Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/352f9a-4fde-484a-b923-c87fbbd03e86/1/AJOLKE2Flv_FgbL4gDRgjGjFXuE.roa
File:                     AJOLKE2Flv_FgbL4gDRgjGjFXuE.roa (raw, json)
Hash identifier:          Y7i/5jdLaltCXniIz/vTYwNic4y/JUthLby94o67aIY=
Subject key identifier:   00:93:8B:28:4D:85:96:FF:C5:81:B2:F8:80:34:60:8C:68:C5:5E:E1
Certificate issuer:       /CN=28f981c20aa652aa85e008bd262f7bc1f856c358
Certificate serial:       018CC424813498BA31E6384BFDDAB542324E
Authority key identifier: 28:F9:81:C2:0A:A6:52:AA:85:E0:08:BD:26:2F:7B:C1:F8:56:C3:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KPmBwgqmUqqF4Ai9Ji97wfhWw1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/352f9a-4fde-484a-b923-c87fbbd03e86/1/AJOLKE2Flv_FgbL4gDRgjGjFXuE.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211564
IP address blocks:        2001:678:fa8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/352f9a-4fde-484a-b923-c87fbbd03e86/1/KPmBwgqmUqqF4Ai9Ji97wfhWw1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/352f9a-4fde-484a-b923-c87fbbd03e86/1/KPmBwgqmUqqF4Ai9Ji97wfhWw1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KPmBwgqmUqqF4Ai9Ji97wfhWw1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:81:34:98:ba:31:e6:38:4b:fd:da:b5:42:32:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28f981c20aa652aa85e008bd262f7bc1f856c358
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00938b284d8596ffc581b2f88034608c68c55ee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:fa:f4:35:5e:e9:6d:66:b4:b8:89:a3:7e:3f:
                    87:d1:85:17:03:a4:40:7e:c4:cc:6e:9c:56:e8:92:
                    f4:8c:8b:f6:c5:f2:a7:08:3c:ca:1c:de:17:26:a8:
                    e3:1b:5f:6d:59:a2:b3:2a:ff:39:82:73:2d:76:e2:
                    df:51:db:5b:f2:ba:19:a5:6a:fd:b1:75:f9:d6:4a:
                    89:86:05:71:f9:a7:6f:d2:1b:27:17:fe:48:1b:c2:
                    58:fd:05:52:78:93:b5:16:91:df:3d:99:ba:fd:1f:
                    f6:38:cd:14:b3:cd:8c:89:74:8f:6d:4f:1f:f0:76:
                    15:98:5f:5c:fe:1c:1d:bf:d6:09:29:e5:0b:81:b6:
                    2c:10:6b:17:e8:1e:8d:5c:65:70:2d:6f:e6:70:19:
                    6d:7e:1c:74:db:67:32:8a:66:08:ca:18:d5:63:c6:
                    73:cf:23:04:67:98:1d:c1:0f:63:3a:de:3e:a4:4a:
                    d8:46:14:ac:79:89:11:b6:da:21:97:d9:a7:67:73:
                    54:8b:1a:12:62:73:0a:eb:5c:2e:f4:48:32:8a:ae:
                    a4:4a:98:dc:ad:60:d0:21:be:0f:bf:de:ba:14:ca:
                    97:e4:80:93:3b:28:cf:40:a6:79:1c:64:c6:8d:80:
                    3b:de:75:4c:f7:8c:05:36:58:c4:d0:ec:2e:60:82:
                    e2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:93:8B:28:4D:85:96:FF:C5:81:B2:F8:80:34:60:8C:68:C5:5E:E1
            X509v3 Authority Key Identifier:
                keyid:28:F9:81:C2:0A:A6:52:AA:85:E0:08:BD:26:2F:7B:C1:F8:56:C3:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KPmBwgqmUqqF4Ai9Ji97wfhWw1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/352f9a-4fde-484a-b923-c87fbbd03e86/1/AJOLKE2Flv_FgbL4gDRgjGjFXuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/352f9a-4fde-484a-b923-c87fbbd03e86/1/KPmBwgqmUqqF4Ai9Ji97wfhWw1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:fa8::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:14:e3:ec:20:2c:2d:ed:50:6e:11:b7:17:66:fa:ac:ed:6f:
         48:d6:34:9a:5b:f5:ff:b8:09:7b:5d:8f:f5:d5:8e:96:de:18:
         6c:ae:57:92:8a:09:c3:b9:31:c2:9a:5c:4f:93:25:1c:3b:48:
         25:72:45:bc:aa:85:95:d3:b2:6b:92:8e:14:37:3a:03:ea:32:
         ef:23:e1:cc:39:da:44:4e:af:24:c4:ab:34:0b:bf:49:06:bf:
         6f:66:0d:1a:96:c4:4f:d6:89:8c:40:0d:d2:85:4f:f4:66:79:
         10:8d:fa:47:db:1a:dc:46:f8:5c:7d:90:0e:f5:44:ce:b0:e9:
         4e:97:3f:90:d2:b1:00:89:85:5f:7c:78:e7:73:9b:77:dd:11:
         4b:21:d3:1c:71:a1:e1:52:3a:d3:95:20:53:e3:04:e6:1a:11:
         62:82:b9:c1:c5:ef:b5:e7:21:25:af:75:41:3e:90:05:97:28:
         0f:1d:d1:11:06:50:a8:24:7c:90:aa:30:4f:cb:fa:04:b5:26:
         34:c9:c6:9b:c5:01:4d:81:96:41:31:83:6c:74:98:bc:0d:4e:
         0a:f1:74:7a:ea:74:2a:50:44:6b:c1:2e:3e:e6:cd:60:87:1a:
         09:57:e4:55:d4:a3:9f:4f:a2:38:13:ea:4b:20:29:d1:9f:71:
         fc:83:c6:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJIE0mLox5jhL/dq1QjJOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4Zjk4MWMyMGFhNjUyYWE4NWUwMDhiZDI2MmY3YmMxZjg1
NmMzNTgwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDkzOGIyODRkODU5NmZmYzU4MWIyZjg4MDM0NjA4YzY4YzU1ZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vr0NV7pbWa0uImjfj+H0YUXA6RA
fsTMbpxW6JL0jIv2xfKnCDzKHN4XJqjjG19tWaKzKv85gnMtduLfUdtb8roZpWr9
sXX51kqJhgVx+adv0hsnF/5IG8JY/QVSeJO1FpHfPZm6/R/2OM0Us82MiXSPbU8f
8HYVmF9c/hwdv9YJKeULgbYsEGsX6B6NXGVwLW/mcBltfhx022cyimYIyhjVY8Zz
zyMEZ5gdwQ9jOt4+pErYRhSseYkRttohl9mnZ3NUixoSYnMK61wu9Egyiq6kSpjc
rWDQIb4Pv966FMqX5ICTOyjPQKZ5HGTGjYA73nVM94wFNljE0OwuYILiIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFACTiyhNhZb/xYGy+IA0YIxoxV7hMB8GA1UdIwQY
MBaAFCj5gcIKplKqheAIvSYve8H4VsNYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1BtQndncW1VcXFGNEFpOUppOTd3ZmhXdzFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8zNTJmOWEtNGZkZS00ODRhLWI5MjMt
Yzg3ZmJiZDAzZTg2LzEvQUpPTEtFMkZsdl9GZ2JMNGdEUmdqR2pGWHVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8zNTJmOWEtNGZkZS00ODRhLWI5MjMtYzg3ZmJiZDAzZTg2
LzEvS1BtQndncW1VcXFGNEFpOUppOTd3ZmhXdzFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA+o
MA0GCSqGSIb3DQEBCwUAA4IBAQC2FOPsICwt7VBuEbcXZvqs7W9I1jSaW/X/uAl7
XY/11Y6W3hhsrleSignDuTHCmlxPkyUcO0glckW8qoWV07Jrko4UNzoD6jLvI+HM
OdpETq8kxKs0C79JBr9vZg0alsRP1omMQA3ShU/0ZnkQjfpH2xrcRvhcfZAO9UTO
sOlOlz+Q0rEAiYVffHjnc5t33RFLIdMccaHhUjrTlSBT4wTmGhFigrnBxe+15yEl
r3VBPpAFlygPHdERBlCoJHyQqjBPy/oEtSY0ycabxQFNgZZBMYNsdJi8DU4K8XR6
6nQqUERrwS4+5s1ghxoJV+RV1KOfT6I4E+pLICnRn3H8g8Zi
-----END CERTIFICATE-----
Generated at Mon Nov 25 21:50:41 2024 by rpki-client on console-ams.rpki-client.org