Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1QSiWuAFV7xsvHdX0RlHij4cvm4.roa
File:                     1QSiWuAFV7xsvHdX0RlHij4cvm4.roa (raw, json)
Hash identifier:          9pieq1koKhnLqgrWIbI1KjyD8GASxCCR9QYk43m5Y+I=
Subject key identifier:   D5:04:A2:5A:E0:05:57:BC:6C:BC:77:57:D1:19:47:8A:3E:1C:BE:6E
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8F589BDCACFF5BDC6A933A3CF83C9
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1QSiWuAFV7xsvHdX0RlHij4cvm4.roa
Signing time:             Mon 01 Jan 2024 20:30:59 +0000
ROA not before:           Mon 01 Jan 2024 20:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213392
IP address blocks:        2a0c:9a40:8040::/43 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f5:89:bd:ca:cf:f5:bd:c6:a9:33:a3:cf:83:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d504a25ae00557bc6cbc7757d119478a3e1cbe6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:e8:56:fc:c8:80:a9:f5:65:cc:30:c5:84:8e:
                    9e:20:1b:f6:e2:7b:6c:85:39:ef:5a:07:66:1b:84:
                    93:cf:d0:0e:fe:cc:3e:3a:35:3c:e9:4d:0d:bc:2e:
                    9d:56:67:de:67:2b:75:4e:5c:43:12:5a:d0:f6:6b:
                    52:89:5a:c9:d5:78:d7:cb:39:2b:b5:ae:28:f3:6b:
                    93:c5:69:45:8c:57:8a:fc:65:31:f1:5d:ec:0d:8e:
                    78:93:01:06:1f:0a:47:14:d8:cb:4e:a2:03:68:ce:
                    7a:1a:41:06:8b:f9:17:b5:7f:5e:92:65:23:a9:28:
                    55:7f:7b:ac:0c:aa:19:7c:01:a9:f7:e9:cd:b2:58:
                    ac:25:7e:1e:f1:58:57:22:5b:9d:46:e8:bc:cc:d5:
                    d8:c5:f3:e6:33:02:fa:27:22:e3:13:10:29:43:b4:
                    92:b0:5c:f0:f5:5b:c5:cc:0a:86:f7:c7:d0:7e:67:
                    de:d9:11:57:15:04:2a:07:bc:7c:b6:89:02:6b:d0:
                    b3:d1:dc:c2:ad:7a:8c:71:b0:29:48:f3:ff:ee:57:
                    ce:fd:2d:ab:96:76:23:75:ee:fe:50:5f:5c:f6:cb:
                    2d:c4:b3:78:eb:76:3d:c0:75:90:cf:c9:eb:a1:98:
                    47:41:93:53:f6:71:b8:6a:64:2a:5e:ea:f3:71:82:
                    c0:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:04:A2:5A:E0:05:57:BC:6C:BC:77:57:D1:19:47:8A:3E:1C:BE:6E
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/1QSiWuAFV7xsvHdX0RlHij4cvm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8040::/43

    Signature Algorithm: sha256WithRSAEncryption
         3f:10:05:74:ac:1a:aa:01:0c:07:d4:f1:15:42:3f:32:24:46:
         51:c0:45:a5:53:41:fb:df:43:f0:02:89:a2:ed:a7:d5:f8:cc:
         e0:4f:51:78:00:61:87:af:a0:38:e8:b8:72:c4:10:09:0b:60:
         16:a5:7a:06:82:c5:12:97:78:05:49:9b:74:64:e6:0d:c4:59:
         c6:e8:7b:12:fc:2f:1e:6a:00:39:a3:44:d5:e3:2a:c7:9a:13:
         c6:ef:a7:17:1b:11:1e:d5:fd:c5:30:4d:4a:8d:1d:3a:82:62:
         37:81:ee:95:2f:ff:93:90:cd:1a:50:d2:2b:98:a9:60:e6:b6:
         00:85:9c:97:94:82:1e:5c:81:33:c5:9d:a6:f4:1f:05:2e:08:
         e1:d3:f1:e6:c5:f1:15:66:ec:53:a6:a2:f0:8b:51:34:8e:94:
         40:09:12:07:d3:64:21:39:2f:19:2f:9c:6c:7d:09:d4:90:a0:
         21:8c:96:e1:53:1a:b1:43:de:22:28:cd:49:0a:49:15:62:46:
         19:28:f4:61:3c:63:12:38:ae:df:d8:da:12:28:08:54:ac:d8:
         5a:a5:4d:a5:76:4c:51:43:8b:17:f5:fe:10:ac:a4:bd:05:b2:
         11:4b:cf:43:74:54:c9:0c:bc:1e:76:b3:d1:a1:fa:9d:40:d6:
         e5:12:dc:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuPWJvcrP9b3GqTOjz4PJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTA0YTI1YWUwMDU1N2JjNmNiYzc3NTdkMTE5NDc4YTNlMWNiZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ehW/MiAqfVlzDDFhI6eIBv24nts
hTnvWgdmG4STz9AO/sw+OjU86U0NvC6dVmfeZyt1TlxDElrQ9mtSiVrJ1XjXyzkr
ta4o82uTxWlFjFeK/GUx8V3sDY54kwEGHwpHFNjLTqIDaM56GkEGi/kXtX9ekmUj
qShVf3usDKoZfAGp9+nNslisJX4e8VhXIludRui8zNXYxfPmMwL6JyLjExApQ7SS
sFzw9VvFzAqG98fQfmfe2RFXFQQqB7x8tokCa9Cz0dzCrXqMcbApSPP/7lfO/S2r
lnYjde7+UF9c9sstxLN463Y9wHWQz8nroZhHQZNT9nG4amQqXurzcYLAJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNUEolrgBVe8bLx3V9EZR4o+HL5uMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvMVFTaVd1QUZWN3hzdkhkWDBSbEhpajRjdm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKgyaQIBA
MA0GCSqGSIb3DQEBCwUAA4IBAQA/EAV0rBqqAQwH1PEVQj8yJEZRwEWlU0H730Pw
Aomi7afV+MzgT1F4AGGHr6A46LhyxBAJC2AWpXoGgsUSl3gFSZt0ZOYNxFnG6HsS
/C8eagA5o0TV4yrHmhPG76cXGxEe1f3FME1KjR06gmI3ge6VL/+TkM0aUNIrmKlg
5rYAhZyXlIIeXIEzxZ2m9B8FLgjh0/HmxfEVZuxTpqLwi1E0jpRACRIH02QhOS8Z
L5xsfQnUkKAhjJbhUxqxQ94iKM1JCkkVYkYZKPRhPGMSOK7f2NoSKAhUrNhapU2l
dkxRQ4sX9f4QrKS9BbIRS89DdFTJDLwedrPRofqdQNblEtzn
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:59:21 2024 by rpki-client on console-ams.rpki-client.org