Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/015784-3705-418a-b994-7521af1ce259/1/3pYKP1uAFy8ovWeXCvaSHsoi140.roa
File:                     3pYKP1uAFy8ovWeXCvaSHsoi140.roa (raw, json)
Hash identifier:          PxWF64u9mqXKPMJY4t6EaZ7I8kBPxGmNi0s9HcCQvRY=
Subject key identifier:   DE:96:0A:3F:5B:80:17:2F:28:BD:67:97:0A:F6:92:1E:CA:22:D7:8D
Certificate issuer:       /CN=2baee7ea482d62a671063eac83789af39f390b74
Certificate serial:       018CC5005A089D1B3E73DB56697CA34CC904
Authority key identifier: 2B:AE:E7:EA:48:2D:62:A6:71:06:3E:AC:83:78:9A:F3:9F:39:0B:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K67n6kgtYqZxBj6sg3ia8585C3Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/015784-3705-418a-b994-7521af1ce259/1/3pYKP1uAFy8ovWeXCvaSHsoi140.roa
Signing time:             Mon 01 Jan 2024 12:29:43 +0000
ROA not before:           Mon 01 Jan 2024 12:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197885
IP address blocks:        2001:678:388::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/015784-3705-418a-b994-7521af1ce259/1/K67n6kgtYqZxBj6sg3ia8585C3Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/015784-3705-418a-b994-7521af1ce259/1/K67n6kgtYqZxBj6sg3ia8585C3Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K67n6kgtYqZxBj6sg3ia8585C3Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5a:08:9d:1b:3e:73:db:56:69:7c:a3:4c:c9:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2baee7ea482d62a671063eac83789af39f390b74
        Validity
            Not Before: Jan  1 12:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de960a3f5b80172f28bd67970af6921eca22d78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:46:71:4e:c4:d7:ce:57:35:c3:c0:97:08:4a:
                    84:fd:4d:82:68:32:bb:da:27:b5:56:29:c0:a0:4e:
                    92:b5:eb:6f:07:94:76:92:78:2d:76:56:62:09:f8:
                    3e:65:f2:57:22:42:2c:51:b2:41:3e:ae:14:cd:03:
                    79:1b:4f:f5:db:5b:48:6d:23:f1:91:b4:7f:dc:9a:
                    55:c9:93:79:36:94:5a:e7:fd:26:3f:28:00:51:16:
                    8d:a7:b0:4b:5d:63:e6:c4:93:73:5a:b4:01:84:f5:
                    cf:df:dc:3e:ab:aa:42:2d:e9:2f:10:ff:4e:0d:3b:
                    0c:c5:16:4b:bb:d4:fa:cc:e0:76:4a:4e:b1:48:ba:
                    6a:8f:f6:cf:2c:4a:1b:17:08:a2:08:9b:bc:da:14:
                    97:50:78:50:22:47:fc:aa:de:11:48:bf:3a:65:a5:
                    09:a2:95:39:2a:d1:6d:f1:2a:3e:82:5e:5f:7d:4f:
                    52:d1:c3:e4:f1:3a:82:ab:6f:9a:d8:c4:07:00:3c:
                    c3:0b:af:c4:f5:83:a3:bf:0a:e8:ea:82:2b:1e:ca:
                    db:45:5d:a0:f9:1e:21:b5:40:33:aa:12:2d:f7:62:
                    3e:00:77:99:61:20:ac:bb:84:8e:8a:9d:88:41:4c:
                    0a:0c:d4:22:bd:60:9a:b4:bd:82:03:d0:66:e3:01:
                    cb:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:96:0A:3F:5B:80:17:2F:28:BD:67:97:0A:F6:92:1E:CA:22:D7:8D
            X509v3 Authority Key Identifier:
                keyid:2B:AE:E7:EA:48:2D:62:A6:71:06:3E:AC:83:78:9A:F3:9F:39:0B:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K67n6kgtYqZxBj6sg3ia8585C3Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/015784-3705-418a-b994-7521af1ce259/1/3pYKP1uAFy8ovWeXCvaSHsoi140.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/015784-3705-418a-b994-7521af1ce259/1/K67n6kgtYqZxBj6sg3ia8585C3Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:388::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:93:2c:8b:da:f7:9b:38:1b:ee:0b:07:1b:a7:d8:92:42:93:
         f9:85:d9:41:72:70:05:35:8c:70:cf:64:d4:3a:fa:17:1f:63:
         35:3d:3e:a4:91:e7:85:09:b1:91:e0:2a:35:ac:43:0c:b6:03:
         52:56:e6:93:a2:57:14:29:e2:9f:c0:78:c4:0e:93:c8:19:66:
         44:69:28:00:9e:06:d8:50:2b:5f:60:ae:8b:6f:f0:e2:c2:9b:
         cb:14:02:cf:5d:ea:d5:78:cf:05:f5:e3:32:5b:b2:b5:b4:a4:
         89:2c:1c:0c:5f:1d:e6:c7:e8:ea:40:5b:a5:cb:b1:af:ed:66:
         bc:aa:94:d4:32:97:ae:8c:27:28:3a:3c:09:3e:20:ec:8d:4d:
         d8:e4:34:b4:44:db:57:1d:9e:42:68:9a:4e:d3:68:61:ea:4c:
         a8:86:b8:b8:da:47:55:7e:de:c1:ea:9e:f4:da:19:4d:65:6d:
         96:b9:85:bb:22:ab:b8:5b:5b:69:fb:5b:cb:76:8c:e8:7a:25:
         14:2b:72:fa:55:f4:76:e5:12:43:2f:43:0d:4b:67:12:97:2a:
         7c:0a:ed:4c:13:3e:fd:bb:45:c2:30:dc:f0:f7:8f:a3:69:01:
         e3:19:f7:d5:26:77:d7:5a:cb:bc:74:5b:39:44:54:8b:c8:cd:
         d0:d8:7d:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAFoInRs+c9tWaXyjTMkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYWVlN2VhNDgyZDYyYTY3MTA2M2VhYzgzNzg5YWYzOWYz
OTBiNzQwHhcNMjQwMTAxMTIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTk2MGEzZjViODAxNzJmMjhiZDY3OTcwYWY2OTIxZWNhMjJkNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEZxTsTXzlc1w8CXCEqE/U2CaDK7
2ie1VinAoE6StetvB5R2kngtdlZiCfg+ZfJXIkIsUbJBPq4UzQN5G0/121tIbSPx
kbR/3JpVyZN5NpRa5/0mPygAURaNp7BLXWPmxJNzWrQBhPXP39w+q6pCLekvEP9O
DTsMxRZLu9T6zOB2Sk6xSLpqj/bPLEobFwiiCJu82hSXUHhQIkf8qt4RSL86ZaUJ
opU5KtFt8So+gl5ffU9S0cPk8TqCq2+a2MQHADzDC6/E9YOjvwro6oIrHsrbRV2g
+R4htUAzqhIt92I+AHeZYSCsu4SOip2IQUwKDNQivWCatL2CA9Bm4wHL5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN6WCj9bgBcvKL1nlwr2kh7KIteNMB8GA1UdIwQY
MBaAFCuu5+pILWKmcQY+rIN4mvOfOQt0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzY3bjZrZ3RZcVp4Qmo2c2czaWE4NTg1QzNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMTU3ODQtMzcwNS00MThhLWI5OTQt
NzUyMWFmMWNlMjU5LzEvM3BZS1AxdUFGeThvdldlWEN2YVNIc29pMTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMTU3ODQtMzcwNS00MThhLWI5OTQtNzUyMWFmMWNlMjU5
LzEvSzY3bjZrZ3RZcVp4Qmo2c2czaWE4NTg1QzNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAOI
MA0GCSqGSIb3DQEBCwUAA4IBAQCokyyL2vebOBvuCwcbp9iSQpP5hdlBcnAFNYxw
z2TUOvoXH2M1PT6kkeeFCbGR4Co1rEMMtgNSVuaTolcUKeKfwHjEDpPIGWZEaSgA
ngbYUCtfYK6Lb/DiwpvLFALPXerVeM8F9eMyW7K1tKSJLBwMXx3mx+jqQFuly7Gv
7Wa8qpTUMpeujCcoOjwJPiDsjU3Y5DS0RNtXHZ5CaJpO02hh6kyohri42kdVft7B
6p702hlNZW2WuYW7Iqu4W1tp+1vLdozoeiUUK3L6VfR25RJDL0MNS2cSlyp8Cu1M
Ez79u0XCMNzw94+jaQHjGffVJnfXWsu8dFs5RFSLyM3Q2H2t
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:31:34 2024 by rpki-client on console-ams.rpki-client.org