Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/KLNCRlEExutbS3q1d1kNvhBBXZw.roa
File:                     KLNCRlEExutbS3q1d1kNvhBBXZw.roa (raw, json)
Hash identifier:          xfPtWUxppI6uGXCRj5L0037Vk3Pf60fWa+IekYbygk8=
Subject key identifier:   28:B3:42:46:51:04:C6:EB:5B:4B:7A:B5:77:59:0D:BE:10:41:5D:9C
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8D71BD81AD0011D14612CB796C5CD
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/KLNCRlEExutbS3q1d1kNvhBBXZw.roa
Signing time:             Mon 01 Jan 2024 20:30:51 +0000
ROA not before:           Mon 01 Jan 2024 20:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49367
IP address blocks:        2a0c:9a40:8083::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d7:1b:d8:1a:d0:01:1d:14:61:2c:b7:96:c5:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28b342465104c6eb5b4b7ab577590dbe10415d9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:cb:2b:9d:da:78:49:69:90:08:e4:ea:8a:b8:
                    af:3e:14:68:ca:31:9f:9a:a6:df:1c:6a:dc:c4:5f:
                    b1:fa:a0:5a:64:07:a7:cc:e8:81:f4:39:e6:dc:8a:
                    41:ce:55:41:8e:ef:11:fa:c5:e2:f2:b6:31:5b:4b:
                    be:e1:8c:32:b3:8e:c5:3c:e6:ce:09:4b:91:a6:f9:
                    8d:93:a9:dd:cf:92:04:7c:36:66:47:92:f7:2d:0c:
                    42:5f:97:e7:09:a6:49:13:cd:78:33:bf:97:4a:2f:
                    02:87:4d:3a:7e:7f:2f:6d:7b:4a:ce:31:33:6c:b0:
                    45:fb:40:db:26:44:39:3a:9b:1c:42:89:76:a9:b7:
                    93:d4:e7:d8:d0:f6:b2:40:6d:16:1c:02:e2:90:ac:
                    43:a7:52:41:46:92:e6:89:b0:66:86:d6:14:48:9b:
                    69:2c:9c:15:fd:4c:b1:bc:d4:84:c0:9f:76:0b:d8:
                    54:ea:3a:ed:0e:4d:07:02:c3:9d:66:66:60:b4:b1:
                    3d:ab:6c:5c:db:da:fc:de:0e:5b:e2:fe:d5:06:8e:
                    66:98:45:6f:88:fa:22:0f:84:b6:1b:9d:b9:d8:c6:
                    5d:32:52:78:34:cc:12:19:c1:83:49:1c:73:ff:8a:
                    c1:ca:13:39:76:5a:1a:a9:0d:47:28:94:4b:64:c0:
                    e6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B3:42:46:51:04:C6:EB:5B:4B:7A:B5:77:59:0D:BE:10:41:5D:9C
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/KLNCRlEExutbS3q1d1kNvhBBXZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8083::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:f0:20:06:c0:13:12:96:5a:ae:8c:ec:21:05:57:a5:52:6a:
         2e:50:75:7f:7f:36:54:ba:31:24:82:aa:14:37:23:34:96:c4:
         f6:e5:3b:f4:6f:22:dc:45:ca:ff:9d:b3:76:37:0c:16:00:dd:
         4b:3d:6d:73:f2:2c:4d:1c:ef:c6:28:0d:4b:fa:44:ad:01:c4:
         30:ab:da:27:f6:32:4b:06:34:a3:40:8a:14:c3:bd:77:5f:0c:
         36:b9:9f:85:7e:41:a5:f2:31:3d:a5:56:04:40:ce:74:1a:82:
         0c:e7:74:56:6d:13:a1:2e:be:c9:3a:c1:d1:d8:d1:72:2f:a0:
         d4:8a:95:09:52:5f:46:7b:d8:38:be:c9:95:05:87:45:4c:77:
         cc:30:d6:e1:96:70:cd:03:cd:58:da:bd:58:08:bf:48:ee:70:
         4e:0d:b4:9e:b8:6c:3a:29:f2:56:64:92:0e:9a:10:a7:f2:0a:
         cc:f0:ea:b3:5e:40:cc:cb:5c:10:e6:7b:60:30:15:08:df:0b:
         f7:f2:19:73:35:cb:d4:7a:61:0f:30:52:dc:2c:8e:12:84:cc:
         7f:15:97:d1:da:62:93:35:aa:e6:19:1f:1f:1d:1f:4d:d5:54:
         a4:16:73:77:33:1a:b5:72:85:dd:6b:e4:80:58:4b:af:10:44:
         89:3d:1e:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuNcb2BrQAR0UYSy3lsXNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGIzNDI0NjUxMDRjNmViNWI0YjdhYjU3NzU5MGRiZTEwNDE1ZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8srndp4SWmQCOTqirivPhRoyjGf
mqbfHGrcxF+x+qBaZAenzOiB9Dnm3IpBzlVBju8R+sXi8rYxW0u+4Ywys47FPObO
CUuRpvmNk6ndz5IEfDZmR5L3LQxCX5fnCaZJE814M7+XSi8Ch006fn8vbXtKzjEz
bLBF+0DbJkQ5OpscQol2qbeT1OfY0PayQG0WHALikKxDp1JBRpLmibBmhtYUSJtp
LJwV/UyxvNSEwJ92C9hU6jrtDk0HAsOdZmZgtLE9q2xc29r83g5b4v7VBo5mmEVv
iPoiD4S2G5252MZdMlJ4NMwSGcGDSRxz/4rByhM5dloaqQ1HKJRLZMDmnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCizQkZRBMbrW0t6tXdZDb4QQV2cMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvS0xOQ1JsRUV4dXRiUzNxMWQxa052aEJCWFp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQICD
MA0GCSqGSIb3DQEBCwUAA4IBAQA/8CAGwBMSllqujOwhBVelUmouUHV/fzZUujEk
gqoUNyM0lsT25Tv0byLcRcr/nbN2NwwWAN1LPW1z8ixNHO/GKA1L+kStAcQwq9on
9jJLBjSjQIoUw713Xww2uZ+FfkGl8jE9pVYEQM50GoIM53RWbROhLr7JOsHR2NFy
L6DUipUJUl9Ge9g4vsmVBYdFTHfMMNbhlnDNA81Y2r1YCL9I7nBODbSeuGw6KfJW
ZJIOmhCn8grM8OqzXkDMy1wQ5ntgMBUI3wv38hlzNcvUemEPMFLcLI4ShMx/FZfR
2mKTNarmGR8fHR9N1VSkFnN3Mxq1coXda+SAWEuvEESJPR7r
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:59:22 2024 by rpki-client on console-ams.rpki-client.org