Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/wksiaK5kocAnsXhtWMmpUAPmEpY.roa
File:                     wksiaK5kocAnsXhtWMmpUAPmEpY.roa (raw, json)
Hash identifier:          YCtJ0cZK9nu7cSLwmhiniBkl7kiY0+KpGO5IzFOMauk=
Subject key identifier:   C2:4B:22:68:AE:64:A1:C0:27:B1:78:6D:58:C9:A9:50:03:E6:12:96
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8D9EA0EB3E58AC1354F6B577710E0
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/wksiaK5kocAnsXhtWMmpUAPmEpY.roa
Signing time:             Mon 01 Jan 2024 20:30:52 +0000
ROA not before:           Mon 01 Jan 2024 20:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134090
IP address blocks:        2a0c:9a40:8cb0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d9:ea:0e:b3:e5:8a:c1:35:4f:6b:57:77:10:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c24b2268ae64a1c027b1786d58c9a95003e61296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:9b:f1:1e:23:17:15:4e:05:5e:2b:92:5a:a4:
                    76:9f:20:d1:fb:27:3f:6f:34:1f:82:78:53:aa:cb:
                    cf:8a:3e:28:ef:22:91:61:2c:03:30:98:f3:0e:ce:
                    09:e2:3f:91:88:dd:ad:3f:b0:78:ce:50:dc:8a:34:
                    d9:85:8f:5d:7a:59:7a:32:61:5e:a5:e3:ed:0c:ec:
                    b3:49:93:ae:9c:b0:6f:1e:dc:a0:20:60:6d:fc:7c:
                    26:40:df:bf:92:0c:e5:3f:ac:2e:48:de:d7:ea:b1:
                    a7:68:8d:5d:98:ee:70:e4:6d:40:e2:e4:e5:6b:dd:
                    fb:4b:5d:c0:b6:a9:6d:c6:13:b5:f4:44:22:72:1f:
                    85:f8:41:a4:4e:13:b2:7b:0b:9a:99:ad:97:4f:8c:
                    66:0c:a2:b5:36:0d:10:25:e1:07:87:c6:ed:13:55:
                    d6:cc:3a:6b:d5:22:ca:42:53:72:d7:d6:05:9d:b0:
                    d3:92:d5:2a:71:22:52:f5:d5:41:d0:4c:c0:7f:94:
                    12:1e:ff:6f:2b:0d:4b:46:da:cf:db:72:d9:00:2c:
                    2f:8d:6b:98:13:63:2a:49:f3:9f:e7:32:b5:e3:3d:
                    bb:ab:09:6c:af:43:64:a1:50:be:c0:07:0f:45:11:
                    bb:37:c2:dc:d1:62:cd:c8:2d:5e:e1:99:31:77:19:
                    3c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:4B:22:68:AE:64:A1:C0:27:B1:78:6D:58:C9:A9:50:03:E6:12:96
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/wksiaK5kocAnsXhtWMmpUAPmEpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8cb0::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:a6:ef:25:fe:05:ec:5e:bb:8b:c6:7a:84:15:a1:d9:a2:ce:
         88:8c:35:4c:c7:c6:44:12:8f:4e:4b:8c:d6:6f:fa:2c:3e:74:
         54:52:3e:c2:7d:73:41:43:31:a2:cf:ba:67:43:1c:a9:2c:62:
         71:37:ba:fb:69:a2:6c:96:bf:37:d6:89:d9:35:1b:1d:21:bd:
         b1:48:5b:48:e2:b9:30:71:71:07:60:c2:44:72:e7:8c:50:a6:
         7b:57:28:b3:ee:58:44:ec:c1:de:46:51:a2:89:dc:7d:3f:30:
         f8:31:0a:ba:ff:9d:30:22:b0:1d:21:fb:a8:88:f7:6f:03:7b:
         fc:9e:31:98:8f:59:56:1d:18:04:d9:14:04:b8:58:38:50:97:
         43:57:68:c6:ca:21:12:49:ec:fa:af:96:ae:f1:7c:3b:81:18:
         39:9e:53:21:df:61:6a:6f:28:9e:58:31:41:83:12:03:85:88:
         05:f9:8a:0c:f7:17:9a:d7:9f:f1:7a:a2:ca:cd:e5:2e:d5:56:
         0f:85:cd:77:2c:9f:26:8f:1c:16:be:e8:1c:08:77:60:2e:2d:
         f4:5b:c8:fd:0d:fc:56:61:c7:cc:92:b0:a4:b9:a4:84:28:8e:
         c6:a0:02:12:a9:14:fb:90:99:db:cf:01:76:96:10:4f:52:41:
         db:4f:50:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuNnqDrPlisE1T2tXdxDgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjRiMjI2OGFlNjRhMWMwMjdiMTc4NmQ1OGM5YTk1MDAzZTYxMjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZvxHiMXFU4FXiuSWqR2nyDR+yc/
bzQfgnhTqsvPij4o7yKRYSwDMJjzDs4J4j+RiN2tP7B4zlDcijTZhY9dell6MmFe
pePtDOyzSZOunLBvHtygIGBt/HwmQN+/kgzlP6wuSN7X6rGnaI1dmO5w5G1A4uTl
a937S13AtqltxhO19EQich+F+EGkThOyewuama2XT4xmDKK1Ng0QJeEHh8btE1XW
zDpr1SLKQlNy19YFnbDTktUqcSJS9dVB0EzAf5QSHv9vKw1LRtrP23LZACwvjWuY
E2MqSfOf5zK14z27qwlsr0NkoVC+wAcPRRG7N8Lc0WLNyC1e4Zkxdxk8+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMJLImiuZKHAJ7F4bVjJqVAD5hKWMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvd2tzaWFLNWtvY0Fuc1hodFdNbXBVQVBtRXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIyw
MA0GCSqGSIb3DQEBCwUAA4IBAQB4pu8l/gXsXruLxnqEFaHZos6IjDVMx8ZEEo9O
S4zWb/osPnRUUj7CfXNBQzGiz7pnQxypLGJxN7r7aaJslr831onZNRsdIb2xSFtI
4rkwcXEHYMJEcueMUKZ7Vyiz7lhE7MHeRlGiidx9PzD4MQq6/50wIrAdIfuoiPdv
A3v8njGYj1lWHRgE2RQEuFg4UJdDV2jGyiESSez6r5au8Xw7gRg5nlMh32Fqbyie
WDFBgxIDhYgF+YoM9xea15/xeqLKzeUu1VYPhc13LJ8mjxwWvugcCHdgLi30W8j9
DfxWYcfMkrCkuaSEKI7GoAISqRT7kJnbzwF2lhBPUkHbT1Dt
-----END CERTIFICATE-----
Generated at Thu Nov 21 18:59:22 2024 by rpki-client on console-ams.rpki-client.org