Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/fHWNHAXNZAZXVt-ZFMB3ENVnY9Y.roa
File:                     fHWNHAXNZAZXVt-ZFMB3ENVnY9Y.roa (raw, json)
Hash identifier:          bndX1rUjPM1IInEuSXfoZ0MT9WVnUeyYHmYWrDfUD14=
Subject key identifier:   7C:75:8D:1C:05:CD:64:06:57:56:DF:99:14:C0:77:10:D5:67:63:D6
Certificate issuer:       /CN=53c912a0411bb0174507092d0ca35a91ad79905c
Certificate serial:       018CC493646EDDBC3A418F82D36470B29314
Authority key identifier: 53:C9:12:A0:41:1B:B0:17:45:07:09:2D:0C:A3:5A:91:AD:79:90:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/fHWNHAXNZAZXVt-ZFMB3ENVnY9Y.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28878
IP address blocks:        2a07:cb84::/32 maxlen: 32
                          2a07:cb82::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:64:6e:dd:bc:3a:41:8f:82:d3:64:70:b2:93:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c912a0411bb0174507092d0ca35a91ad79905c
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c758d1c05cd64065756df9914c07710d56763d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d0:c3:88:71:01:00:b3:6a:fd:c6:a3:95:3c:
                    89:1d:d7:dc:e1:a5:e4:ac:08:2b:6b:78:b1:a7:ce:
                    54:93:2a:76:57:f8:9f:79:9c:8c:bd:9a:96:c3:55:
                    09:ad:30:0a:09:38:c8:ac:65:97:4c:45:d8:c4:7e:
                    31:96:30:c2:ac:a7:49:33:73:16:93:9a:92:b7:b7:
                    9e:05:4c:33:20:4f:ef:d8:cd:9b:9a:49:82:2f:d5:
                    7e:e8:99:ac:1a:35:8c:02:e0:3c:be:1e:f5:d5:6a:
                    6d:5f:05:f6:88:7f:49:07:67:51:9e:b2:b2:ab:09:
                    5b:03:3c:32:4b:87:e3:b2:22:c9:8d:fe:86:ff:cb:
                    8a:d6:ef:fa:ee:aa:f7:38:8f:65:0c:b0:3e:ed:fb:
                    2f:82:62:e9:d9:ff:e2:a6:b3:da:1c:e1:12:29:c6:
                    6b:a6:07:94:7c:f8:8c:12:a9:31:6f:ed:91:44:e1:
                    81:56:d7:23:1d:42:48:fa:0d:bf:a5:b7:2d:35:65:
                    57:7d:3b:52:ab:6a:14:eb:c1:00:42:1d:a5:e3:d6:
                    8e:ac:1c:c9:b7:49:71:3b:2f:31:b2:62:c0:dc:e0:
                    64:d6:40:68:dc:d4:e6:4d:ff:0e:ad:ca:91:74:46:
                    db:b9:96:f3:25:5f:61:24:bd:41:d7:13:99:b9:20:
                    ec:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:75:8D:1C:05:CD:64:06:57:56:DF:99:14:C0:77:10:D5:67:63:D6
            X509v3 Authority Key Identifier:
                keyid:53:C9:12:A0:41:1B:B0:17:45:07:09:2D:0C:A3:5A:91:AD:79:90:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/fHWNHAXNZAZXVt-ZFMB3ENVnY9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:cb82::/32
                  2a07:cb84::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:bb:a1:e4:92:21:57:ae:c5:9b:6d:91:e1:95:a2:b9:be:0b:
         92:34:8c:90:65:51:45:f4:3b:af:7a:e7:96:c6:62:d7:01:b2:
         71:ef:22:d2:a3:b8:56:a2:7d:27:40:92:4c:e4:c1:a0:37:d1:
         f0:d7:0e:0c:0b:e2:49:24:5e:7e:23:a6:fc:68:cf:b0:0d:7d:
         63:10:45:e8:21:27:c4:2a:7e:68:40:38:c0:ca:0a:8d:61:f3:
         ed:71:bd:d6:c8:ba:18:01:f9:a1:92:da:2c:27:5c:3c:7a:5b:
         44:21:13:01:a5:19:f9:7d:fb:8e:b4:15:35:cb:6c:bf:c0:2b:
         b0:bb:19:dd:4e:63:c7:bb:36:28:ea:63:63:c2:e8:5e:8d:97:
         a0:d0:5b:7f:8c:38:31:d6:99:cb:46:8f:c8:ee:d8:f5:84:3e:
         83:f7:12:90:72:36:72:e0:a6:da:73:5f:eb:0c:eb:c5:49:fd:
         59:e0:f9:63:12:e5:45:c7:6f:9e:18:4b:cf:82:7b:13:9a:14:
         e8:5c:d2:6f:3a:5a:ba:70:cb:02:4d:81:c9:af:c0:53:30:11:
         66:d4:a7:e7:8d:57:2a:cd:cb:ff:fa:71:4c:0e:77:c2:41:6f:
         ae:b6:c4:76:4d:1b:71:1f:df:3e:55:fb:16:1f:ec:2c:c2:a3:
         d7:ad:bc:23
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEk2Ru3bw6QY+C02RwspMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzkxMmEwNDExYmIwMTc0NTA3MDkyZDBjYTM1YTkxYWQ3
OTkwNWMwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzc1OGQxYzA1Y2Q2NDA2NTc1NmRmOTkxNGMwNzcxMGQ1Njc2M2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtDDiHEBALNq/cajlTyJHdfc4aXk
rAgra3ixp85Ukyp2V/ifeZyMvZqWw1UJrTAKCTjIrGWXTEXYxH4xljDCrKdJM3MW
k5qSt7eeBUwzIE/v2M2bmkmCL9V+6JmsGjWMAuA8vh711WptXwX2iH9JB2dRnrKy
qwlbAzwyS4fjsiLJjf6G/8uK1u/67qr3OI9lDLA+7fsvgmLp2f/iprPaHOESKcZr
pgeUfPiMEqkxb+2RROGBVtcjHUJI+g2/pbctNWVXfTtSq2oU68EAQh2l49aOrBzJ
t0lxOy8xsmLA3OBk1kBo3NTmTf8OrcqRdEbbuZbzJV9hJL1B1xOZuSDsKwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHx1jRwFzWQGV1bfmRTAdxDVZ2PWMB8GA1UdIwQY
MBaAFFPJEqBBG7AXRQcJLQyjWpGteZBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThrU29FRWJzQmRGQndrdERLTmFrYTE1a0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9kNzdlNjAtODkxNi00Zjk2LThlZDAt
ZTIxYzQzNmI2MmVmLzEvZkhXTkhBWE5aQVpYVnQtWkZNQjNFTlZuWTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9kNzdlNjAtODkxNi00Zjk2LThlZDAtZTIxYzQzNmI2MmVm
LzEvVThrU29FRWJzQmRGQndrdERLTmFrYTE1a0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgfLggMF
ACoHy4QwDQYJKoZIhvcNAQELBQADggEBAAG7oeSSIVeuxZttkeGVorm+C5I0jJBl
UUX0O69655bGYtcBsnHvItKjuFaifSdAkkzkwaA30fDXDgwL4kkkXn4jpvxoz7AN
fWMQReghJ8QqfmhAOMDKCo1h8+1xvdbIuhgB+aGS2iwnXDx6W0QhEwGlGfl9+460
FTXLbL/AK7C7Gd1OY8e7NijqY2PC6F6Nl6DQW3+MODHWmctGj8ju2PWEPoP3EpBy
NnLgptpzX+sM68VJ/Vng+WMS5UXHb54YS8+CexOaFOhc0m86WrpwywJNgcmvwFMw
EWbUp+eNVyrNy//6cUwOd8JBb662xHZNG3Ef3z5V+xYf7CzCo9etvCM=
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:39:21 2024 by rpki-client on console-ams.rpki-client.org