Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/DEFLWBF6ji3ZQs6knKJj_ScPyU8.roa
File:                     DEFLWBF6ji3ZQs6knKJj_ScPyU8.roa (raw, json)
Hash identifier:          ARFfcdlfYrcowJ6rXhld+Gt21JxlLe/C3Z5jMnQ9HTE=
Subject key identifier:   0C:41:4B:58:11:7A:8E:2D:D9:42:CE:A4:9C:A2:63:FD:27:0F:C9:4F
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E32CF404F0315410FEAD12E397AC
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/DEFLWBF6ji3ZQs6knKJj_ScPyU8.roa
Signing time:             Mon 01 Jan 2024 20:30:54 +0000
ROA not before:           Mon 01 Jan 2024 20:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200965
IP address blocks:        2a0c:9a40:8160::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e3:2c:f4:04:f0:31:54:10:fe:ad:12:e3:97:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c414b58117a8e2dd942cea49ca263fd270fc94f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:22:1f:50:8f:bf:62:21:d2:3e:ee:36:c6:cb:
                    81:74:e7:0e:4f:d5:fc:7e:49:88:50:bc:96:2d:05:
                    0a:96:81:42:bd:70:6d:57:b5:37:0e:45:40:c9:a0:
                    99:ed:c2:3c:b9:01:aa:30:cc:81:79:fa:7e:3c:d9:
                    6f:50:4b:c8:6f:30:93:74:8b:40:75:d9:ab:ba:b8:
                    a0:68:fe:35:8e:5e:ed:dc:27:28:e0:31:1d:89:ab:
                    3f:ac:25:86:57:50:5c:2b:1c:b0:8e:4b:f1:d2:0c:
                    0c:51:2e:10:cd:29:ba:7d:af:bf:62:3f:89:0d:be:
                    0c:66:a2:b1:df:21:c4:f9:d1:79:22:5c:5f:14:3d:
                    2c:3e:91:0e:5f:0e:60:31:77:cc:6e:95:ed:74:46:
                    2a:70:e6:5f:6d:36:91:a1:d3:35:ad:c5:11:83:a6:
                    fd:b8:f4:f1:e4:ae:cb:a0:8f:e7:1e:26:a4:05:f7:
                    de:78:50:d0:5a:45:1b:1b:47:3e:a2:8f:e0:8c:f2:
                    69:de:45:4a:79:84:95:87:d9:1e:48:ce:de:86:23:
                    99:67:c8:d5:3d:d3:c3:21:66:f3:86:dc:53:cb:36:
                    67:01:c8:3d:43:a3:a9:2e:88:75:a1:61:e2:87:61:
                    7c:98:2f:92:18:da:86:28:4e:7a:47:b6:8d:b3:64:
                    f3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:41:4B:58:11:7A:8E:2D:D9:42:CE:A4:9C:A2:63:FD:27:0F:C9:4F
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/DEFLWBF6ji3ZQs6knKJj_ScPyU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8160::/44

    Signature Algorithm: sha256WithRSAEncryption
         2e:83:34:53:3e:cc:ad:e6:6b:d7:98:b6:37:82:7f:88:17:f1:
         fa:b1:3d:14:3e:02:a2:cb:f6:f6:30:6d:f6:d2:f8:d8:ef:3c:
         1b:18:e4:6c:9e:d7:ec:51:2d:c9:ef:63:f0:54:64:ef:69:5f:
         f1:03:98:85:6b:41:50:bc:78:04:b2:16:eb:0c:69:ef:67:7d:
         b5:25:f2:7f:59:b9:8a:1d:d3:d5:ff:1f:9a:51:50:ee:4f:45:
         75:b8:2e:65:dc:37:3d:38:07:71:7b:65:3c:8d:bb:d6:ff:e2:
         40:91:9d:a2:8f:67:8a:42:82:3a:eb:13:62:e3:7a:4f:a8:90:
         5f:8a:0d:ce:e4:cf:a3:20:4e:ed:38:fd:43:5a:5a:b2:97:2f:
         a3:3d:32:43:ce:2d:9a:a1:35:57:26:37:a2:30:c6:a3:2d:1c:
         04:4f:d7:15:98:aa:ae:bc:52:da:47:72:a8:36:19:93:75:07:
         03:5c:85:ad:e5:f8:a1:75:11:f4:9c:28:f8:0b:d2:9a:9e:e5:
         76:28:15:42:b6:05:85:f2:18:16:5e:d2:a3:a0:bf:c7:af:45:
         8c:a5:bb:82:34:ce:38:79:01:0c:a6:55:d4:50:2c:15:52:67:
         91:81:5a:fb:a8:cc:95:07:7f:d9:f4:53:89:fd:da:7a:52:2c:
         a7:ad:b9:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOMs9ATwMVQQ/q0S45esMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzQxNGI1ODExN2E4ZTJkZDk0MmNlYTQ5Y2EyNjNmZDI3MGZjOTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCIfUI+/YiHSPu42xsuBdOcOT9X8
fkmIULyWLQUKloFCvXBtV7U3DkVAyaCZ7cI8uQGqMMyBefp+PNlvUEvIbzCTdItA
ddmrurigaP41jl7t3Cco4DEdias/rCWGV1BcKxywjkvx0gwMUS4QzSm6fa+/Yj+J
Db4MZqKx3yHE+dF5IlxfFD0sPpEOXw5gMXfMbpXtdEYqcOZfbTaRodM1rcURg6b9
uPTx5K7LoI/nHiakBffeeFDQWkUbG0c+oo/gjPJp3kVKeYSVh9keSM7ehiOZZ8jV
PdPDIWbzhtxTyzZnAcg9Q6OpLoh1oWHih2F8mC+SGNqGKE56R7aNs2TzBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAxBS1gReo4t2ULOpJyiY/0nD8lPMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvREVGTFdCRjZqaTNaUXM2a25LSmpfU2NQeVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIFg
MA0GCSqGSIb3DQEBCwUAA4IBAQAugzRTPsyt5mvXmLY3gn+IF/H6sT0UPgKiy/b2
MG320vjY7zwbGORsntfsUS3J72PwVGTvaV/xA5iFa0FQvHgEshbrDGnvZ321JfJ/
WbmKHdPV/x+aUVDuT0V1uC5l3Dc9OAdxe2U8jbvW/+JAkZ2ij2eKQoI66xNi43pP
qJBfig3O5M+jIE7tOP1DWlqyly+jPTJDzi2aoTVXJjeiMMajLRwET9cVmKquvFLa
R3KoNhmTdQcDXIWt5fihdRH0nCj4C9KanuV2KBVCtgWF8hgWXtKjoL/Hr0WMpbuC
NM44eQEMplXUUCwVUmeRgVr7qMyVB3/Z9FOJ/dp6UiynrbmA
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:59:21 2024 by rpki-client on console-ams.rpki-client.org