Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/tgCgsgGgSdZeUY25I7TnZMIWszA.roa
File:                     tgCgsgGgSdZeUY25I7TnZMIWszA.roa (raw, json)
Hash identifier:          NPFyzCN4sGcUpZlVeHvGNxGmjQPWrB5wYR38+bgiS7Y=
Subject key identifier:   B6:00:A0:B2:01:A0:49:D6:5E:51:8D:B9:23:B4:E7:64:C2:16:B3:30
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F8BA58805E44B00FA3FB1A2449285
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/tgCgsgGgSdZeUY25I7TnZMIWszA.roa
Signing time:             Tue 02 Jan 2024 04:30:02 +0000
ROA not before:           Tue 02 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15133
IP address blocks:        213.175.80.0/24 maxlen: 24
                          2a02:16d8:103::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8b:a5:88:05:e4:4b:00:fa:3f:b1:a2:44:92:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b600a0b201a049d65e518db923b4e764c216b330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f2:d7:2f:0c:60:2c:53:3c:97:ec:f0:a5:bf:
                    04:f6:df:5a:17:05:e4:59:a0:26:55:4e:50:2c:10:
                    95:bb:01:0b:8a:da:b7:46:6a:ef:86:2b:ec:11:4f:
                    8d:b0:7b:dd:b3:0f:2c:91:0d:72:2d:2e:18:7d:53:
                    d7:b4:24:16:6b:ce:0c:f6:62:80:7c:ac:78:56:23:
                    51:f9:24:35:85:a6:10:1e:2b:a5:05:68:32:4a:80:
                    62:a8:ff:aa:12:26:a6:70:49:94:4d:fe:c6:b9:b2:
                    db:8a:da:d9:e2:40:66:df:6f:e9:dd:dd:85:e7:fb:
                    eb:8c:35:d9:6b:31:bf:6c:99:64:95:87:2a:91:34:
                    3a:14:fb:04:90:61:8f:58:83:a0:df:4f:b0:1a:85:
                    da:ee:bd:1e:30:a9:0c:3d:67:98:4d:f8:26:21:14:
                    a3:49:93:b7:e3:ed:56:a5:4f:96:37:66:0d:7b:1e:
                    fc:16:62:5f:2a:28:5e:46:28:46:ff:53:35:48:8a:
                    cd:41:cc:10:91:11:54:c4:b3:ac:00:55:a5:28:2c:
                    91:1e:75:ee:83:01:fa:e6:61:be:bb:d7:3e:0a:f6:
                    64:be:39:f6:4e:90:75:9e:41:94:84:d1:a3:59:9b:
                    64:6b:87:6b:c0:81:ff:ba:4c:6e:12:e4:a7:84:9d:
                    63:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:00:A0:B2:01:A0:49:D6:5E:51:8D:B9:23:B4:E7:64:C2:16:B3:30
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/tgCgsgGgSdZeUY25I7TnZMIWszA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.175.80.0/24
                IPv6:
                  2a02:16d8:103::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:25:9c:a8:bc:ef:c3:89:ad:2a:61:4b:b2:c9:bc:59:0f:68:
         97:33:bc:2c:5b:0a:a0:21:9d:b8:b5:bd:88:61:c8:0d:92:f4:
         ee:2f:24:e5:4e:d8:f9:23:ef:c5:fd:88:4f:10:a1:db:60:ef:
         47:01:cd:37:75:7a:9c:06:3c:2d:69:77:a8:04:5c:7f:5c:1d:
         45:22:f2:f5:bc:4c:cc:76:da:17:3f:b2:89:69:de:f5:3f:bd:
         a9:96:44:63:98:12:90:67:57:60:91:4e:27:ee:ce:f9:09:09:
         e0:81:db:3e:40:e2:e9:a8:b7:a8:0d:4d:78:41:b1:7e:5a:2d:
         85:a3:aa:07:26:cb:c3:05:0a:a6:9b:24:b3:62:94:af:5d:c3:
         43:b1:fb:16:37:90:04:e2:1e:cd:65:f3:84:f4:65:c0:2b:4e:
         7f:1c:50:f1:19:cf:0a:66:19:7d:50:9a:47:79:17:3e:57:4f:
         a6:1f:61:8c:d0:9e:a0:ea:ed:19:63:04:62:12:da:97:2c:f2:
         0e:e1:42:8d:af:f2:ab:c8:73:06:73:a4:ae:4c:57:f1:2a:47:
         17:fc:91:31:c5:8a:18:d6:e8:1a:4c:89:ab:49:9f:5e:1c:a2:
         43:ec:1d:8a:1b:f0:2d:c6:42:31:86:25:d2:ee:6e:a7:bc:27:
         0a:ab:c2:58
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIb4uliAXkSwD6P7GiRJKFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjAwYTBiMjAxYTA0OWQ2NWU1MThkYjkyM2I0ZTc2NGMyMTZiMzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/LXLwxgLFM8l+zwpb8E9t9aFwXk
WaAmVU5QLBCVuwELitq3RmrvhivsEU+NsHvdsw8skQ1yLS4YfVPXtCQWa84M9mKA
fKx4ViNR+SQ1haYQHiulBWgySoBiqP+qEiamcEmUTf7GubLbitrZ4kBm32/p3d2F
5/vrjDXZazG/bJlklYcqkTQ6FPsEkGGPWIOg30+wGoXa7r0eMKkMPWeYTfgmIRSj
SZO34+1WpU+WN2YNex78FmJfKiheRihG/1M1SIrNQcwQkRFUxLOsAFWlKCyRHnXu
gwH65mG+u9c+CvZkvjn2TpB1nkGUhNGjWZtka4drwIH/ukxuEuSnhJ1jsQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLYAoLIBoEnWXlGNuSO052TCFrMwMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvdGdDZ3NnR2dTZFplVVkyNUk3VG5aTUlXc3pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1a9QMA8E
AgACMAkDBwAqAhbYAQMwDQYJKoZIhvcNAQELBQADggEBAIclnKi878OJrSphS7LJ
vFkPaJczvCxbCqAhnbi1vYhhyA2S9O4vJOVO2Pkj78X9iE8Qodtg70cBzTd1epwG
PC1pd6gEXH9cHUUi8vW8TMx22hc/solp3vU/vamWRGOYEpBnV2CRTifuzvkJCeCB
2z5A4umot6gNTXhBsX5aLYWjqgcmy8MFCqabJLNilK9dw0Ox+xY3kATiHs1l84T0
ZcArTn8cUPEZzwpmGX1Qmkd5Fz5XT6YfYYzQnqDq7RljBGIS2pcs8g7hQo2v8qvI
cwZzpK5MV/EqRxf8kTHFihjW6BpMiatJn14cokPsHYob8C3GQjGGJdLubqe8Jwqr
wlg=
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:01:38 2024 by rpki-client on console-fra.rpki-client.org