Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/s18d2DfVg2tuXgeI9Lzj83paPKM.roa
File:                     s18d2DfVg2tuXgeI9Lzj83paPKM.roa (raw, json)
Hash identifier:          yZIog1NH0ROthJvxGZq2+SWoRxKk/qizXdssQ5en6s0=
Subject key identifier:   B3:5F:1D:D8:37:D5:83:6B:6E:5E:07:88:F4:BC:E3:F3:7A:5A:3C:A3
Certificate issuer:       /CN=9dabc626ac264066b1c5c709a48477f3788361de
Certificate serial:       018CC801786EDDFA310CC502189B7075E635
Authority key identifier: 9D:AB:C6:26:AC:26:40:66:B1:C5:C7:09:A4:84:77:F3:78:83:61:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/navGJqwmQGaxxccJpIR383iDYd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/s18d2DfVg2tuXgeI9Lzj83paPKM.roa
Signing time:             Tue 02 Jan 2024 02:29:48 +0000
ROA not before:           Tue 02 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212746
IP address blocks:        2001:678:c2c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/navGJqwmQGaxxccJpIR383iDYd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/navGJqwmQGaxxccJpIR383iDYd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/navGJqwmQGaxxccJpIR383iDYd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:78:6e:dd:fa:31:0c:c5:02:18:9b:70:75:e6:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dabc626ac264066b1c5c709a48477f3788361de
        Validity
            Not Before: Jan  2 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b35f1dd837d5836b6e5e0788f4bce3f37a5a3ca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:84:d4:7f:27:19:89:ab:23:6a:82:3f:b4:b8:
                    92:43:91:c6:47:8c:53:76:61:2f:ef:eb:4b:bf:0c:
                    f4:86:6d:c7:b7:e0:67:87:30:9a:92:fc:cf:7f:58:
                    8a:aa:29:c0:6c:cf:77:fc:1b:ea:26:f1:32:96:01:
                    2a:ce:1c:e7:07:a8:46:a0:b1:51:9e:b4:3d:a5:0b:
                    ed:b8:6c:04:a1:6c:a1:08:7b:0c:4c:48:e2:da:1c:
                    16:24:44:04:e7:63:27:e9:bd:82:13:30:8a:27:80:
                    1b:41:b3:44:fd:de:04:aa:bc:15:ed:47:e0:bb:d4:
                    2f:62:28:b9:1b:6b:2c:a5:30:c7:74:0a:f3:1d:91:
                    46:f0:ed:18:e5:a8:a7:9d:24:42:2a:a8:d9:68:1a:
                    a1:95:72:68:e9:c4:c3:3a:7a:d6:7e:33:73:0b:0d:
                    c0:6d:4e:ac:23:dd:31:1e:dc:aa:6f:1e:27:56:e2:
                    d0:0c:c4:39:3e:14:b8:b6:2b:60:f1:7b:b0:39:8b:
                    93:ab:11:b0:04:27:79:17:b7:44:83:6a:fd:8d:c4:
                    73:93:d3:de:1f:18:ef:ab:c4:33:2f:4e:65:22:48:
                    ff:36:f5:5f:64:7a:6f:56:ed:ae:99:a2:8b:5a:43:
                    cf:41:ee:aa:44:61:a2:32:3a:cd:99:dd:df:80:89:
                    a5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:5F:1D:D8:37:D5:83:6B:6E:5E:07:88:F4:BC:E3:F3:7A:5A:3C:A3
            X509v3 Authority Key Identifier:
                keyid:9D:AB:C6:26:AC:26:40:66:B1:C5:C7:09:A4:84:77:F3:78:83:61:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/navGJqwmQGaxxccJpIR383iDYd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/s18d2DfVg2tuXgeI9Lzj83paPKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/19b008-b6f9-4271-b130-0b7e38a122fe/1/navGJqwmQGaxxccJpIR383iDYd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:4a:c3:43:8e:65:7a:1e:e7:cd:6a:1e:25:7d:4e:47:c7:37:
         2b:b1:2e:3d:a5:2c:47:1a:61:13:50:c4:6a:c7:3f:aa:32:c1:
         7f:31:2b:27:23:be:85:f4:33:d6:9f:07:2d:f4:5c:02:2a:a1:
         7c:2d:56:a2:e8:6f:4b:53:3f:6f:e2:52:52:5d:9c:e2:ce:ac:
         8d:af:de:09:c3:b7:43:00:d5:b6:d9:f8:24:96:b1:82:ea:ab:
         92:99:ae:7d:04:0b:8d:7e:3b:35:2f:35:3b:1c:44:ab:2e:4a:
         d2:00:3b:c7:3f:ef:ee:92:b9:c2:20:92:33:23:d8:a9:7c:1b:
         ed:3e:86:af:c2:db:2e:63:e1:c4:4e:12:ae:d0:31:df:31:fe:
         97:d4:a8:21:ae:eb:ba:c9:83:41:2e:f5:8f:eb:cc:64:04:08:
         a7:99:1f:9b:41:24:3b:28:dc:30:0f:1a:2f:75:28:6c:09:e2:
         b5:b9:9a:f9:6e:a4:ed:2e:84:84:3f:43:15:dc:b5:ec:bd:e7:
         45:19:fc:5c:ac:a9:26:07:58:b7:47:65:23:ee:ba:38:04:b7:
         6a:8b:5a:8d:d2:13:09:73:29:8d:3d:85:e8:6e:c2:98:6f:b9:
         95:c3:bf:6f:19:c0:cb:ea:ac:f7:cb:ee:10:ae:e9:4b:f0:fd:
         a2:1f:08:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXhu3foxDMUCGJtwdeY1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYWJjNjI2YWMyNjQwNjZiMWM1YzcwOWE0ODQ3N2YzNzg4
MzYxZGUwHhcNMjQwMTAyMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzVmMWRkODM3ZDU4MzZiNmU1ZTA3ODhmNGJjZTNmMzdhNWEzY2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYTUfycZiasjaoI/tLiSQ5HGR4xT
dmEv7+tLvwz0hm3Ht+BnhzCakvzPf1iKqinAbM93/BvqJvEylgEqzhznB6hGoLFR
nrQ9pQvtuGwEoWyhCHsMTEji2hwWJEQE52Mn6b2CEzCKJ4AbQbNE/d4EqrwV7Ufg
u9QvYii5G2sspTDHdArzHZFG8O0Y5ainnSRCKqjZaBqhlXJo6cTDOnrWfjNzCw3A
bU6sI90xHtyqbx4nVuLQDMQ5PhS4titg8XuwOYuTqxGwBCd5F7dEg2r9jcRzk9Pe
Hxjvq8QzL05lIkj/NvVfZHpvVu2umaKLWkPPQe6qRGGiMjrNmd3fgImlxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLNfHdg31YNrbl4HiPS84/N6WjyjMB8GA1UdIwQY
MBaAFJ2rxiasJkBmscXHCaSEd/N4g2HeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmF2R0pxd21RR2F4eGNjSnBJUjM4M2lEWWQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8xOWIwMDgtYjZmOS00MjcxLWIxMzAt
MGI3ZTM4YTEyMmZlLzEvczE4ZDJEZlZnMnR1WGdlSTlMemo4M3BhUEtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8xOWIwMDgtYjZmOS00MjcxLWIxMzAtMGI3ZTM4YTEyMmZl
LzEvbmF2R0pxd21RR2F4eGNjSnBJUjM4M2lEWWQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAws
MA0GCSqGSIb3DQEBCwUAA4IBAQBySsNDjmV6HufNah4lfU5HxzcrsS49pSxHGmET
UMRqxz+qMsF/MSsnI76F9DPWnwct9FwCKqF8LVai6G9LUz9v4lJSXZzizqyNr94J
w7dDANW22fgklrGC6quSma59BAuNfjs1LzU7HESrLkrSADvHP+/ukrnCIJIzI9ip
fBvtPoavwtsuY+HEThKu0DHfMf6X1Kghruu6yYNBLvWP68xkBAinmR+bQSQ7KNww
DxovdShsCeK1uZr5bqTtLoSEP0MV3LXsvedFGfxcrKkmB1i3R2Uj7ro4BLdqi1qN
0hMJcymNPYXobsKYb7mVw79vGcDL6qz3y+4QrulL8P2iHwh8
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:26:09 2024 by rpki-client on console-fra.rpki-client.org