Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/Nr_TKGVx0V9_SkxJoSrX06iWDcs.roa
File:                     Nr_TKGVx0V9_SkxJoSrX06iWDcs.roa (raw, json)
Hash identifier:          yItth5hRVwon1iJTagof8eybJ/LJdtuccp/luQ2Ec58=
Subject key identifier:   36:BF:D3:28:65:71:D1:5F:7F:4A:4C:49:A1:2A:D7:D3:A8:96:0D:CB
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       018DA1912B68C89B69F8FB3F71B139E9A0F9
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/Nr_TKGVx0V9_SkxJoSrX06iWDcs.roa
Signing time:             Tue 13 Feb 2024 08:24:21 +0000
ROA not before:           Tue 13 Feb 2024 08:24:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49040
IP address blocks:        78.108.244.0/24 maxlen: 24
                          78.108.245.0/24 maxlen: 24
                          78.108.246.0/24 maxlen: 24
                          83.222.160.0/24 maxlen: 24
                          83.222.167.0/24 maxlen: 24
                          83.222.170.0/24 maxlen: 24
                          83.222.172.0/24 maxlen: 24
                          109.160.56.0/24 maxlen: 24
                          109.160.59.0/24 maxlen: 24
                          109.160.85.0/24 maxlen: 24
                          109.160.87.0/24 maxlen: 24
                          109.160.88.0/24 maxlen: 24
                          109.160.89.0/24 maxlen: 24
                          109.160.90.0/24 maxlen: 24
                          109.160.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a1:91:2b:68:c8:9b:69:f8:fb:3f:71:b1:39:e9:a0:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Feb 13 08:24:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36bfd3286571d15f7f4a4c49a12ad7d3a8960dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:13:c6:e9:7c:c9:16:db:26:43:a8:ac:ba:df:
                    0e:90:94:70:fc:77:66:7e:18:02:86:0c:07:8f:18:
                    07:85:64:f4:13:46:8c:b3:5a:44:38:37:da:d6:04:
                    4f:b3:ef:53:32:77:b7:45:5b:c1:19:80:62:67:d6:
                    9d:1d:36:4d:f8:47:d9:34:ac:03:a5:31:58:08:31:
                    80:ef:be:87:0a:e0:10:e8:7f:7b:5c:8e:eb:3b:86:
                    0e:21:d1:e1:ea:45:53:e5:ad:be:f4:43:3c:33:02:
                    69:4c:5a:73:55:ec:07:9c:99:4e:c4:b2:9f:51:94:
                    93:4b:d3:f3:42:7d:f3:dd:71:c6:ec:67:68:b1:16:
                    99:8a:06:5d:70:5f:6c:33:80:e2:61:17:31:b8:82:
                    1c:1c:fd:78:71:14:c6:35:3b:6d:82:b5:c2:e1:4e:
                    77:20:40:82:d4:3b:df:fa:bb:bc:3e:49:17:e9:8a:
                    bc:05:9e:df:d3:7d:bc:98:10:f5:b4:7d:b9:73:0c:
                    b7:61:a2:c3:53:25:01:c5:80:c3:97:ad:a7:e4:14:
                    71:7c:8f:7c:e5:4b:92:5a:f7:78:65:39:bc:5a:18:
                    60:a4:c9:b1:c3:d1:84:20:eb:c7:6b:d9:79:4a:1c:
                    c1:dc:c6:63:e5:ae:01:29:6c:fe:54:59:e4:f5:2c:
                    9a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:BF:D3:28:65:71:D1:5F:7F:4A:4C:49:A1:2A:D7:D3:A8:96:0D:CB
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/Nr_TKGVx0V9_SkxJoSrX06iWDcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.244.0-78.108.246.255
                  83.222.160.0/24
                  83.222.167.0/24
                  83.222.170.0/24
                  83.222.172.0/24
                  109.160.56.0/24
                  109.160.59.0/24
                  109.160.85.0/24
                  109.160.87.0-109.160.91.255

    Signature Algorithm: sha256WithRSAEncryption
         45:14:fd:4e:34:7d:80:04:a7:cc:9c:7a:c2:b4:2e:7d:60:14:
         f2:c3:6d:ab:83:13:94:5b:f1:bb:e4:da:01:1c:14:5d:f3:ca:
         d7:fe:34:88:a6:a2:ba:71:9a:fe:ee:c9:44:03:ff:72:f7:12:
         d0:ff:9f:4a:75:95:b4:4c:99:81:e0:59:48:cb:3f:25:80:92:
         b7:93:03:33:1d:95:aa:81:c9:6c:12:ad:cc:c3:bb:87:55:8e:
         3b:ca:fa:51:34:6e:e1:99:2f:b4:05:55:5f:ab:2c:e7:8d:88:
         99:8f:18:53:0d:dd:f6:c0:34:e8:0a:0d:08:2d:7d:97:9d:72:
         6e:0f:84:7a:45:94:2d:c2:ec:59:97:ee:57:9b:f7:7f:28:55:
         f1:57:9c:05:15:0b:7f:9d:70:4a:65:c7:b6:2b:00:cc:64:8e:
         32:f4:8f:0a:15:53:53:16:6a:b2:d3:ed:d4:49:30:66:ed:45:
         46:3f:ab:67:04:a6:c9:38:f4:df:c1:bf:3a:96:c3:e8:b2:38:
         0f:34:5f:dc:b1:27:ac:87:16:cb:a4:21:4a:6e:49:9f:a3:9c:
         3a:0d:19:a3:ff:08:c4:61:33:c5:8c:e2:a9:75:a8:d2:a9:ea:
         bf:95:ab:63:10:10:4a:b5:7e:0a:0e:12:6c:f0:05:fb:7e:fb:
         69:2f:c8:23
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAY2hkStoyJtp+Ps/cbE56aD5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwMjEzMDgyNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmJmZDMyODY1NzFkMTVmN2Y0YTRjNDlhMTJhZDdkM2E4OTYwZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBPG6XzJFtsmQ6isut8OkJRw/Hdm
fhgChgwHjxgHhWT0E0aMs1pEODfa1gRPs+9TMne3RVvBGYBiZ9adHTZN+EfZNKwD
pTFYCDGA776HCuAQ6H97XI7rO4YOIdHh6kVT5a2+9EM8MwJpTFpzVewHnJlOxLKf
UZSTS9PzQn3z3XHG7GdosRaZigZdcF9sM4DiYRcxuIIcHP14cRTGNTttgrXC4U53
IECC1Dvf+ru8PkkX6Yq8BZ7f0328mBD1tH25cwy3YaLDUyUBxYDDl62n5BRxfI98
5UuSWvd4ZTm8WhhgpMmxw9GEIOvHa9l5ShzB3MZj5a4BKWz+VFnk9SyaswIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDa/0yhlcdFff0pMSaEq19Oolg3LMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvTnJfVEtHVngwVjlfU2t4Sm9TclgwNmlXRGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGMAwDBAJObPQD
BABObPYDBABT3qADBABT3qcDBABT3qoDBABT3qwDBABtoDgDBABtoDsDBABtoFUw
DAMEAG2gVwMEAm2gWDANBgkqhkiG9w0BAQsFAAOCAQEARRT9TjR9gASnzJx6wrQu
fWAU8sNtq4MTlFvxu+TaARwUXfPK1/40iKaiunGa/u7JRAP/cvcS0P+fSnWVtEyZ
geBZSMs/JYCSt5MDMx2VqoHJbBKtzMO7h1WOO8r6UTRu4ZkvtAVVX6ss542ImY8Y
Uw3d9sA06AoNCC19l51ybg+EekWULcLsWZfuV5v3fyhV8VecBRULf51wSmXHtisA
zGSOMvSPChVTUxZqstPt1EkwZu1FRj+rZwSmyTj038G/OpbD6LI4DzRf3LEnrIcW
y6QhSm5Jn6OcOg0Zo/8IxGEzxYziqXWo0qnqv5WrYxAQSrV+Cg4SbPAF+377aS/I
Iw==
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:03:26 2024 by rpki-client on console-fra.rpki-client.org