Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/uCz8msrok_dYOcwkVuYqahElTr4.roa
File:                     uCz8msrok_dYOcwkVuYqahElTr4.roa (raw, json)
Hash identifier:          oDwXkRWNiUp5IkuLlXHrQVd1CRJZEdEMeUi31LjS2F4=
Subject key identifier:   B8:2C:FC:9A:CA:E8:93:F7:58:39:CC:24:56:E6:2A:6A:11:25:4E:BE
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8DA6D2C85FAF5F8938D419ABC87CC
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/uCz8msrok_dYOcwkVuYqahElTr4.roa
Signing time:             Mon 01 Jan 2024 20:30:52 +0000
ROA not before:           Mon 01 Jan 2024 20:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137490
IP address blocks:        2a0e:7d46::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:da:6d:2c:85:fa:f5:f8:93:8d:41:9a:bc:87:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b82cfc9acae893f75839cc2456e62a6a11254ebe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fd:f1:8c:6b:cc:d6:a3:7b:0d:0f:3d:16:3f:
                    a7:f0:c4:fc:c3:c3:c8:be:53:3b:45:28:58:b3:a6:
                    48:f0:c7:df:5e:fe:e1:98:e3:6e:5d:c7:8b:90:2f:
                    9c:8b:20:22:a3:74:0a:14:48:94:ab:50:44:44:78:
                    2c:48:6f:0d:10:f2:b9:d2:de:7b:ec:4f:08:c1:39:
                    b3:1f:14:52:8f:7b:7e:2a:46:c1:b6:97:de:7b:6a:
                    ea:54:fa:02:fe:39:e3:e8:c9:2a:d6:a0:aa:27:57:
                    51:09:0b:3a:f8:c2:61:13:12:4e:fb:f9:cf:d5:8e:
                    10:df:e1:18:66:ae:3d:e3:44:10:05:2b:48:b2:ce:
                    bd:ec:54:1a:7e:5d:da:c1:59:96:d3:b8:49:43:95:
                    e5:a9:1b:da:f5:2a:d3:54:86:5a:67:35:1a:b0:cb:
                    e6:82:1a:1c:28:2e:f4:e0:6a:69:b3:90:66:5d:ac:
                    06:de:37:5e:83:18:17:49:9e:cb:28:a1:a9:e6:00:
                    5f:c9:b9:81:4c:5a:81:a8:f0:49:ad:c8:9b:09:ce:
                    52:f6:73:96:72:19:cd:f4:ea:a6:30:77:8c:73:12:
                    3c:df:9d:3a:e7:81:6d:cf:d0:d6:60:10:ce:21:62:
                    9b:da:d7:bf:94:94:09:1d:03:4f:b7:54:40:28:d1:
                    57:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:2C:FC:9A:CA:E8:93:F7:58:39:CC:24:56:E6:2A:6A:11:25:4E:BE
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/uCz8msrok_dYOcwkVuYqahElTr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7d46::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:c3:1c:0f:ab:31:ac:9a:6e:7f:e5:b7:3e:d2:5a:6b:a9:26:
         07:bf:4c:87:83:fb:bb:bf:2a:19:7b:ef:dd:3f:33:63:a3:7a:
         16:8c:51:1c:18:f9:6c:0e:a7:62:62:84:38:24:fe:3d:1d:a8:
         e0:95:c0:5a:9c:1e:db:79:09:53:91:01:f9:93:11:25:ec:4f:
         15:c8:ff:fa:28:d9:0e:18:81:12:fd:2a:16:0f:ce:55:d6:4d:
         c2:b6:44:24:d8:a0:b6:39:98:2c:30:3d:59:f9:b0:74:80:24:
         c7:d4:a1:e1:6a:97:be:46:7c:6e:44:3d:3a:f7:20:35:26:ce:
         b6:33:bc:8f:83:02:6b:ee:7b:a1:d2:e9:00:9f:e3:7d:12:13:
         8e:84:e4:e9:ff:aa:05:b2:23:9a:c9:83:e3:a3:ea:d3:8b:82:
         61:ab:97:82:8a:5a:33:21:9b:b1:e4:9d:d8:9e:00:39:12:5d:
         f2:85:f1:98:24:b5:12:b9:42:41:27:57:1d:81:10:ed:c8:53:
         84:aa:46:dd:21:46:1c:df:b9:cd:f1:ad:79:8c:d4:47:f0:0c:
         6c:45:b0:93:f9:99:6a:89:61:31:0f:61:47:b8:05:f1:d6:7e:
         c2:0e:5f:ed:dc:90:bb:fb:f5:1e:5f:63:c7:2a:ab:29:7f:94:
         6b:68:22:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuNptLIX69fiTjUGavIfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODJjZmM5YWNhZTg5M2Y3NTgzOWNjMjQ1NmU2MmE2YTExMjU0ZWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAof3xjGvM1qN7DQ89Fj+n8MT8w8PI
vlM7RShYs6ZI8MffXv7hmONuXceLkC+ciyAio3QKFEiUq1BERHgsSG8NEPK50t57
7E8IwTmzHxRSj3t+KkbBtpfee2rqVPoC/jnj6Mkq1qCqJ1dRCQs6+MJhExJO+/nP
1Y4Q3+EYZq4940QQBStIss697FQafl3awVmW07hJQ5XlqRva9SrTVIZaZzUasMvm
ghocKC704Gpps5BmXawG3jdegxgXSZ7LKKGp5gBfybmBTFqBqPBJrcibCc5S9nOW
chnN9OqmMHeMcxI8350654Ftz9DWYBDOIWKb2te/lJQJHQNPt1RAKNFXxwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLgs/JrK6JP3WDnMJFbmKmoRJU6+MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvdUN6OG1zcm9rX2RZT2N3a1Z1WXFhaEVsVHI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg59RjAN
BgkqhkiG9w0BAQsFAAOCAQEAlcMcD6sxrJpuf+W3PtJaa6kmB79Mh4P7u78qGXvv
3T8zY6N6FoxRHBj5bA6nYmKEOCT+PR2o4JXAWpwe23kJU5EB+ZMRJexPFcj/+ijZ
DhiBEv0qFg/OVdZNwrZEJNigtjmYLDA9WfmwdIAkx9Sh4WqXvkZ8bkQ9OvcgNSbO
tjO8j4MCa+57odLpAJ/jfRITjoTk6f+qBbIjmsmD46Pq04uCYauXgopaMyGbseSd
2J4AORJd8oXxmCS1ErlCQSdXHYEQ7chThKpG3SFGHN+5zfGteYzUR/AMbEWwk/mZ
aolhMQ9hR7gF8dZ+wg5f7dyQu/v1Hl9jxyqrKX+Ua2gi2Q==
-----END CERTIFICATE-----
Generated at Thu Nov 21 22:41:17 2024 by rpki-client on console-fra.rpki-client.org