Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/TPUqxB-PQUE4AT0KvqGW5eMJ92k.roa
File:                     TPUqxB-PQUE4AT0KvqGW5eMJ92k.roa (raw, json)
Hash identifier:          egBaFc38ulT2dCE4AC8bAmZnEEIEu19/zIW63oqERCc=
Subject key identifier:   4C:F5:2A:C4:1F:8F:41:41:38:01:3D:0A:BE:A1:96:E5:E3:09:F7:69
Certificate issuer:       /CN=2ac64dc21cb5fd4d0bcb02cc2b43fd751fd91e1e
Certificate serial:       018F803594316EAC1C943005CACE4287717D
Authority key identifier: 2A:C6:4D:C2:1C:B5:FD:4D:0B:CB:02:CC:2B:43:FD:75:1F:D9:1E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsZNwhy1_U0LywLMK0P9dR_ZHh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/TPUqxB-PQUE4AT0KvqGW5eMJ92k.roa
Signing time:             Thu 16 May 2024 07:02:25 +0000
ROA not before:           Thu 16 May 2024 07:02:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8286
IP address blocks:        31.193.96.0/21 maxlen: 21
                          82.145.64.0/19 maxlen: 19
                          212.14.0.0/19 maxlen: 19
                          212.14.32.0/20 maxlen: 20
                          2001:4c58::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/KsZNwhy1_U0LywLMK0P9dR_ZHh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/KsZNwhy1_U0LywLMK0P9dR_ZHh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsZNwhy1_U0LywLMK0P9dR_ZHh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:80:35:94:31:6e:ac:1c:94:30:05:ca:ce:42:87:71:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac64dc21cb5fd4d0bcb02cc2b43fd751fd91e1e
        Validity
            Not Before: May 16 07:02:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cf52ac41f8f414138013d0abea196e5e309f769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a7:4b:bc:2c:1e:bc:05:0d:33:08:10:ec:67:
                    c6:2f:87:4b:98:9d:5c:71:df:dc:be:8b:03:17:79:
                    7e:a9:ed:42:0c:31:e4:00:40:d3:d0:5f:b6:81:ee:
                    78:52:f3:8f:5e:24:2e:9e:74:c0:e3:74:60:9d:95:
                    23:16:85:4b:ab:57:a0:a4:78:60:10:22:7a:61:ea:
                    17:af:cd:0c:a0:ef:8f:7f:65:e2:29:b6:e9:44:a1:
                    2f:da:1e:6d:e9:14:1e:16:20:7e:a4:8d:eb:c2:75:
                    6e:fe:f9:a4:38:8b:70:1c:ab:67:fa:66:eb:c1:22:
                    01:46:4d:3e:4f:e3:23:cd:fe:bd:ff:8e:50:e0:a7:
                    55:ac:28:37:ef:0c:c5:ce:1e:5a:e1:af:5f:2c:cb:
                    28:ed:fa:5b:8f:ca:8c:8d:25:05:4b:bd:60:86:8b:
                    83:05:80:2a:be:86:70:aa:e1:14:6d:00:5f:47:8d:
                    7f:7f:61:1e:c8:fc:be:45:6f:da:d3:81:69:b4:9a:
                    63:5c:7c:a3:38:12:bb:0b:5a:ec:77:6d:ca:af:7e:
                    af:04:f7:41:40:19:52:87:ee:6e:e1:3c:45:ee:65:
                    d2:a5:3c:6c:16:30:d4:e2:b7:8f:8c:50:db:67:b4:
                    41:75:f2:4c:9b:46:64:48:47:e6:9d:85:a2:15:d3:
                    93:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:F5:2A:C4:1F:8F:41:41:38:01:3D:0A:BE:A1:96:E5:E3:09:F7:69
            X509v3 Authority Key Identifier:
                keyid:2A:C6:4D:C2:1C:B5:FD:4D:0B:CB:02:CC:2B:43:FD:75:1F:D9:1E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsZNwhy1_U0LywLMK0P9dR_ZHh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/TPUqxB-PQUE4AT0KvqGW5eMJ92k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/KsZNwhy1_U0LywLMK0P9dR_ZHh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.96.0/21
                  82.145.64.0/19
                  212.14.0.0-212.14.47.255
                IPv6:
                  2001:4c58::/30

    Signature Algorithm: sha256WithRSAEncryption
         77:d8:ae:05:16:cc:67:5f:f8:64:fc:2a:6d:76:e8:25:21:8f:
         86:42:fc:87:9d:11:a0:f2:da:ae:53:5c:a8:81:4e:af:0c:20:
         0e:23:73:96:96:c6:38:6c:ea:0f:d5:5b:0d:71:c4:cd:dd:a2:
         5e:c9:23:5d:41:cb:bc:84:66:6d:26:6d:05:29:f7:7c:b1:58:
         17:36:b8:6a:d1:c1:c1:c0:fd:55:be:f2:84:8c:df:d4:50:eb:
         30:91:b4:38:ae:a0:61:2e:81:53:8d:62:a4:5e:01:69:1d:d0:
         95:96:aa:43:ee:1f:52:14:7b:3d:27:d8:b7:45:ec:cb:21:a8:
         f0:0a:f4:fc:04:e8:d9:05:43:e5:02:4f:c9:8e:b4:07:6e:3f:
         2b:1e:30:b1:ea:cb:9e:c1:ea:e9:66:48:9a:8b:4a:30:b1:ee:
         15:c3:7d:1b:de:37:be:f4:da:30:39:79:41:d8:9a:8d:24:2e:
         04:40:d4:5a:dd:36:de:0c:2e:e4:7d:c5:71:da:c3:fc:4e:9d:
         05:d5:33:bb:90:72:2c:51:41:c7:dd:c0:ab:4a:c6:5a:11:a2:
         4a:ca:6c:2b:33:91:4a:5d:90:2d:82:53:35:e8:ec:00:4b:2f:
         3a:25:e9:e6:8f:cd:77:86:f0:1a:63:20:e0:d3:94:b0:7f:d8:
         83:01:50:dd
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAY+ANZQxbqwclDAFys5Ch3F9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzY0ZGMyMWNiNWZkNGQwYmNiMDJjYzJiNDNmZDc1MWZk
OTFlMWUwHhcNMjQwNTE2MDcwMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2Y1MmFjNDFmOGY0MTQxMzgwMTNkMGFiZWExOTZlNWUzMDlmNzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKdLvCwevAUNMwgQ7GfGL4dLmJ1c
cd/cvosDF3l+qe1CDDHkAEDT0F+2ge54UvOPXiQunnTA43RgnZUjFoVLq1egpHhg
ECJ6YeoXr80MoO+Pf2XiKbbpRKEv2h5t6RQeFiB+pI3rwnVu/vmkOItwHKtn+mbr
wSIBRk0+T+Mjzf69/45Q4KdVrCg37wzFzh5a4a9fLMso7fpbj8qMjSUFS71ghouD
BYAqvoZwquEUbQBfR41/f2EeyPy+RW/a04FptJpjXHyjOBK7C1rsd23Kr36vBPdB
QBlSh+5u4TxF7mXSpTxsFjDU4rePjFDbZ7RBdfJMm0ZkSEfmnYWiFdOTjQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFEz1KsQfj0FBOAE9Cr6hluXjCfdpMB8GA1UdIwQY
MBaAFCrGTcIctf1NC8sCzCtD/XUf2R4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NaTndoeTFfVTBMeXdMTUswUDlkUl9aSGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9kZTFkYjQtZWM3OC00ZTQxLTk1NzAt
MDk3YzNjMWMyNTQwLzEvVFBVcXhCLVBRVUU0QVQwS3ZxR1c1ZU1KOTJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9kZTFkYjQtZWM3OC00ZTQxLTk1NzAtMDk3YzNjMWMyNTQw
LzEvS3NaTndoeTFfVTBMeXdMTUswUDlkUl9aSGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAfBAIAATAZAwQDH8FgAwQF
UpFAMAsDAwHUDgMEBNQOIDANBAIAAjAHAwUCIAFMWDANBgkqhkiG9w0BAQsFAAOC
AQEAd9iuBRbMZ1/4ZPwqbXboJSGPhkL8h50RoPLarlNcqIFOrwwgDiNzlpbGOGzq
D9VbDXHEzd2iXskjXUHLvIRmbSZtBSn3fLFYFza4atHBwcD9Vb7yhIzf1FDrMJG0
OK6gYS6BU41ipF4BaR3QlZaqQ+4fUhR7PSfYt0XsyyGo8Ar0/ATo2QVD5QJPyY60
B24/Kx4wserLnsHq6WZImotKMLHuFcN9G943vvTaMDl5QdiajSQuBEDUWt023gwu
5H3FcdrD/E6dBdUzu5ByLFFBx93Aq0rGWhGiSspsKzORSl2QLYJTNejsAEsvOiXp
5o/Nd4bwGmMg4NOUsH/YgwFQ3Q==
-----END CERTIFICATE-----
Generated at Sun Jun 16 12:01:24 2024 by rpki-client on console-fra.rpki-client.org