Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/a4abf3-4af3-4180-8340-b13a1f20d15f/1/TKFgifUv28T6wKZ4YdWiixsRk_g.roa
File:                     TKFgifUv28T6wKZ4YdWiixsRk_g.roa (raw, json)
Hash identifier:          bxhYAgtav2A1722yfVqJbjXC9TPtoF1tZJwNJyfGafg=
Subject key identifier:   4C:A1:60:89:F5:2F:DB:C4:FA:C0:A6:78:61:D5:A2:8B:1B:11:93:F8
Certificate issuer:       /CN=c13e341c1e14d35a7496ce7828e3055f863935cf
Certificate serial:       018CC3B6EF336A9DE629DF3D52ECF5DE671A
Authority key identifier: C1:3E:34:1C:1E:14:D3:5A:74:96:CE:78:28:E3:05:5F:86:39:35:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wT40HB4U01p0ls54KOMFX4Y5Nc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/a4abf3-4af3-4180-8340-b13a1f20d15f/1/TKFgifUv28T6wKZ4YdWiixsRk_g.roa
Signing time:             Mon 01 Jan 2024 06:29:54 +0000
ROA not before:           Mon 01 Jan 2024 06:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206561
IP address blocks:        185.173.191.0/24 maxlen: 24
                          185.173.188.0/24 maxlen: 24
                          185.173.189.0/24 maxlen: 24
                          185.173.190.0/24 maxlen: 24
                          2a0f:46c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/a4abf3-4af3-4180-8340-b13a1f20d15f/1/wT40HB4U01p0ls54KOMFX4Y5Nc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/a4abf3-4af3-4180-8340-b13a1f20d15f/1/wT40HB4U01p0ls54KOMFX4Y5Nc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wT40HB4U01p0ls54KOMFX4Y5Nc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 06:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ef:33:6a:9d:e6:29:df:3d:52:ec:f5:de:67:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c13e341c1e14d35a7496ce7828e3055f863935cf
        Validity
            Not Before: Jan  1 06:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ca16089f52fdbc4fac0a67861d5a28b1b1193f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b4:6d:05:be:64:ce:fe:5f:7d:34:4f:0a:ac:
                    a0:54:1c:72:f8:d7:46:8a:90:8b:33:ea:24:89:28:
                    4d:72:28:2a:4a:59:89:fd:52:83:c6:c3:bf:f4:63:
                    c8:01:5d:60:e0:09:ff:48:a6:e4:20:5d:e8:fb:9a:
                    a0:4f:a1:64:9d:a9:c2:98:cd:30:94:1b:af:f9:65:
                    7b:1c:07:c7:f9:44:17:13:94:a2:86:1c:f1:03:4b:
                    f7:85:4b:5f:2e:08:0c:23:ee:91:fa:08:dd:89:4b:
                    69:a9:4e:bf:1a:77:d6:2d:0a:7e:ff:bb:15:c5:6e:
                    cf:e5:30:19:b6:34:88:91:a6:43:71:f4:fa:50:be:
                    33:5e:ba:0a:fe:d2:42:51:d4:4d:45:19:93:8a:e9:
                    51:e1:e0:ee:43:e5:a9:f8:72:c4:d9:86:d2:2d:63:
                    2f:49:bc:dd:1f:2f:be:1c:5e:81:6b:a9:0c:e6:9c:
                    8a:1a:b8:36:4c:8c:7d:bd:3f:8c:6c:9a:07:92:8d:
                    b1:38:a1:5e:ae:17:09:d1:f9:1c:91:f7:c8:6a:b2:
                    6f:83:16:bb:a0:31:43:09:56:37:f9:20:d7:fd:74:
                    27:1d:b5:71:67:00:25:05:d6:5e:8f:6a:d7:ef:00:
                    54:4f:fd:27:f4:31:5f:6b:af:f8:0e:da:6d:6f:18:
                    31:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A1:60:89:F5:2F:DB:C4:FA:C0:A6:78:61:D5:A2:8B:1B:11:93:F8
            X509v3 Authority Key Identifier:
                keyid:C1:3E:34:1C:1E:14:D3:5A:74:96:CE:78:28:E3:05:5F:86:39:35:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wT40HB4U01p0ls54KOMFX4Y5Nc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/a4abf3-4af3-4180-8340-b13a1f20d15f/1/TKFgifUv28T6wKZ4YdWiixsRk_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/a4abf3-4af3-4180-8340-b13a1f20d15f/1/wT40HB4U01p0ls54KOMFX4Y5Nc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.188.0/22
                IPv6:
                  2a0f:46c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:7d:c0:96:33:7e:f9:26:d4:83:16:8e:19:ad:f8:1f:a6:6c:
         82:5f:cb:e3:4d:77:60:8e:a4:e9:d4:39:e0:42:ac:3d:96:9e:
         b5:a2:53:d2:15:87:0f:b9:26:9b:41:46:1f:66:bb:4b:c1:85:
         fc:67:1a:3f:44:d9:14:f5:0e:1a:b0:a2:90:cb:5f:df:5a:39:
         e7:fe:89:0f:c0:a7:ca:33:88:f0:b3:81:d3:76:db:28:e9:f1:
         92:22:d5:bb:5b:1a:c0:8c:ce:de:3b:8a:fc:2f:ef:ee:1f:e6:
         c6:4c:ca:d4:23:ea:f6:62:35:b7:4f:a2:34:dd:f9:ad:89:eb:
         70:76:e6:29:66:81:16:80:a5:de:00:86:cc:27:81:7b:8b:73:
         84:05:ea:2b:48:e6:be:bf:43:95:4a:9e:90:33:76:6e:8d:90:
         dc:44:63:5d:e5:ce:d2:a1:f5:0e:3c:38:a6:4a:bd:6b:0f:af:
         a4:b6:fc:90:a6:50:d8:6c:88:1e:b8:90:0b:0b:c6:0d:ca:26:
         4b:b1:4b:36:46:35:95:91:5e:ef:f1:b2:5a:1c:97:a2:74:74:
         78:a3:8b:6f:f4:1c:43:8f:49:8e:15:b3:7b:db:99:59:a0:f0:
         21:ca:a8:6e:88:63:f7:32:a4:14:77:ca:db:f4:46:0d:e3:21:
         20:2d:67:ee
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtu8zap3mKd89Uuz13mcaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxM2UzNDFjMWUxNGQzNWE3NDk2Y2U3ODI4ZTMwNTVmODYz
OTM1Y2YwHhcNMjQwMTAxMDYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2ExNjA4OWY1MmZkYmM0ZmFjMGE2Nzg2MWQ1YTI4YjFiMTE5M2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorRtBb5kzv5ffTRPCqygVBxy+NdG
ipCLM+okiShNcigqSlmJ/VKDxsO/9GPIAV1g4An/SKbkIF3o+5qgT6FknanCmM0w
lBuv+WV7HAfH+UQXE5SihhzxA0v3hUtfLggMI+6R+gjdiUtpqU6/GnfWLQp+/7sV
xW7P5TAZtjSIkaZDcfT6UL4zXroK/tJCUdRNRRmTiulR4eDuQ+Wp+HLE2YbSLWMv
SbzdHy++HF6Ba6kM5pyKGrg2TIx9vT+MbJoHko2xOKFerhcJ0fkckffIarJvgxa7
oDFDCVY3+SDX/XQnHbVxZwAlBdZej2rX7wBUT/0n9DFfa6/4DtptbxgxBwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEyhYIn1L9vE+sCmeGHVoosbEZP4MB8GA1UdIwQY
MBaAFME+NBweFNNadJbOeCjjBV+GOTXPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1Q0MEhCNFUwMXAwbHM1NEtPTUZYNFk1TmM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9hNGFiZjMtNGFmMy00MTgwLTgzNDAt
YjEzYTFmMjBkMTVmLzEvVEtGZ2lmVXYyOFQ2d0taNFlkV2lpeHNSa19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9hNGFiZjMtNGFmMy00MTgwLTgzNDAtYjEzYTFmMjBkMTVm
LzEvd1Q0MEhCNFUwMXAwbHM1NEtPTUZYNFk1TmM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCua28MA0E
AgACMAcDBQMqD0bAMA0GCSqGSIb3DQEBCwUAA4IBAQCPfcCWM375JtSDFo4Zrfgf
pmyCX8vjTXdgjqTp1DngQqw9lp61olPSFYcPuSabQUYfZrtLwYX8Zxo/RNkU9Q4a
sKKQy1/fWjnn/okPwKfKM4jws4HTdtso6fGSItW7WxrAjM7eO4r8L+/uH+bGTMrU
I+r2YjW3T6I03fmtietwduYpZoEWgKXeAIbMJ4F7i3OEBeorSOa+v0OVSp6QM3Zu
jZDcRGNd5c7SofUOPDimSr1rD6+ktvyQplDYbIgeuJALC8YNyiZLsUs2RjWVkV7v
8bJaHJeidHR4o4tv9BxDj0mOFbN725lZoPAhyqhuiGP3MqQUd8rb9EYN4yEgLWfu
-----END CERTIFICATE-----
Generated at Mon Jun 17 14:47:41 2024 by rpki-client on console-fra.rpki-client.org