Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/1JbSVm_TSV7qQO91puMnIvbq7tE.roa
File:                     1JbSVm_TSV7qQO91puMnIvbq7tE.roa (raw, json)
Hash identifier:          XelEtwq+ExQZBRlWH/55cwKac6nirDBuO5cBWZ32NJI=
Subject key identifier:   D4:96:D2:56:6F:D3:49:5E:EA:40:EF:75:A6:E3:27:22:F6:EA:EE:D1
Certificate issuer:       /CN=b155daddb871b9d6a53cd6b47f776250837f7774
Certificate serial:       018CC26D0AA5AA97108FB95B1AD97008563C
Authority key identifier: B1:55:DA:DD:B8:71:B9:D6:A5:3C:D6:B4:7F:77:62:50:83:7F:77:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVXa3bhxudalPNa0f3diUIN_d3Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/1JbSVm_TSV7qQO91puMnIvbq7tE.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35062
IP address blocks:        2a02:8205:480b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/sVXa3bhxudalPNa0f3diUIN_d3Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/sVXa3bhxudalPNa0f3diUIN_d3Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVXa3bhxudalPNa0f3diUIN_d3Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0a:a5:aa:97:10:8f:b9:5b:1a:d9:70:08:56:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155daddb871b9d6a53cd6b47f776250837f7774
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d496d2566fd3495eea40ef75a6e32722f6eaeed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d1:d2:f5:15:49:be:82:b9:92:fb:00:07:bf:
                    84:cb:35:68:ab:24:81:9b:a0:df:0e:35:0a:15:37:
                    ea:19:15:46:48:53:76:35:75:aa:22:2b:72:f2:93:
                    fc:4d:88:5c:33:16:f4:2d:f7:7e:1a:27:e4:3f:f7:
                    6d:db:ed:44:8a:16:86:a9:b7:03:e6:93:7d:da:d1:
                    2b:19:eb:ab:49:c7:90:d2:03:ae:0c:b9:28:3a:f1:
                    c8:74:3d:2e:95:64:07:86:84:7c:23:df:e8:04:fb:
                    69:bb:cb:b5:c2:d5:59:56:6d:f4:e1:26:31:40:d2:
                    3d:2d:aa:a0:56:21:5f:2a:01:42:56:2e:4e:9e:bd:
                    b2:a2:74:65:91:68:58:35:e5:ec:60:68:4a:8f:05:
                    be:be:96:ce:97:67:f7:40:dc:85:d9:36:60:88:94:
                    6c:4e:f0:31:04:4f:d7:72:1d:82:33:78:fc:2a:3b:
                    dd:c3:4c:33:42:88:b0:29:ac:a6:73:9c:d5:14:aa:
                    96:6d:4e:34:09:98:64:8e:44:74:95:fd:03:3d:10:
                    66:fb:45:f8:1d:05:12:ac:db:ea:a3:3a:57:3e:73:
                    08:e8:5c:54:eb:41:74:df:f1:14:dc:58:40:5f:d0:
                    28:60:5b:75:e3:d6:38:46:c0:e6:3c:f7:41:81:44:
                    bd:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:96:D2:56:6F:D3:49:5E:EA:40:EF:75:A6:E3:27:22:F6:EA:EE:D1
            X509v3 Authority Key Identifier:
                keyid:B1:55:DA:DD:B8:71:B9:D6:A5:3C:D6:B4:7F:77:62:50:83:7F:77:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVXa3bhxudalPNa0f3diUIN_d3Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/1JbSVm_TSV7qQO91puMnIvbq7tE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/8fd6e7-496f-47cf-80fb-5468b2cf0a77/1/sVXa3bhxudalPNa0f3diUIN_d3Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:8205:480b::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:5e:dd:a3:a6:10:8d:42:0b:a6:7c:ff:01:ba:bd:28:9f:47:
         5a:96:0e:56:d1:a1:cd:19:e6:16:a2:48:ff:cf:bf:8c:c4:81:
         96:de:70:34:08:74:59:be:4a:c2:3f:8e:9b:bd:e5:79:e3:bf:
         5e:09:f8:5a:12:6b:40:0c:aa:bc:4d:b9:53:e6:ab:50:7c:c6:
         97:5b:d9:ed:6a:a9:d7:74:0b:a9:a3:46:3d:2f:e6:d9:94:74:
         6a:fc:53:4f:3c:a8:c5:73:05:e7:64:fe:f4:36:93:f2:d7:9a:
         d7:56:ee:68:d2:20:f5:27:fa:09:2e:92:68:f1:a0:e0:bf:0b:
         7b:01:36:fe:dd:dd:cb:8e:d9:84:97:a2:4f:10:ff:a6:8e:3c:
         ea:1a:f7:58:e9:b3:db:0c:60:8e:c9:6b:8e:d2:fb:9d:15:26:
         40:f6:5a:81:1e:48:df:29:50:1d:6d:20:36:48:70:ea:dc:7e:
         2d:af:cf:4c:42:da:39:32:28:16:6c:88:3a:6d:48:8d:b0:3d:
         45:12:39:20:74:d9:98:79:fd:98:a7:a2:25:24:c5:9c:c5:cc:
         75:67:ba:8a:a3:20:7e:b8:ff:38:5e:ec:11:09:2e:f1:f3:fa:
         68:d7:87:f7:56:b4:8d:40:1d:36:db:d5:b7:52:9d:8f:71:ef:
         d5:2e:ee:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbQqlqpcQj7lbGtlwCFY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTVkYWRkYjg3MWI5ZDZhNTNjZDZiNDdmNzc2MjUwODM3
Zjc3NzQwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDk2ZDI1NjZmZDM0OTVlZWE0MGVmNzVhNmUzMjcyMmY2ZWFlZWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdHS9RVJvoK5kvsAB7+EyzVoqySB
m6DfDjUKFTfqGRVGSFN2NXWqIity8pP8TYhcMxb0Lfd+GifkP/dt2+1EihaGqbcD
5pN92tErGeurSceQ0gOuDLkoOvHIdD0ulWQHhoR8I9/oBPtpu8u1wtVZVm304SYx
QNI9LaqgViFfKgFCVi5Onr2yonRlkWhYNeXsYGhKjwW+vpbOl2f3QNyF2TZgiJRs
TvAxBE/Xch2CM3j8Kjvdw0wzQoiwKaymc5zVFKqWbU40CZhkjkR0lf0DPRBm+0X4
HQUSrNvqozpXPnMI6FxU60F03/EU3FhAX9AoYFt149Y4RsDmPPdBgUS90QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNSW0lZv00le6kDvdabjJyL26u7RMB8GA1UdIwQY
MBaAFLFV2t24cbnWpTzWtH93YlCDf3d0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZYYTNiaHh1ZGFsUE5hMGYzZGlVSU5fZDNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84ZmQ2ZTctNDk2Zi00N2NmLTgwZmIt
NTQ2OGIyY2YwYTc3LzEvMUpiU1ZtX1RTVjdxUU85MXB1TW5JdmJxN3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84ZmQ2ZTctNDk2Zi00N2NmLTgwZmItNTQ2OGIyY2YwYTc3
LzEvc1ZYYTNiaHh1ZGFsUE5hMGYzZGlVSU5fZDNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgKCBUgL
MA0GCSqGSIb3DQEBCwUAA4IBAQBxXt2jphCNQgumfP8Bur0on0dalg5W0aHNGeYW
okj/z7+MxIGW3nA0CHRZvkrCP46bveV5479eCfhaEmtADKq8TblT5qtQfMaXW9nt
aqnXdAupo0Y9L+bZlHRq/FNPPKjFcwXnZP70NpPy15rXVu5o0iD1J/oJLpJo8aDg
vwt7ATb+3d3LjtmEl6JPEP+mjjzqGvdY6bPbDGCOyWuO0vudFSZA9lqBHkjfKVAd
bSA2SHDq3H4tr89MQto5MigWbIg6bUiNsD1FEjkgdNmYef2Yp6IlJMWcxcx1Z7qK
oyB+uP84XuwRCS7x8/po14f3VrSNQB0229W3Up2Pce/VLu52
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:58:11 2024 by rpki-client on console-fra.rpki-client.org