Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/lAJYjaBk3A88Ozw-b24ZhqzRcTM.roa
File:                     lAJYjaBk3A88Ozw-b24ZhqzRcTM.roa (raw, json)
Hash identifier:          +q/S/ai9XBgRP0tOq6i2EM/Jxe/3vSHGQrDsrh7Gcqc=
Subject key identifier:   94:02:58:8D:A0:64:DC:0F:3C:3B:3C:3E:6F:6E:19:86:AC:D1:71:33
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8E4F53349CC5281421B0D8291955F
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/lAJYjaBk3A88Ozw-b24ZhqzRcTM.roa
Signing time:             Mon 01 Jan 2024 20:30:55 +0000
ROA not before:           Mon 01 Jan 2024 20:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202776
IP address blocks:        2a0c:9a40:8c30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e4:f5:33:49:cc:52:81:42:1b:0d:82:91:95:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9402588da064dc0f3c3b3c3e6f6e1986acd17133
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:22:96:95:53:47:a3:4f:31:89:d7:29:bb:7c:
                    55:2e:82:7e:5d:67:94:23:ee:79:2d:d8:9a:a8:d5:
                    93:ae:db:5a:47:81:93:c7:f9:9c:64:4f:0e:ca:ec:
                    cc:60:ee:bf:df:18:87:d6:b9:89:09:c9:6f:26:c8:
                    14:92:e5:01:a7:a2:ad:ef:16:0d:9f:be:35:f6:f6:
                    b7:aa:e6:a0:6a:cb:cf:e2:86:21:ef:b5:ac:65:c1:
                    80:2b:43:da:ea:31:59:e9:7f:94:39:fc:58:f7:0a:
                    2d:7f:39:66:56:de:7b:3f:55:40:46:76:4e:97:25:
                    3c:6c:bd:22:5a:1e:13:1f:f9:f2:f7:f8:a1:b4:89:
                    b1:e4:2b:ed:45:ed:24:55:cf:44:b9:9c:c8:e3:ff:
                    ca:41:2c:2c:0f:09:ba:04:d9:8d:df:8e:84:0b:25:
                    b0:c9:91:3f:e1:b3:c2:c4:f7:b0:97:34:f2:43:cc:
                    60:6c:32:6f:a1:fc:17:1c:33:c5:df:b7:ec:1d:4c:
                    d5:4b:22:16:bb:f4:43:38:34:c0:54:47:06:11:8e:
                    e9:73:a5:87:40:24:9f:dd:e3:4f:12:a6:95:5e:d3:
                    17:40:94:a6:75:4d:49:02:2c:09:5a:48:a8:4b:16:
                    ef:87:8d:ec:57:94:be:81:98:6e:63:27:25:fe:4d:
                    97:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:02:58:8D:A0:64:DC:0F:3C:3B:3C:3E:6F:6E:19:86:AC:D1:71:33
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/lAJYjaBk3A88Ozw-b24ZhqzRcTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8c30::/48

    Signature Algorithm: sha256WithRSAEncryption
         cd:75:57:35:9d:63:fa:d7:ec:0e:ee:e5:b0:e2:8e:68:ea:ba:
         f2:b4:76:dc:91:a2:b9:bb:29:89:b7:70:09:d5:75:93:e3:62:
         59:8a:45:69:37:d1:c2:48:ac:d9:d4:e2:5c:33:2d:c5:27:94:
         bf:e1:d9:ef:f1:0e:ce:a0:4e:a0:6f:2e:a8:f9:bc:30:0f:e3:
         61:ff:8a:c8:c9:8b:22:e8:44:5a:7d:ef:45:84:c2:f0:14:63:
         7f:71:e2:d9:a8:f5:d3:bf:24:81:7a:b9:b6:30:8e:29:de:46:
         62:57:f9:1a:34:e3:82:06:b3:d9:6e:6f:10:b9:39:b2:42:4c:
         05:d9:7a:83:2a:a9:0e:c7:00:bf:a5:fd:9e:e1:ab:c5:79:2e:
         21:91:d1:40:95:27:8f:ee:b7:a4:ae:6a:31:1b:c7:90:8e:fa:
         f7:00:3c:a3:94:1d:ea:bd:17:b7:c2:4e:9e:ac:44:70:65:b7:
         1b:7b:dc:e2:1e:f4:3b:fe:29:40:fb:84:59:3c:17:1c:9c:60:
         e7:09:fb:bb:b9:cd:de:ac:23:2f:81:4d:e0:44:77:a4:79:bd:
         92:8c:27:a1:0b:ae:7a:2a:59:93:d0:7e:29:3c:a3:51:d7:02:
         9c:1a:1a:0b:d0:a5:28:c7:fa:a7:4d:11:6d:5c:89:19:dc:bb:
         1e:45:dc:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOT1M0nMUoFCGw2CkZVfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDAyNTg4ZGEwNjRkYzBmM2MzYjNjM2U2ZjZlMTk4NmFjZDE3MTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCKWlVNHo08xidcpu3xVLoJ+XWeU
I+55LdiaqNWTrttaR4GTx/mcZE8OyuzMYO6/3xiH1rmJCclvJsgUkuUBp6Kt7xYN
n7419va3quagasvP4oYh77WsZcGAK0Pa6jFZ6X+UOfxY9wotfzlmVt57P1VARnZO
lyU8bL0iWh4TH/ny9/ihtImx5CvtRe0kVc9EuZzI4//KQSwsDwm6BNmN346ECyWw
yZE/4bPCxPewlzTyQ8xgbDJvofwXHDPF37fsHUzVSyIWu/RDODTAVEcGEY7pc6WH
QCSf3eNPEqaVXtMXQJSmdU1JAiwJWkioSxbvh43sV5S+gZhuYycl/k2XUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJQCWI2gZNwPPDs8Pm9uGYas0XEzMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvbEFKWWphQmszQTg4T3p3LWIyNFpocXpSY1RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIww
MA0GCSqGSIb3DQEBCwUAA4IBAQDNdVc1nWP61+wO7uWw4o5o6rrytHbckaK5uymJ
t3AJ1XWT42JZikVpN9HCSKzZ1OJcMy3FJ5S/4dnv8Q7OoE6gby6o+bwwD+Nh/4rI
yYsi6ERafe9FhMLwFGN/ceLZqPXTvySBerm2MI4p3kZiV/kaNOOCBrPZbm8QuTmy
QkwF2XqDKqkOxwC/pf2e4avFeS4hkdFAlSeP7rekrmoxG8eQjvr3ADyjlB3qvRe3
wk6erERwZbcbe9ziHvQ7/ilA+4RZPBccnGDnCfu7uc3erCMvgU3gRHekeb2SjCeh
C656KlmT0H4pPKNR1wKcGhoL0KUox/qnTRFtXIkZ3LseRdx9
-----END CERTIFICATE-----
Generated at Thu Nov 21 22:41:17 2024 by rpki-client on console-fra.rpki-client.org