Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/8gQOzkflR8OYuqRX2rf-cz9tkgQ.roa
File:                     8gQOzkflR8OYuqRX2rf-cz9tkgQ.roa (raw, json)
Hash identifier:          YATFjsQdHqbq90uwMyAEhmXP9GgX7s/wSCfT68VZ1Eg=
Subject key identifier:   F2:04:0E:CE:47:E5:47:C3:98:BA:A4:57:DA:B7:FE:73:3F:6D:92:04
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E1CE872F371382F5396F4B655307
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/8gQOzkflR8OYuqRX2rf-cz9tkgQ.roa
Signing time:             Mon 01 Jan 2024 20:30:54 +0000
ROA not before:           Mon 01 Jan 2024 20:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199762
IP address blocks:        2a0c:9a40:9a00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e1:ce:87:2f:37:13:82:f5:39:6f:4b:65:53:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2040ece47e547c398baa457dab7fe733f6d9204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:8e:39:3e:27:4e:08:f2:ab:5f:7f:5a:2f:01:
                    8b:af:21:ae:bb:b8:10:75:05:ac:92:0f:28:51:ba:
                    f6:1d:76:d7:58:4e:7f:ec:10:b8:86:e3:d8:ca:d5:
                    f3:db:e9:a9:ec:10:38:ee:40:0b:09:07:70:d9:4a:
                    ff:e5:45:e5:8f:6f:2a:10:ff:64:2d:8f:51:7a:36:
                    af:c9:36:b6:20:8a:58:b3:cd:e2:0f:5c:bd:06:98:
                    9a:5e:6b:aa:0b:a6:9a:12:14:f7:1b:14:44:0f:ae:
                    22:ad:04:7b:ca:18:c9:2f:e2:56:05:bf:fb:50:76:
                    f3:9f:0b:d1:34:81:7b:77:61:3a:e7:81:a4:7b:f9:
                    b4:00:d7:e7:ed:a9:ed:6b:d6:e7:51:e7:8b:1d:7c:
                    0a:a6:e1:60:d6:1a:77:76:8a:eb:cf:76:80:dc:9a:
                    fd:06:1a:57:25:ec:0e:23:1c:bf:1b:d3:8b:da:8a:
                    70:11:63:7d:95:3a:a6:36:3a:d9:76:04:16:07:77:
                    dc:9f:98:41:03:e3:4f:05:50:8e:4b:f7:f3:f5:87:
                    35:f2:9f:0a:b6:0e:1d:68:10:84:23:28:26:47:96:
                    bc:e0:06:5c:5e:8a:f3:1a:7b:c6:88:0a:d1:8d:8b:
                    af:b3:03:db:22:3e:74:4e:02:97:f6:7c:9b:cf:48:
                    33:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:04:0E:CE:47:E5:47:C3:98:BA:A4:57:DA:B7:FE:73:3F:6D:92:04
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/8gQOzkflR8OYuqRX2rf-cz9tkgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:9a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         c8:75:29:91:24:8c:ae:d6:b9:c1:bc:28:31:8b:96:7c:79:14:
         ed:35:bd:28:c7:e4:ad:31:03:f9:d1:7e:e9:90:b6:7e:bf:87:
         7b:59:90:82:19:95:ee:c7:41:cc:0b:98:70:ec:1e:2d:51:cf:
         c2:5e:c3:71:8a:2f:97:ba:51:d3:3f:db:fc:6d:74:89:ce:d7:
         bd:1d:0c:8b:09:cb:2a:a8:c4:61:d5:6f:e0:1e:93:70:67:7f:
         43:46:cf:d9:84:cd:56:12:d4:b8:2d:bd:d2:2d:d3:9f:4c:12:
         9b:87:37:df:7d:51:e4:91:2a:07:14:3d:69:95:72:3c:7b:5c:
         38:00:6c:9f:79:2c:20:e3:e7:bb:45:8b:b0:7c:70:79:6f:05:
         0a:36:b4:7d:b2:92:49:e8:4c:75:e2:f7:47:65:46:70:2c:83:
         3a:5d:d1:45:64:c6:6b:26:7f:1f:f4:a7:79:e2:f1:02:16:84:
         2a:32:27:f9:55:92:56:aa:49:8e:ff:92:a0:d0:7d:75:f5:3e:
         4a:af:25:6a:30:4b:a7:f9:8c:2d:85:bd:f1:b3:52:9e:9f:5c:
         b5:9c:24:24:75:7b:0e:01:cd:1f:d8:62:0f:90:30:79:cc:56:
         a7:60:53:10:9c:02:4a:bb:fe:43:52:6e:9b:5f:97:db:84:bb:
         6f:2a:84:41
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuOHOhy83E4L1OW9LZVMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjA0MGVjZTQ3ZTU0N2MzOThiYWE0NTdkYWI3ZmU3MzNmNmQ5MjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Y45PidOCPKrX39aLwGLryGuu7gQ
dQWskg8oUbr2HXbXWE5/7BC4huPYytXz2+mp7BA47kALCQdw2Ur/5UXlj28qEP9k
LY9RejavyTa2IIpYs83iD1y9BpiaXmuqC6aaEhT3GxRED64irQR7yhjJL+JWBb/7
UHbznwvRNIF7d2E654Gke/m0ANfn7anta9bnUeeLHXwKpuFg1hp3dorrz3aA3Jr9
BhpXJewOIxy/G9OL2opwEWN9lTqmNjrZdgQWB3fcn5hBA+NPBVCOS/fz9Yc18p8K
tg4daBCEIygmR5a84AZcXorzGnvGiArRjYuvswPbIj50TgKX9nybz0gz6wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPIEDs5H5UfDmLqkV9q3/nM/bZIEMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvOGdRT3prZmxSOE9ZdXFSWDJyZi1jejl0a2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaQJow
DQYJKoZIhvcNAQELBQADggEBAMh1KZEkjK7WucG8KDGLlnx5FO01vSjH5K0xA/nR
fumQtn6/h3tZkIIZle7HQcwLmHDsHi1Rz8Jew3GKL5e6UdM/2/xtdInO170dDIsJ
yyqoxGHVb+Aek3Bnf0NGz9mEzVYS1LgtvdIt059MEpuHN999UeSRKgcUPWmVcjx7
XDgAbJ95LCDj57tFi7B8cHlvBQo2tH2ykknoTHXi90dlRnAsgzpd0UVkxmsmfx/0
p3ni8QIWhCoyJ/lVklaqSY7/kqDQfXX1PkqvJWowS6f5jC2FvfGzUp6fXLWcJCR1
ew4BzR/YYg+QMHnMVqdgUxCcAkq7/kNSbptfl9uEu28qhEE=
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:59:21 2024 by rpki-client on console-ams.rpki-client.org