Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/g8E6nErANNOUu3zFuCImX4OHMFQ.roa
File:                     g8E6nErANNOUu3zFuCImX4OHMFQ.roa (raw, json)
Hash identifier:          Qx+o29Kf/5W5ubysbP+/hceGLSrgaenb+Zcrc0AFyhM=
Subject key identifier:   83:C1:3A:9C:4A:C0:34:D3:94:BB:7C:C5:B8:22:26:5F:83:87:30:54
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8D3103A99E8207C01802D989CEB93
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/g8E6nErANNOUu3zFuCImX4OHMFQ.roa
Signing time:             Mon 01 Jan 2024 20:30:50 +0000
ROA not before:           Mon 01 Jan 2024 20:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32167
IP address blocks:        2a0c:9a40:9d00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d3:10:3a:99:e8:20:7c:01:80:2d:98:9c:eb:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83c13a9c4ac034d394bb7cc5b822265f83873054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ab:08:8d:23:15:12:34:55:78:9d:c0:cc:83:
                    50:96:dd:ec:8e:d2:cc:43:12:69:bf:93:2f:56:79:
                    93:80:e6:86:7c:61:be:96:01:00:b2:f0:7b:2f:77:
                    c6:21:f5:d3:9f:a2:e2:f3:e1:b8:20:0d:58:6a:74:
                    16:cc:74:bd:88:1d:fd:7a:9f:ce:9f:a4:33:56:4f:
                    4a:b8:a9:dd:db:50:a0:9e:c8:a7:8e:41:24:0c:b8:
                    b0:a4:bc:88:7f:e9:03:56:e4:9c:31:37:4d:75:73:
                    1b:43:ef:cc:2a:3b:cc:ec:db:05:55:45:5e:75:38:
                    74:1c:cb:a7:5a:f1:b3:b5:f7:5c:a0:30:44:93:da:
                    f6:35:e5:c7:15:10:e8:23:19:01:52:f8:49:ee:d2:
                    75:fe:cb:28:92:3c:e0:74:55:86:bf:d0:bd:7b:54:
                    38:0b:03:f9:3c:58:71:83:41:e8:d1:b7:88:44:63:
                    93:1e:fd:99:73:12:2e:84:e6:79:05:a6:70:fe:83:
                    1c:49:76:b8:58:4b:e4:9c:e8:ff:5d:37:31:46:bd:
                    9e:2e:07:e5:c2:04:69:c4:26:83:cf:78:71:4a:70:
                    f8:68:49:9b:de:8c:9a:c2:d6:97:33:18:c8:9a:b6:
                    f2:f1:be:4e:dc:90:30:76:e1:80:63:f2:55:15:db:
                    7f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C1:3A:9C:4A:C0:34:D3:94:BB:7C:C5:B8:22:26:5F:83:87:30:54
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/g8E6nErANNOUu3zFuCImX4OHMFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:9d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         7f:d0:36:d3:4b:7f:ce:41:f3:bd:f3:a2:f1:80:c5:d3:b9:56:
         8e:6f:8a:fd:a7:09:23:d7:8d:da:a2:7e:ce:45:46:b0:f9:0d:
         3b:e7:64:b5:af:06:4c:a7:aa:cf:8f:1d:25:04:f1:91:19:b6:
         cc:2d:50:63:9b:18:6b:bf:d3:f8:bd:e7:aa:17:1d:ff:a1:12:
         ed:42:3d:61:27:8b:3e:d8:f3:c2:f9:b1:47:d1:74:e3:c8:19:
         4f:d8:c5:b0:6d:40:37:83:7e:1f:8e:23:f9:b9:d7:42:0a:c8:
         12:2d:e0:68:69:ce:36:1a:6d:ed:b4:b3:8e:f4:6c:7a:d3:30:
         a3:81:75:c4:0e:f0:80:ac:19:aa:f7:fd:4e:fb:51:a0:c1:8b:
         f4:59:67:00:3a:f9:0d:bc:e7:38:f2:eb:34:c4:10:f1:c6:73:
         b0:b2:d0:d5:79:82:6a:81:f8:83:18:c9:c1:cb:97:45:ef:e5:
         c3:56:11:5c:22:2f:8f:0a:8b:25:34:ef:3b:7f:d6:4c:9a:ad:
         76:5d:3b:7d:bc:c5:31:d1:26:08:ab:73:45:91:0a:b3:a6:5f:
         f7:22:08:26:18:7a:5b:be:11:10:d3:d7:a2:b8:c3:a2:e5:2e:
         66:77:fc:ec:96:0b:b1:56:4c:92:62:e2:c6:97:0b:7d:7e:f7:
         54:a1:59:c8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuNMQOpnoIHwBgC2YnOuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2MxM2E5YzRhYzAzNGQzOTRiYjdjYzViODIyMjY1ZjgzODczMDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqsIjSMVEjRVeJ3AzINQlt3sjtLM
QxJpv5MvVnmTgOaGfGG+lgEAsvB7L3fGIfXTn6Li8+G4IA1YanQWzHS9iB39ep/O
n6QzVk9KuKnd21CgnsinjkEkDLiwpLyIf+kDVuScMTdNdXMbQ+/MKjvM7NsFVUVe
dTh0HMunWvGztfdcoDBEk9r2NeXHFRDoIxkBUvhJ7tJ1/ssokjzgdFWGv9C9e1Q4
CwP5PFhxg0Ho0beIRGOTHv2ZcxIuhOZ5BaZw/oMcSXa4WEvknOj/XTcxRr2eLgfl
wgRpxCaDz3hxSnD4aEmb3oyawtaXMxjImrby8b5O3JAwduGAY/JVFdt/GQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIPBOpxKwDTTlLt8xbgiJl+DhzBUMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvZzhFNm5FckFOTk9VdTN6RnVDSW1YNE9ITUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaQJ0w
DQYJKoZIhvcNAQELBQADggEBAH/QNtNLf85B873zovGAxdO5Vo5viv2nCSPXjdqi
fs5FRrD5DTvnZLWvBkynqs+PHSUE8ZEZtswtUGObGGu/0/i956oXHf+hEu1CPWEn
iz7Y88L5sUfRdOPIGU/YxbBtQDeDfh+OI/m510IKyBIt4GhpzjYabe20s470bHrT
MKOBdcQO8ICsGar3/U77UaDBi/RZZwA6+Q285zjy6zTEEPHGc7Cy0NV5gmqB+IMY
ycHLl0Xv5cNWEVwiL48KiyU07zt/1kyarXZdO328xTHRJgirc0WRCrOmX/ciCCYY
elu+ERDT16K4w6LlLmZ3/OyWC7FWTJJi4saXC31+91ShWcg=
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:59:22 2024 by rpki-client on console-ams.rpki-client.org