Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/sFpmwJl2tu_NkM_QO0mFbmocjWE.roa
File:                     sFpmwJl2tu_NkM_QO0mFbmocjWE.roa (raw, json)
Hash identifier:          l2R2oh/ARB0Ko9c79RKnsiO+L9WguKKwScC9IIdSdFw=
Subject key identifier:   B0:5A:66:C0:99:76:B6:EF:CD:90:CF:D0:3B:49:85:6E:6A:1C:8D:61
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0191853D25FF4D785417DA5F60F0AA16A202
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/sFpmwJl2tu_NkM_QO0mFbmocjWE.roa
Signing time:             Sat 24 Aug 2024 16:34:22 +0000
ROA not before:           Sat 24 Aug 2024 16:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214376
IP address blocks:        2a0c:9a46:200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:85:3d:25:ff:4d:78:54:17:da:5f:60:f0:aa:16:a2:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Aug 24 16:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b05a66c09976b6efcd90cfd03b49856e6a1c8d61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cb:66:71:ee:54:f4:00:98:67:f3:14:5b:87:
                    b6:b7:e0:db:1c:84:3f:43:12:f5:14:da:33:18:39:
                    0f:e9:ef:14:3f:b4:72:83:eb:37:4e:49:91:99:c8:
                    dd:44:b7:7b:de:97:a5:24:69:e6:94:14:c9:7e:7c:
                    4f:3d:15:e7:7b:ce:73:c3:fa:a0:76:91:2f:fc:bb:
                    af:2b:2f:5d:f9:35:25:e2:ed:eb:61:cd:6c:b2:7f:
                    a1:12:39:16:4c:e8:b0:15:b1:8c:e4:77:01:8d:d4:
                    41:e6:ac:62:ee:e7:ac:16:1f:22:c7:48:08:e7:4a:
                    69:18:4d:73:b7:52:8e:b1:19:d5:51:44:70:48:c5:
                    19:a3:93:af:73:3c:0a:5e:83:8b:e5:9d:ca:b7:3e:
                    13:e9:91:2e:ca:7a:cf:bf:29:a8:e6:6b:95:3a:4c:
                    db:03:a1:16:4a:61:15:57:7c:45:a6:cb:60:e9:c6:
                    14:68:4f:69:00:8d:cb:91:fb:1a:46:1c:4b:67:0d:
                    c6:e2:dd:86:71:eb:17:91:6c:fd:c2:e7:e5:7d:2d:
                    a3:b5:91:9e:7a:3f:01:87:cb:37:1e:3c:97:49:6f:
                    71:23:f7:39:da:29:50:6a:0d:4f:d5:8c:a6:31:f7:
                    06:17:8d:01:11:a7:b3:49:98:3c:d8:a7:09:f9:82:
                    07:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:5A:66:C0:99:76:B6:EF:CD:90:CF:D0:3B:49:85:6E:6A:1C:8D:61
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/sFpmwJl2tu_NkM_QO0mFbmocjWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a46:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         86:f4:0a:74:80:28:32:55:c0:55:0f:1f:8d:da:d4:44:21:8c:
         a5:6d:a9:91:85:fa:47:1f:9a:e1:3b:4b:e1:22:f2:e2:c6:42:
         ff:41:af:6e:e0:7e:8a:05:29:3e:6c:f4:17:0b:fc:eb:b9:95:
         2f:a2:8b:a0:3f:a1:05:ac:5b:23:d0:b6:e6:e3:cf:bd:90:40:
         c1:15:1b:97:4b:df:5b:dd:2f:25:a8:6f:97:0c:58:91:ed:4b:
         bb:d9:81:8b:eb:03:0a:eb:ab:91:b8:29:69:7d:da:de:44:9d:
         63:ca:ac:23:ef:17:c9:dc:91:c7:b1:40:5b:fb:5a:02:da:15:
         b7:93:40:60:2c:45:7b:d8:de:d1:e4:cf:4f:4c:1c:ad:b6:5a:
         96:5a:c9:d6:39:f1:01:c3:d9:43:8a:1f:7f:36:e1:f9:e4:3f:
         00:1f:84:bc:d5:9c:59:15:65:49:be:78:a9:cb:04:a4:e3:34:
         c3:9f:e8:50:07:83:72:67:27:94:89:ac:43:46:8d:f7:cc:a9:
         d8:b3:4e:77:da:99:fd:99:1b:49:d0:a1:41:c0:b3:8c:c6:5f:
         46:ba:b8:bc:db:6f:9e:ef:6b:c6:cf:ef:a2:7e:03:d8:1f:28:
         f2:9f:d2:03:e6:e8:79:d4:91:ab:fc:4d:fa:af:cf:b8:72:42:
         1e:0e:b3:61
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZGFPSX/TXhUF9pfYPCqFqICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwODI0MTYzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDVhNjZjMDk5NzZiNmVmY2Q5MGNmZDAzYjQ5ODU2ZTZhMWM4ZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8tmce5U9ACYZ/MUW4e2t+DbHIQ/
QxL1FNozGDkP6e8UP7Ryg+s3TkmRmcjdRLd73pelJGnmlBTJfnxPPRXne85zw/qg
dpEv/LuvKy9d+TUl4u3rYc1ssn+hEjkWTOiwFbGM5HcBjdRB5qxi7uesFh8ix0gI
50ppGE1zt1KOsRnVUURwSMUZo5OvczwKXoOL5Z3Ktz4T6ZEuynrPvymo5muVOkzb
A6EWSmEVV3xFpstg6cYUaE9pAI3LkfsaRhxLZw3G4t2GcesXkWz9wuflfS2jtZGe
ej8Bh8s3HjyXSW9xI/c52ilQag1P1YymMfcGF40BEaezSZg82KcJ+YIHrQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLBaZsCZdrbvzZDP0DtJhW5qHI1hMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvc0ZwbXdKbDJ0dV9Oa01fUU8wbUZibW9jaldFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgyaRgIw
DQYJKoZIhvcNAQELBQADggEBAIb0CnSAKDJVwFUPH43a1EQhjKVtqZGF+kcfmuE7
S+Ei8uLGQv9Br27gfooFKT5s9BcL/Ou5lS+ii6A/oQWsWyPQtubjz72QQMEVG5dL
31vdLyWob5cMWJHtS7vZgYvrAwrrq5G4KWl92t5EnWPKrCPvF8nckcexQFv7WgLa
FbeTQGAsRXvY3tHkz09MHK22WpZaydY58QHD2UOKH3824fnkPwAfhLzVnFkVZUm+
eKnLBKTjNMOf6FAHg3JnJ5SJrENGjffMqdizTnfamf2ZG0nQoUHAs4zGX0a6uLzb
b57va8bP76J+A9gfKPKf0gPm6HnUkav8Tfqvz7hyQh4Os2E=
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:59:22 2024 by rpki-client on console-ams.rpki-client.org