Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/75dede-5449-4d47-9b51-9b5df85c1140/1/4kZqeo575Y9WRGaHzjdy6YzyVog.roa
File:                     4kZqeo575Y9WRGaHzjdy6YzyVog.roa (raw, json)
Hash identifier:          LaT9KMvT0u1bKYWZDGT2ALfZDaF3GcX3ic/sMz/eE5k=
Subject key identifier:   E2:46:6A:7A:8E:7B:E5:8F:56:44:66:87:CE:37:72:E9:8C:F2:56:88
Certificate issuer:       /CN=b31938bc720282444babd3b26b3492b456adb397
Certificate serial:       018CC26D7389CFACD5988D13245EDAAE97B7
Authority key identifier: B3:19:38:BC:72:02:82:44:4B:AB:D3:B2:6B:34:92:B4:56:AD:B3:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sxk4vHICgkRLq9OyazSStFats5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/75dede-5449-4d47-9b51-9b5df85c1140/1/4kZqeo575Y9WRGaHzjdy6YzyVog.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199568
IP address blocks:        2001:678:7b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/75dede-5449-4d47-9b51-9b5df85c1140/1/sxk4vHICgkRLq9OyazSStFats5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/75dede-5449-4d47-9b51-9b5df85c1140/1/sxk4vHICgkRLq9OyazSStFats5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sxk4vHICgkRLq9OyazSStFats5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:73:89:cf:ac:d5:98:8d:13:24:5e:da:ae:97:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b31938bc720282444babd3b26b3492b456adb397
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2466a7a8e7be58f56446687ce3772e98cf25688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bb:8c:58:b5:7e:2b:13:e9:ae:64:3e:90:dd:
                    14:f6:e3:12:2b:d2:09:88:97:1c:99:59:35:ec:0d:
                    07:f5:df:38:9e:d0:60:08:b3:f2:81:ff:0c:a0:56:
                    60:c5:44:4b:bd:ac:07:56:1c:a8:90:7d:db:f1:09:
                    22:f0:58:0b:49:39:90:20:ca:b5:69:25:74:47:cd:
                    36:2f:95:d3:36:5d:13:da:58:5e:d4:60:42:49:7a:
                    3e:89:5a:48:80:cf:a4:78:b2:7b:e4:81:74:b4:1d:
                    93:e7:52:d6:0b:21:3f:e2:6f:c4:86:5c:c5:bb:8e:
                    df:20:b8:84:e9:49:12:5a:ea:c4:be:83:87:03:6f:
                    fe:47:52:51:ab:8e:e1:a4:cc:03:1d:18:ff:4f:70:
                    d3:6f:ed:bf:37:2f:cd:d5:0a:06:10:95:1d:5c:9b:
                    64:8e:20:a8:24:4f:ad:71:a6:7b:f7:13:cc:a9:27:
                    b6:87:6a:48:3d:90:6e:0e:3e:2a:56:10:0b:32:ba:
                    38:16:dc:49:14:62:1a:79:7f:aa:2d:22:6e:19:09:
                    dc:16:a6:e7:bc:ee:36:5e:7e:71:16:34:b1:36:98:
                    9f:ad:f1:c5:10:b1:a8:10:50:d9:ba:d8:13:b8:fe:
                    b6:71:4f:6a:98:b3:b9:1b:85:b5:39:31:f0:9e:ea:
                    20:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:46:6A:7A:8E:7B:E5:8F:56:44:66:87:CE:37:72:E9:8C:F2:56:88
            X509v3 Authority Key Identifier:
                keyid:B3:19:38:BC:72:02:82:44:4B:AB:D3:B2:6B:34:92:B4:56:AD:B3:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sxk4vHICgkRLq9OyazSStFats5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/75dede-5449-4d47-9b51-9b5df85c1140/1/4kZqeo575Y9WRGaHzjdy6YzyVog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/75dede-5449-4d47-9b51-9b5df85c1140/1/sxk4vHICgkRLq9OyazSStFats5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:7b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:be:a1:49:f7:88:a5:97:10:5b:c2:56:65:73:81:11:62:05:
         cb:87:17:04:87:a5:54:ed:44:a6:90:f4:71:ad:f4:7b:0c:7b:
         3a:d9:7e:1a:48:9d:a2:d2:94:63:23:7b:e8:76:5c:07:3f:e4:
         2e:3a:3e:b7:9b:34:7b:d9:9b:71:7c:46:c4:88:ac:b3:ab:b8:
         8f:df:e0:88:43:04:f6:da:58:a1:b5:6f:c2:a2:50:6b:24:86:
         9e:5c:b9:be:29:35:7d:21:76:00:a4:4d:ce:3d:6c:6f:56:26:
         86:62:7b:b1:5b:c3:85:80:42:6b:d7:1d:d0:fc:4b:74:b9:fa:
         d7:2a:cc:4a:06:e8:1e:ce:e0:3b:c5:9b:8a:b2:12:94:3a:95:
         f6:44:5a:47:1a:9f:60:db:c9:33:ce:43:5e:79:3e:f4:ff:3a:
         fc:1e:08:3b:ae:ef:f2:44:44:82:23:57:03:0e:40:f1:12:5c:
         5d:fe:98:c1:c9:d6:9d:d3:38:a3:66:5f:21:a0:86:e3:f1:1c:
         9e:01:d6:8c:36:bb:95:7a:77:f1:7e:9a:d1:a9:17:cf:22:68:
         5c:00:de:65:c1:83:45:ab:35:92:82:52:a3:f9:90:4d:31:da:
         a9:05:18:80:ab:94:cd:b0:71:2c:11:34:f2:6b:b2:32:60:45:
         27:78:6e:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbXOJz6zVmI0TJF7arpe3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMTkzOGJjNzIwMjgyNDQ0YmFiZDNiMjZiMzQ5MmI0NTZh
ZGIzOTcwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjQ2NmE3YThlN2JlNThmNTY0NDY2ODdjZTM3NzJlOThjZjI1Njg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLuMWLV+KxPprmQ+kN0U9uMSK9IJ
iJccmVk17A0H9d84ntBgCLPygf8MoFZgxURLvawHVhyokH3b8Qki8FgLSTmQIMq1
aSV0R802L5XTNl0T2lhe1GBCSXo+iVpIgM+keLJ75IF0tB2T51LWCyE/4m/EhlzF
u47fILiE6UkSWurEvoOHA2/+R1JRq47hpMwDHRj/T3DTb+2/Ny/N1QoGEJUdXJtk
jiCoJE+tcaZ79xPMqSe2h2pIPZBuDj4qVhALMro4FtxJFGIaeX+qLSJuGQncFqbn
vO42Xn5xFjSxNpifrfHFELGoEFDZutgTuP62cU9qmLO5G4W1OTHwnuogtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOJGanqOe+WPVkRmh843cumM8laIMB8GA1UdIwQY
MBaAFLMZOLxyAoJES6vTsms0krRWrbOXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3hrNHZISUNna1JMcTlPeWF6U1N0RmF0czVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC83NWRlZGUtNTQ0OS00ZDQ3LTliNTEt
OWI1ZGY4NWMxMTQwLzEvNGtacWVvNTc1WTlXUkdhSHpqZHk2WXp5Vm9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC83NWRlZGUtNTQ0OS00ZDQ3LTliNTEtOWI1ZGY4NWMxMTQw
LzEvc3hrNHZISUNna1JMcTlPeWF6U1N0RmF0czVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAew
MA0GCSqGSIb3DQEBCwUAA4IBAQCMvqFJ94illxBbwlZlc4ERYgXLhxcEh6VU7USm
kPRxrfR7DHs62X4aSJ2i0pRjI3vodlwHP+QuOj63mzR72ZtxfEbEiKyzq7iP3+CI
QwT22lihtW/ColBrJIaeXLm+KTV9IXYApE3OPWxvViaGYnuxW8OFgEJr1x3Q/Et0
ufrXKsxKBugezuA7xZuKshKUOpX2RFpHGp9g28kzzkNeeT70/zr8Hgg7ru/yRESC
I1cDDkDxElxd/pjBydad0zijZl8hoIbj8RyeAdaMNruVenfxfprRqRfPImhcAN5l
wYNFqzWSglKj+ZBNMdqpBRiAq5TNsHEsETTya7IyYEUneG62
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:33:59 2024 by rpki-client on console-ams.rpki-client.org