Route Origin Authorization

$ rpki-client -vvf rpki.nellicus.net/repo/nellicus/1/326130613a663034303a3a2f32392d3239203d3e203631393631.roa
File:                     326130613a663034303a3a2f32392d3239203d3e203631393631.roa (raw, json)
Hash identifier:          n9oD82N/Oc74KjefJWuXbdniXyTRuYdzVFV6P1uLFxM=
Subject key identifier:   04:7E:E0:C4:2E:FF:C5:F2:53:F5:DE:FF:83:F6:FE:B0:E9:00:27:F8
Certificate issuer:       /CN=4e9a6c18f349b395c31c33bb7f9b9f5817bde9a8
Certificate serial:       0456CB2A172B330C8883EA5D84C51E576F00E59B
Authority key identifier: 4E:9A:6C:18:F3:49:B3:95:C3:1C:33:BB:7F:9B:9F:58:17:BD:E9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TppsGPNJs5XDHDO7f5ufWBe96ag.cer
Subject info access:      rsync://rpki.nellicus.net/repo/nellicus/1/326130613a663034303a3a2f32392d3239203d3e203631393631.roa
Signing time:             Mon 30 Dec 2024 07:27:45 +0000
ROA not before:           Mon 30 Dec 2024 07:22:45 +0000
ROA not after:            Mon 29 Dec 2025 07:27:45 +0000
asID:                     61961
IP address blocks:        2a0a:f040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.nellicus.net/repo/nellicus/1/4E9A6C18F349B395C31C33BB7F9B9F5817BDE9A8.crl
                          rsync://rpki.nellicus.net/repo/nellicus/1/4E9A6C18F349B395C31C33BB7F9B9F5817BDE9A8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TppsGPNJs5XDHDO7f5ufWBe96ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 22:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:56:cb:2a:17:2b:33:0c:88:83:ea:5d:84:c5:1e:57:6f:00:e5:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9a6c18f349b395c31c33bb7f9b9f5817bde9a8
        Validity
            Not Before: Dec 30 07:22:45 2024 GMT
            Not After : Dec 29 07:27:45 2025 GMT
        Subject: CN=047EE0C42EFFC5F253F5DEFF83F6FEB0E90027F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a2:59:94:15:07:bc:04:8f:96:75:38:01:47:
                    61:9d:63:4d:58:88:65:77:d8:a1:e3:a2:67:d2:ed:
                    80:ed:6c:33:e3:4f:85:0f:54:e1:be:c6:4c:2d:03:
                    01:4a:d4:fe:85:d6:4b:4d:a4:c3:64:9b:2c:55:94:
                    dc:b3:cc:03:54:f7:30:a1:ba:f3:9f:df:57:88:9f:
                    b9:e6:18:b7:e4:41:12:54:c0:a0:64:f6:f6:0a:e2:
                    12:58:f3:1e:1d:e5:2d:ef:0d:60:b4:99:23:96:be:
                    84:e7:d1:08:1e:ad:5a:e9:1d:e9:28:e8:79:6e:83:
                    28:d9:9c:da:9f:ce:39:9b:d4:da:df:6c:52:30:8c:
                    57:cf:ca:a2:6b:ba:48:69:aa:0d:99:a0:6d:03:ee:
                    51:ca:b1:e8:a0:34:16:40:00:94:cf:a0:e5:98:cf:
                    f9:9a:af:d3:dd:0a:5a:c8:70:7f:9a:9b:31:8a:a8:
                    7e:03:f5:16:1b:44:26:15:4f:e8:b7:80:dd:7a:58:
                    91:b7:b4:96:41:58:89:5f:7f:cd:21:8c:c4:b3:b8:
                    96:20:ae:5a:26:5a:68:00:68:65:8c:32:4b:9c:ca:
                    94:d0:c5:72:53:3b:c8:f3:80:9d:2c:48:92:37:12:
                    7a:90:8d:d5:80:d3:fe:7a:f0:fa:9e:9b:cf:e9:35:
                    ab:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:7E:E0:C4:2E:FF:C5:F2:53:F5:DE:FF:83:F6:FE:B0:E9:00:27:F8
            X509v3 Authority Key Identifier:
                keyid:4E:9A:6C:18:F3:49:B3:95:C3:1C:33:BB:7F:9B:9F:58:17:BD:E9:A8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.nellicus.net/repo/nellicus/1/4E9A6C18F349B395C31C33BB7F9B9F5817BDE9A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TppsGPNJs5XDHDO7f5ufWBe96ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.nellicus.net/repo/nellicus/1/326130613a663034303a3a2f32392d3239203d3e203631393631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:f040::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:36:04:42:40:5f:86:81:a8:85:77:39:e6:e0:73:59:99:f1:
         9d:a3:64:d4:4b:7a:54:ae:9e:7e:f3:70:89:f0:27:d7:8d:e3:
         2a:bf:75:b6:b6:0c:8c:00:52:cf:7e:c6:cb:58:7b:0d:87:d0:
         89:24:eb:ef:50:c4:b3:68:11:19:51:d4:66:9f:d4:ab:0a:b1:
         19:f5:d8:2c:36:e5:1c:8f:7c:e2:9c:bc:34:93:00:f0:5b:31:
         90:b3:f4:05:d1:f3:ea:1a:c7:24:1c:89:d8:24:f5:86:20:74:
         55:8c:da:62:12:d7:c5:a0:14:e1:37:96:9f:14:d2:97:f0:a7:
         78:0b:ec:cf:7d:71:2f:06:ef:dc:9d:15:75:ad:f7:fa:73:40:
         0f:0d:13:92:3c:03:9e:c8:73:6d:86:50:8b:7a:fc:9d:cc:6f:
         87:0b:72:0a:10:99:db:36:31:b7:3d:69:c2:ce:1d:19:01:24:
         33:1b:21:08:1c:88:01:d3:d5:22:52:c0:39:4c:5b:ca:d7:90:
         db:b6:60:21:2e:8d:ab:84:3e:d8:fc:b6:55:95:51:22:0c:4d:
         8e:d8:07:bc:e6:af:90:8c:90:c7:24:37:ce:b0:3d:00:05:0a:
         3b:62:a6:14:83:ca:f6:d9:bb:ef:7f:e6:58:c1:85:84:09:ac:
         31:8c:3e:7c
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIUBFbLKhcrMwyIg+pdhMUeV28A5ZswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5YTZjMThmMzQ5YjM5NWMzMWMzM2JiN2Y5YjlmNTgx
N2JkZTlhODAeFw0yNDEyMzAwNzIyNDVaFw0yNTEyMjkwNzI3NDVaMDMxMTAvBgNV
BAMTKDA0N0VFMEM0MkVGRkM1RjI1M0Y1REVGRjgzRjZGRUIwRTkwMDI3RjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbolmUFQe8BI+WdTgBR2GdY01Y
iGV32KHjomfS7YDtbDPjT4UPVOG+xkwtAwFK1P6F1ktNpMNkmyxVlNyzzANU9zCh
uvOf31eIn7nmGLfkQRJUwKBk9vYK4hJY8x4d5S3vDWC0mSOWvoTn0QgerVrpHeko
6HlugyjZnNqfzjmb1NrfbFIwjFfPyqJrukhpqg2ZoG0D7lHKseigNBZAAJTPoOWY
z/mar9PdClrIcH+amzGKqH4D9RYbRCYVT+i3gN16WJG3tJZBWIlff80hjMSzuJYg
rlomWmgAaGWMMkucypTQxXJTO8jzgJ0sSJI3EnqQjdWA0/568Pqem8/pNatbAgMB
AAGjggHfMIIB2zAdBgNVHQ4EFgQUBH7gxC7/xfJT9d7/g/b+sOkAJ/gwHwYDVR0j
BBgwFoAUTppsGPNJs5XDHDO7f5ufWBe96agwDgYDVR0PAQH/BAQDAgeAMGcGA1Ud
HwRgMF4wXKBaoFiGVnJzeW5jOi8vcnBraS5uZWxsaWN1cy5uZXQvcmVwby9uZWxs
aWN1cy8xLzRFOUE2QzE4RjM0OUIzOTVDMzFDMzNCQjdGOUI5RjU4MTdCREU5QTgu
Y3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJp
cGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9UcHBzR1BOSnM1WERIRE83ZjV1ZldC
ZTk2YWcuY2VyMH4GCCsGAQUFBwELBHIwcDBuBggrBgEFBQcwC4ZicnN5bmM6Ly9y
cGtpLm5lbGxpY3VzLm5ldC9yZXBvL25lbGxpY3VzLzEvMzI2MTMwNjEzYTY2MzAz
NDMwM2EzYTJmMzIzOTJkMzIzOTIwM2QzZTIwMzYzMTM5MzYzMS5yb2EwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMF
AyoK8EAwDQYJKoZIhvcNAQELBQADggEBAE42BEJAX4aBqIV3Oebgc1mZ8Z2jZNRL
elSunn7zcInwJ9eN4yq/dba2DIwAUs9+xstYew2H0Ikk6+9QxLNoERlR1Gaf1KsK
sRn12Cw25RyPfOKcvDSTAPBbMZCz9AXR8+oaxyQcidgk9YYgdFWM2mIS18WgFOE3
lp8U0pfwp3gL7M99cS8G79ydFXWt9/pzQA8NE5I8A57Ic22GUIt6/J3Mb4cLcgoQ
mds2Mbc9acLOHRkBJDMbIQgciAHT1SJSwDlMW8rXkNu2YCEujauEPtj8tlWVUSIM
TY7YB7zmr5CMkMckN86wPQAFCjtiphSDyvbZu+9/5ljBhYQJrDGMPnw=
-----END CERTIFICATE-----