Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/T2ZAsB5RsEAk3n6yNGK70imfg3E.roa
File:                     T2ZAsB5RsEAk3n6yNGK70imfg3E.roa (raw, json)
Hash identifier:          M/yO1E3Cl+hDagPGTGWXoQ2xp16h+CeEh/sKpcRkJto=
Subject key identifier:   4F:66:40:B0:1E:51:B0:40:24:DE:7E:B2:34:62:BB:D2:29:9F:83:71
Certificate issuer:       /CN=f360540925dbcb1a09fb65f3b29003d68f23de6b
Certificate serial:       018CC3B676AC1438AC3F70165A501F5F170D
Authority key identifier: F3:60:54:09:25:DB:CB:1A:09:FB:65:F3:B2:90:03:D6:8F:23:DE:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/82BUCSXbyxoJ-2XzspAD1o8j3ms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/T2ZAsB5RsEAk3n6yNGK70imfg3E.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.169.81.0/24 maxlen: 24
                          185.169.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/82BUCSXbyxoJ-2XzspAD1o8j3ms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/82BUCSXbyxoJ-2XzspAD1o8j3ms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/82BUCSXbyxoJ-2XzspAD1o8j3ms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:76:ac:14:38:ac:3f:70:16:5a:50:1f:5f:17:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f360540925dbcb1a09fb65f3b29003d68f23de6b
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f6640b01e51b04024de7eb23462bbd2299f8371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e1:94:71:2b:a3:d3:91:f9:7f:38:ad:b4:0a:
                    8c:4f:0d:39:23:70:7e:6a:a6:91:64:3e:9e:19:71:
                    dc:e8:bf:c1:db:8d:3d:23:08:18:e6:1d:3f:17:3f:
                    30:9c:d2:bd:66:cb:05:28:38:fb:7a:7b:d1:5a:64:
                    fd:63:87:2f:b5:4b:ec:b3:64:81:cd:77:a0:aa:03:
                    38:56:1a:48:9c:a7:78:80:e5:2b:2d:7e:fc:46:9c:
                    9a:02:d0:7d:d9:f8:3f:f5:91:e4:b6:8e:9d:4c:29:
                    ec:5c:42:91:79:7e:22:0b:bd:34:d4:8e:e4:8c:09:
                    eb:eb:2f:1b:72:87:9d:98:ae:60:e1:c8:55:66:43:
                    f2:fd:d0:35:4a:1b:2d:33:3f:b9:da:76:19:18:98:
                    21:c5:0d:df:fb:22:a6:c5:9f:87:f7:1d:60:85:26:
                    2f:01:1f:25:d6:7a:63:c5:84:8c:51:64:bf:31:f0:
                    24:af:a1:30:e5:3f:e0:e0:9c:ab:2e:0a:97:de:28:
                    81:d2:6a:06:6c:ca:52:38:c6:f4:7b:63:56:37:1b:
                    97:4f:a9:a5:a4:17:59:0d:e6:f0:0d:cf:4d:94:f7:
                    f3:a5:af:cc:e4:d7:c7:7e:1d:48:59:50:2b:69:12:
                    bc:41:df:cd:7a:29:5d:0c:be:d7:f0:05:2e:57:ea:
                    ad:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:66:40:B0:1E:51:B0:40:24:DE:7E:B2:34:62:BB:D2:29:9F:83:71
            X509v3 Authority Key Identifier:
                keyid:F3:60:54:09:25:DB:CB:1A:09:FB:65:F3:B2:90:03:D6:8F:23:DE:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/82BUCSXbyxoJ-2XzspAD1o8j3ms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/T2ZAsB5RsEAk3n6yNGK70imfg3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/82BUCSXbyxoJ-2XzspAD1o8j3ms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:70:30:70:7f:3a:a7:c4:e6:b5:42:6a:24:98:ff:ed:b3:38:
         09:ea:db:08:e1:69:06:df:d7:57:15:d1:39:d9:a0:81:ca:76:
         e2:82:24:85:83:ee:79:6e:36:bd:39:7a:03:2a:7f:41:4e:5e:
         2e:51:80:a9:6a:78:8a:a9:ed:5e:ec:69:21:46:7b:64:55:f4:
         d9:db:7f:0f:de:94:cc:73:f2:2a:5f:d0:3b:f4:9f:89:3f:e7:
         8f:72:37:f2:c3:0a:5e:8f:6f:e5:b4:b2:28:c6:67:f1:1e:02:
         7c:8d:d2:85:b6:ee:3b:cf:0f:a0:b2:d8:bc:4e:b3:6f:b6:47:
         bd:40:9d:49:f6:b3:be:c5:4b:62:fc:29:13:6f:c9:4c:8e:52:
         c2:e2:77:5c:1b:5a:a2:4a:2e:b7:52:c2:8f:bf:5e:01:a5:bf:
         21:1b:55:f8:5c:03:02:1e:bf:61:e9:d8:e9:65:bf:74:61:3f:
         b6:3a:5d:2a:6c:c3:01:78:d4:70:ee:15:c6:e8:7a:dc:1e:7e:
         f1:a1:86:e9:c7:8f:3a:a1:e2:b3:6d:bc:c5:7e:35:d7:23:28:
         15:c8:3a:ae:89:ea:1e:6b:ce:14:a1:6e:80:b2:c8:60:68:01:
         a5:1d:60:e0:75:6b:0d:b9:03:85:bd:b5:aa:a9:2f:c8:6f:62:
         07:91:30:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnasFDisP3AWWlAfXxcNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNjA1NDA5MjVkYmNiMWEwOWZiNjVmM2IyOTAwM2Q2OGYy
M2RlNmIwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjY2NDBiMDFlNTFiMDQwMjRkZTdlYjIzNDYyYmJkMjI5OWY4MzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+GUcSuj05H5fzittAqMTw05I3B+
aqaRZD6eGXHc6L/B2409IwgY5h0/Fz8wnNK9ZssFKDj7envRWmT9Y4cvtUvss2SB
zXegqgM4VhpInKd4gOUrLX78RpyaAtB92fg/9ZHkto6dTCnsXEKReX4iC7001I7k
jAnr6y8bcoedmK5g4chVZkPy/dA1ShstMz+52nYZGJghxQ3f+yKmxZ+H9x1ghSYv
AR8l1npjxYSMUWS/MfAkr6Ew5T/g4JyrLgqX3iiB0moGbMpSOMb0e2NWNxuXT6ml
pBdZDebwDc9NlPfzpa/M5NfHfh1IWVAraRK8Qd/NeildDL7X8AUuV+qtDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9mQLAeUbBAJN5+sjRiu9Ipn4NxMB8GA1UdIwQY
MBaAFPNgVAkl28saCftl87KQA9aPI95rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODJCVUNTWGJ5eG9KLTJYenNwQUQxbzhqM21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy80ZGFlN2YtYmEwZS00Mjc3LTllOTIt
YjRmMDA3ZWY3ZTg2LzEvVDJaQXNCNVJzRUFrM242eU5HSzcwaW1mZzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy80ZGFlN2YtYmEwZS00Mjc3LTllOTItYjRmMDA3ZWY3ZTg2
LzEvODJCVUNTWGJ5eG9KLTJYenNwQUQxbzhqM21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBualQMA0G
CSqGSIb3DQEBCwUAA4IBAQAbcDBwfzqnxOa1QmokmP/tszgJ6tsI4WkG39dXFdE5
2aCBynbigiSFg+55bja9OXoDKn9BTl4uUYCpaniKqe1e7GkhRntkVfTZ238P3pTM
c/IqX9A79J+JP+ePcjfywwpej2/ltLIoxmfxHgJ8jdKFtu47zw+gsti8TrNvtke9
QJ1J9rO+xUti/CkTb8lMjlLC4ndcG1qiSi63UsKPv14Bpb8hG1X4XAMCHr9h6djp
Zb90YT+2Ol0qbMMBeNRw7hXG6HrcHn7xoYbpx486oeKzbbzFfjXXIygVyDquieoe
a84UoW6AsshgaAGlHWDgdWsNuQOFvbWqqS/Ib2IHkTAZ
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:42:31 2024 by rpki-client on console-ams.rpki-client.org