Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/T-gY9ak4rbVY5Y-DkpzjJTyaxeg.roa
File:                     T-gY9ak4rbVY5Y-DkpzjJTyaxeg.roa (raw, json)
Hash identifier:          1dzBpMdFrAohllcrhN+4b2vAr04G3zRkvuNc8NYazX0=
Subject key identifier:   4F:E8:18:F5:A9:38:AD:B5:58:E5:8F:83:92:9C:E3:25:3C:9A:C5:E8
Certificate issuer:       /CN=8a26f476d608625ad1fe06e52b974a9f66f0141a
Certificate serial:       018CCA99C12FE40E2F2B6B2747B24D985924
Authority key identifier: 8A:26:F4:76:D6:08:62:5A:D1:FE:06:E5:2B:97:4A:9F:66:F0:14:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/T-gY9ak4rbVY5Y-DkpzjJTyaxeg.roa
Signing time:             Tue 02 Jan 2024 14:35:23 +0000
ROA not before:           Tue 02 Jan 2024 14:35:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15436
IP address blocks:        193.109.125.0/24 maxlen: 24
                          193.109.121.0/24 maxlen: 24
                          81.88.96.0/21 maxlen: 24
                          193.109.117.0/24 maxlen: 24
                          193.201.1.0/24 maxlen: 24
                          193.201.0.0/24 maxlen: 24
                          193.201.4.0/24 maxlen: 24
                          193.201.2.0/24 maxlen: 24
                          193.201.3.0/24 maxlen: 24
                          193.201.7.0/24 maxlen: 24
                          193.201.6.0/24 maxlen: 24
                          193.201.5.0/24 maxlen: 24
                          2a02:c18::/32 maxlen: 48
                          2a02:c18::/48 maxlen: 48
                          2a02:c18:2::/48 maxlen: 48
                          2a02:c18:6::/48 maxlen: 48
                          2a02:c18:1::/48 maxlen: 48
                          2a02:c18:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/iib0dtYIYlrR_gblK5dKn2bwFBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/iib0dtYIYlrR_gblK5dKn2bwFBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:c1:2f:e4:0e:2f:2b:6b:27:47:b2:4d:98:59:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a26f476d608625ad1fe06e52b974a9f66f0141a
        Validity
            Not Before: Jan  2 14:35:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fe818f5a938adb558e58f83929ce3253c9ac5e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a2:30:c3:da:8c:3f:25:a1:96:b5:72:38:5b:
                    0f:a6:61:5e:6d:73:6e:88:f4:0a:be:d2:fd:fb:49:
                    bc:bf:24:a5:d6:0c:a3:2f:73:fe:e5:4f:91:6f:8a:
                    c6:53:b9:be:fd:f4:25:79:1a:fc:a8:99:f8:a2:64:
                    33:ba:dc:10:fe:2a:7d:cb:da:84:8f:29:71:f4:ba:
                    1b:d7:a2:02:c4:cd:17:fa:a9:8f:36:a7:5f:5a:94:
                    3d:70:b7:0b:f5:af:cb:c1:98:cf:71:24:82:73:cb:
                    6a:60:ac:85:60:83:de:ea:82:56:0d:69:22:a6:8a:
                    b9:8c:be:f7:5d:c9:ae:0c:6e:ba:fd:06:8b:36:b8:
                    2f:61:44:6f:fa:5c:83:2e:8c:5a:43:ed:16:e7:fb:
                    b5:59:b4:e9:28:59:82:6e:ad:67:7a:bc:10:66:7b:
                    91:61:29:7f:2d:53:65:5b:d8:bb:91:fb:26:5f:65:
                    df:10:80:0c:be:ba:ca:bb:cf:ba:50:3a:f9:dd:54:
                    75:3b:5e:a2:59:c7:10:02:01:0c:1b:fd:45:bb:83:
                    18:d2:9e:12:fa:1d:df:6c:b9:68:f2:44:08:d2:cd:
                    17:15:59:e9:99:e3:b9:05:cf:15:db:c2:78:83:29:
                    19:74:c9:76:e3:4d:db:fa:07:f6:5d:6e:fa:9b:5f:
                    fd:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:E8:18:F5:A9:38:AD:B5:58:E5:8F:83:92:9C:E3:25:3C:9A:C5:E8
            X509v3 Authority Key Identifier:
                keyid:8A:26:F4:76:D6:08:62:5A:D1:FE:06:E5:2B:97:4A:9F:66:F0:14:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/T-gY9ak4rbVY5Y-DkpzjJTyaxeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/iib0dtYIYlrR_gblK5dKn2bwFBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.88.96.0/21
                  193.109.117.0/24
                  193.109.121.0/24
                  193.109.125.0/24
                  193.201.0.0/21
                IPv6:
                  2a02:c18::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:1a:b3:b6:4a:7d:a0:63:6b:32:04:9d:22:59:3a:34:5e:95:
         21:c3:56:71:d0:87:eb:91:01:93:ff:9a:0a:f3:29:9a:3c:aa:
         74:19:57:93:0d:00:c7:01:3c:0b:ae:99:91:dc:a8:17:b6:63:
         c2:90:da:e6:b3:94:e7:6d:01:10:b1:9a:1f:08:a5:d8:84:a8:
         33:bc:c9:bd:fa:85:86:40:f2:d1:31:4b:19:b2:de:81:c4:ca:
         f1:c8:c1:f0:79:2f:ce:9d:74:1e:70:6c:32:a7:2e:43:6e:e1:
         b5:8b:bc:2b:d3:b0:de:62:6c:9d:b9:b3:f4:37:a0:ea:03:e0:
         3d:ff:55:e1:f9:a9:b3:b1:67:ed:fa:f6:98:de:84:5d:c8:b5:
         46:ca:ac:be:2d:03:d2:c8:2e:4c:73:91:58:47:5b:ab:5c:16:
         05:9e:8a:0d:49:1d:6d:a0:3e:05:23:b5:73:15:a9:b1:1c:14:
         bf:e0:fc:88:28:7f:6e:79:c6:0b:fb:27:81:91:38:4a:db:4f:
         c4:e6:52:d6:fd:e1:27:37:6a:5b:de:26:f0:dc:e3:4c:6c:a5:
         19:c1:91:52:34:84:98:a4:6b:09:93:97:42:93:78:03:0b:18:
         82:41:04:d5:b3:3a:2a:35:8f:0a:15:ed:55:9d:14:a6:73:db:
         09:8a:79:be
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzKmcEv5A4vK2snR7JNmFkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMjZmNDc2ZDYwODYyNWFkMWZlMDZlNTJiOTc0YTlmNjZm
MDE0MWEwHhcNMjQwMTAyMTQzNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmU4MThmNWE5MzhhZGI1NThlNThmODM5MjljZTMyNTNjOWFjNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqIww9qMPyWhlrVyOFsPpmFebXNu
iPQKvtL9+0m8vySl1gyjL3P+5U+Rb4rGU7m+/fQleRr8qJn4omQzutwQ/ip9y9qE
jylx9Lob16ICxM0X+qmPNqdfWpQ9cLcL9a/LwZjPcSSCc8tqYKyFYIPe6oJWDWki
poq5jL73XcmuDG66/QaLNrgvYURv+lyDLoxaQ+0W5/u1WbTpKFmCbq1nerwQZnuR
YSl/LVNlW9i7kfsmX2XfEIAMvrrKu8+6UDr53VR1O16iWccQAgEMG/1Fu4MY0p4S
+h3fbLlo8kQI0s0XFVnpmeO5Bc8V28J4gykZdMl2403b+gf2XW76m1/9fQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFE/oGPWpOK21WOWPg5Kc4yU8msXoMB8GA1UdIwQY
MBaAFIom9HbWCGJa0f4G5SuXSp9m8BQaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWliMGR0WUlZbHJSX2dibEs1ZEtuMmJ3RkJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9hNjZmMmQtY2EyZi00YmNhLWIyN2It
ZDg0NmQxMDZiNWY3LzEvVC1nWTlhazRyYlZZNVktRGtwempKVHlheGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9hNjZmMmQtY2EyZi00YmNhLWIyN2ItZDg0NmQxMDZiNWY3
LzEvaWliMGR0WUlZbHJSX2dibEs1ZEtuMmJ3RkJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDUVhgAwQA
wW11AwQAwW15AwQAwW19AwQDwckAMA0EAgACMAcDBQAqAgwYMA0GCSqGSIb3DQEB
CwUAA4IBAQC2GrO2Sn2gY2syBJ0iWTo0XpUhw1Zx0IfrkQGT/5oK8ymaPKp0GVeT
DQDHATwLrpmR3KgXtmPCkNrms5TnbQEQsZofCKXYhKgzvMm9+oWGQPLRMUsZst6B
xMrxyMHweS/OnXQecGwypy5DbuG1i7wr07DeYmydubP0N6DqA+A9/1Xh+amzsWft
+vaY3oRdyLVGyqy+LQPSyC5Mc5FYR1urXBYFnooNSR1toD4FI7VzFamxHBS/4PyI
KH9uecYL+yeBkThK20/E5lLW/eEnN2pb3ibw3ONMbKUZwZFSNISYpGsJk5dCk3gD
CxiCQQTVszoqNY8KFe1VnRSmc9sJinm+
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:13:29 2024 by rpki-client on console-fra.rpki-client.org