:ab:bc:0a:74:2b:41:da:9a:2a:da:7f:0f:7a:83:cf:c6:27:
         53:3c:3d:41:10:89:1c:9b:97:5e:c8:a1:fb:45:2a:57:6f:cc:
         cb:45:08:99:d8:5d:40:f2:62:1d:c6:40:57:ad:f1:56:49:84:
         6f:91:9c:aa:2b:a9:5b:1a:f8:80:66:65:10:74:74:bf:94:83:
         1c:55:74:2c:b2:57:f8:43:22:48:0f:f4:57:5d:8e:5c:3d:68:
         63:08:d5:6d:a2:b8:85:87:c7:af:42:7d:c7:03:27:47:79:52:
         95:0e:1b:f8:9c:5c:4f:ae:59:13:9e:19:aa:87:63:3c:f1:2f:
         78:ad:f1:e0:4d:58:24:01:ad:4d:9c:76:f9:29:97:d8:fc:be:
         c8:05:c5:72:53:f9:85:d4:4e:c7:08:25:ff:ae:ea:de:4b:41:
         ff:13:e0:a6:4f:23:fb:93:1a:bf:34:d0:41:67:77:de:26:8e:
         dc:d8:5c:27:6f:a2:55:ef:ba:f8:9b:74:bf:ce:2e:ab:19:b6:
         f9:a0:e7:64:c4:22:4b:b0:94:63:3d:5c:ef:81:cb:a2:c5:f4:
         cc:59:35:2e:57:7c:f6:fd:2e:69:db:fe:38:c1:c1:04:bc:49:
         90:e4:8b:16:29:5d:c6:0c:9b:64:4f:5b:44:54:bb:be:46:3a:
         26:f4:5d:e1
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYzF3ALO+ITUog+wkeRmA7byMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTdmZmU4MjJiM2JhN2JjMTk0ZGI3YTczNGM4NWVmY2Vm
MmYyODMwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2YxYWQ4NWY0NTJjMThlYzVhYzM5OGRjMzIxNTY1ZDUyM2Y2MzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mXxi6xa5Ywu1FbNM7pJM0irodqF
fM/yW+Ww9aqSipYHOV5XrYmXh+83gc5ufiyoo6Apryom4TIiZN6CNbQN8lOuYoYm
QAK8GKbYdBvTDz4pSZhaE8RB0CL3j+CHN7u6zVHWqFxaWCCHEi01r22hLoBFNp4K
NZblVbFkFujmW5JYzYgR9TwhZ9g1Gn3h6fW0K70ODWGCjt14lE4XsaL7zNrM7Jqu
dU8zhBHyFBa+dWKN/3H/vmF8h6fmDUxubMdnnWLksvqnVjXQg60Vbmh/l5q4VNK6
sShzZcUoizdSz9nr3/UmA4ONFhg68aKb4/9goiybu18JktfB1QeXv62qNQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFEzxrYX0UsGOxaw5jcMhVl1SP2MJMB8GA1UdIwQY
MBaAFGpX/+gis7p7wZTbenNMhe/O8vKDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxmXzZDS3p1bnZCbE50NmMweUY3ODd5OG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9hZmVmMTItMWYwOC00YjQ2LTk0N2It
Y2EwYzYyNjIxMDk4LzEvVFBHdGhmUlN3WTdGckRtTnd5RldYVklfWXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9hZmVmMTItMWYwOC00YjQ2LTk0N2ItY2EwYzYyNjIxMDk4
LzEvYWxmXzZDS3p1bnZCbE50NmMweUY3ODd5OG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzAmBAIAATAgAwQAuSuGAwQA
wR3OMAwDBALCAAwDBADCAA4DBADU7eUwNQQCAAIwLwMHACABBngAATASAwcAIAEG
eAAPAwcBIAEGeAAQAwcAIAEUj//7AwcAIAEUj//9MA0GCSqGSIb3DQEBCwUAA4IB
AQAgq7wKdCtB2poq2n8PeoPPxidTPD1BEIkcm5deyKH7RSpXb8zLRQiZ2F1A8mId
xkBXrfFWSYRvkZyqK6lbGviAZmUQdHS/lIMcVXQsslf4QyJID/RXXY5cPWhjCNVt
oriFh8evQn3HAydHeVKVDhv4nFxPrlkTnhmqh2M88S94rfHgTVgkAa1NnHb5KZfY
/L7IBcVyU/mF1E7HCCX/rureS0H/E+CmTyP7kxq/NNBBZ3feJo7c2Fwnb6JV77r4
m3S/zi6rGbb5oOdkxCJLsJRjPVzvgcuixfTMWTUuV3z2/S5p2/44wcEEvEmQ5IsW
KV3GDJtkT1tEVLu+Rjom9F3h
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:12:11 2024 by rpki-client on console-fra.rpki-client.org