Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/TRyFDjn_Lrsjr76xd9avjafu434.roa
File:                     TRyFDjn_Lrsjr76xd9avjafu434.roa (raw, json)
Hash identifier:          37PIDSZM8Eposy8DaRvrygw/n7ePO8Jwz8NIN/fRDC0=
Subject key identifier:   4D:1C:85:0E:39:FF:2E:BB:23:AF:BE:B1:77:D6:AF:8D:A7:EE:E3:7E
Certificate issuer:       /CN=2b65275521d29caf7176ee2c398d40a1ec479c42
Certificate serial:       0190E9C9A5AF35A17D25787D81C43BC4A5D6
Authority key identifier: 2B:65:27:55:21:D2:9C:AF:71:76:EE:2C:39:8D:40:A1:EC:47:9C:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K2UnVSHSnK9xdu4sOY1AoexHnEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/TRyFDjn_Lrsjr76xd9avjafu434.roa
Signing time:             Thu 25 Jul 2024 12:07:04 +0000
ROA not before:           Thu 25 Jul 2024 12:07:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203547
IP address blocks:        185.131.44.0/24 maxlen: 24
                          185.131.45.0/24 maxlen: 24
                          185.131.46.0/24 maxlen: 24
                          185.131.47.0/24 maxlen: 24
                          2a05:e7c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/K2UnVSHSnK9xdu4sOY1AoexHnEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/K2UnVSHSnK9xdu4sOY1AoexHnEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K2UnVSHSnK9xdu4sOY1AoexHnEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e9:c9:a5:af:35:a1:7d:25:78:7d:81:c4:3b:c4:a5:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b65275521d29caf7176ee2c398d40a1ec479c42
        Validity
            Not Before: Jul 25 12:07:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d1c850e39ff2ebb23afbeb177d6af8da7eee37e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:bd:a7:84:be:9d:f0:66:9f:d0:dc:3b:11:1f:
                    d0:05:48:e9:6f:ce:64:90:67:ca:50:bb:2c:6d:f9:
                    f4:93:a7:17:7f:79:c0:bb:b7:d6:76:db:6d:13:db:
                    b7:95:1c:cc:fb:8a:d4:14:c4:ba:80:e1:d6:f4:39:
                    3f:70:c4:7c:2f:90:31:85:02:66:b6:d7:90:56:a7:
                    93:7c:c9:c3:e2:c9:14:54:e2:73:d5:c9:34:53:1e:
                    c4:1d:a7:52:bd:fd:53:df:bd:d2:1f:bf:05:bf:a7:
                    5d:67:6e:09:e3:64:c0:21:d9:93:a0:07:1f:65:55:
                    7c:13:cf:48:17:72:f3:7b:0b:bb:07:eb:77:a7:53:
                    cf:8a:c9:b6:bd:6d:d7:7a:b7:2a:15:5e:c1:f6:69:
                    83:76:8d:85:a8:f9:e6:51:3b:0a:88:61:30:ab:07:
                    87:fb:49:81:a8:de:64:ba:09:cb:f2:dc:c4:bc:7e:
                    26:58:e7:07:f1:02:d1:3a:77:35:c1:d6:d2:f1:39:
                    00:b8:13:ef:62:fe:89:82:c0:56:7a:4b:4b:a4:2f:
                    ed:d2:07:d5:79:b0:d1:96:60:a5:a9:a3:0c:1f:67:
                    66:f5:85:4e:61:a7:65:aa:18:95:72:51:e0:ef:da:
                    2b:94:0f:dd:66:4a:e2:67:1b:42:39:99:5c:e6:2d:
                    26:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:1C:85:0E:39:FF:2E:BB:23:AF:BE:B1:77:D6:AF:8D:A7:EE:E3:7E
            X509v3 Authority Key Identifier:
                keyid:2B:65:27:55:21:D2:9C:AF:71:76:EE:2C:39:8D:40:A1:EC:47:9C:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K2UnVSHSnK9xdu4sOY1AoexHnEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/TRyFDjn_Lrsjr76xd9avjafu434.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/27f595-964f-4055-b92f-9ea9f5e203a0/1/K2UnVSHSnK9xdu4sOY1AoexHnEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.44.0/22
                IPv6:
                  2a05:e7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:d9:91:99:27:0a:73:b6:00:57:fc:c9:ec:96:17:a7:d5:ab:
         70:ed:9b:ef:5e:b5:5c:dc:3e:87:f2:a0:d4:22:0c:c9:30:93:
         24:db:a9:24:e6:5c:eb:57:c9:37:9e:23:70:37:a2:d9:88:b3:
         8f:20:69:02:c6:8b:bd:4a:9c:fa:e1:e8:c8:d5:c7:8a:3c:29:
         df:d2:d0:94:f5:43:2d:f8:fe:ca:36:c3:0a:3c:18:4c:59:b0:
         a3:f8:72:0b:76:2e:35:72:c3:fb:b0:f9:4a:59:af:76:bc:4b:
         be:44:fa:06:2f:0d:ba:10:5f:3a:26:bc:60:de:10:e1:5d:8a:
         fb:e6:2e:fc:f0:60:89:1f:f6:32:36:5e:1c:a7:a7:b2:d1:70:
         de:8a:cb:47:df:18:c2:13:b1:e0:6b:dd:09:93:33:07:40:8a:
         eb:33:5e:ab:42:9f:0d:8f:6a:f8:9c:d3:ad:d0:bc:74:23:87:
         00:90:b2:23:6e:ef:40:cd:0a:08:83:86:60:c2:33:7c:c7:a0:
         55:1b:95:e4:ee:52:16:a2:91:cc:21:48:3c:61:04:de:d5:23:
         ea:d8:cd:0d:32:90:72:00:fe:53:59:0f:47:d7:74:63:5f:39:
         26:97:e1:0c:a2:84:8b:2f:29:2d:cb:de:7a:4d:8d:8e:b2:1d:
         e1:8a:ca:35
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZDpyaWvNaF9JXh9gcQ7xKXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNjUyNzU1MjFkMjljYWY3MTc2ZWUyYzM5OGQ0MGExZWM0
NzljNDIwHhcNMjQwNzI1MTIwNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDFjODUwZTM5ZmYyZWJiMjNhZmJlYjE3N2Q2YWY4ZGE3ZWVlMzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmb2nhL6d8Gaf0Nw7ER/QBUjpb85k
kGfKULssbfn0k6cXf3nAu7fWdtttE9u3lRzM+4rUFMS6gOHW9Dk/cMR8L5AxhQJm
tteQVqeTfMnD4skUVOJz1ck0Ux7EHadSvf1T373SH78Fv6ddZ24J42TAIdmToAcf
ZVV8E89IF3Lzewu7B+t3p1PPism2vW3XercqFV7B9mmDdo2FqPnmUTsKiGEwqweH
+0mBqN5kugnL8tzEvH4mWOcH8QLROnc1wdbS8TkAuBPvYv6JgsBWektLpC/t0gfV
ebDRlmClqaMMH2dm9YVOYadlqhiVclHg79orlA/dZkriZxtCOZlc5i0mNwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE0chQ45/y67I6++sXfWr42n7uN+MB8GA1UdIwQY
MBaAFCtlJ1Uh0pyvcXbuLDmNQKHsR5xCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzJVblZTSFNuSzl4ZHU0c09ZMUFvZXhIbkVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8yN2Y1OTUtOTY0Zi00MDU1LWI5MmYt
OWVhOWY1ZTIwM2EwLzEvVFJ5RkRqbl9McnNqcjc2eGQ5YXZqYWZ1NDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8yN2Y1OTUtOTY0Zi00MDU1LWI5MmYtOWVhOWY1ZTIwM2Ew
LzEvSzJVblZTSFNuSzl4ZHU0c09ZMUFvZXhIbkVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYMsMA0E
AgACMAcDBQMqBefAMA0GCSqGSIb3DQEBCwUAA4IBAQBG2ZGZJwpztgBX/Mnslhen
1atw7ZvvXrVc3D6H8qDUIgzJMJMk26kk5lzrV8k3niNwN6LZiLOPIGkCxou9Spz6
4ejI1ceKPCnf0tCU9UMt+P7KNsMKPBhMWbCj+HILdi41csP7sPlKWa92vEu+RPoG
Lw26EF86Jrxg3hDhXYr75i788GCJH/YyNl4cp6ey0XDeistH3xjCE7Hga90JkzMH
QIrrM16rQp8Nj2r4nNOt0Lx0I4cAkLIjbu9AzQoIg4ZgwjN8x6BVG5Xk7lIWopHM
IUg8YQTe1SPq2M0NMpByAP5TWQ9H13RjXzkml+EMooSLLykty956TY2Osh3hiso1
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:29:31 2024 by rpki-client on console-fra.rpki-client.org