Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/zc-Cop1yXJUL6A_EtOpk3bU28cg.roa
File:                     zc-Cop1yXJUL6A_EtOpk3bU28cg.roa (raw, json)
Hash identifier:          6VEKJoBwYRjZMwR/vOzNP3nbt2f6BYuqDtCAWqO6oUA=
Subject key identifier:   CD:CF:82:A2:9D:72:5C:95:0B:E8:0F:C4:B4:EA:64:DD:B5:36:F1:C8
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       018CC500E295EA78105B2D6FD3602A060A3F
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/zc-Cop1yXJUL6A_EtOpk3bU28cg.roa
Signing time:             Mon 01 Jan 2024 12:30:18 +0000
ROA not before:           Mon 01 Jan 2024 12:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198507
IP address blocks:        2a05:2d07::/32 maxlen: 32
                          2a04:a147::/32 maxlen: 32
                          2a06:3e87::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e2:95:ea:78:10:5b:2d:6f:d3:60:2a:06:0a:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 12:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdcf82a29d725c950be80fc4b4ea64ddb536f1c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f4:b7:85:5b:72:1f:96:b5:a1:bd:0a:e4:89:
                    b2:f2:9f:7e:8d:80:2c:2c:c6:31:73:67:48:35:60:
                    0b:d7:c9:3a:e4:c6:68:db:be:1d:77:bb:1b:6d:13:
                    e7:5d:d0:1e:6e:42:ad:16:1d:7d:44:27:e8:02:86:
                    8c:36:34:0c:e5:bc:00:af:a2:cf:06:6b:55:ae:6e:
                    21:fa:06:58:c7:f5:9e:47:40:63:9e:c5:6c:be:2c:
                    f3:ac:62:4c:14:c2:7e:22:ac:87:85:28:14:c4:90:
                    60:31:8f:d2:44:c8:bf:c9:25:30:ad:35:2e:8e:1e:
                    6b:df:c5:59:4d:e3:80:03:75:67:45:7b:d8:24:17:
                    12:b6:fa:89:71:f8:52:a8:37:01:65:0f:4f:96:6e:
                    ef:9d:b8:17:f6:87:a0:65:41:7b:43:72:d4:72:c7:
                    ca:bd:ac:28:4a:37:99:6f:ee:b6:5e:d1:6c:9b:3e:
                    13:92:81:27:b8:cc:5e:1d:1d:38:0f:de:cc:d0:2f:
                    4a:79:61:16:c7:24:02:74:aa:b3:5d:3f:00:ca:96:
                    5f:7f:d8:44:66:bc:15:9e:8d:f5:ca:41:fe:9f:37:
                    27:45:27:80:11:6b:4d:1a:4a:1c:6c:60:74:be:2b:
                    b2:49:2b:5b:c4:cd:72:24:65:b4:5e:86:45:d7:80:
                    bc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:CF:82:A2:9D:72:5C:95:0B:E8:0F:C4:B4:EA:64:DD:B5:36:F1:C8
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/zc-Cop1yXJUL6A_EtOpk3bU28cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:a147::/32
                  2a05:2d07::/32
                  2a06:3e87::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:6b:4c:21:a8:1b:2c:ee:11:33:f5:2c:60:fb:c9:b6:a7:de:
         e6:d8:ce:8f:b4:00:fc:60:a8:7a:d5:bd:b3:76:b2:d8:0f:0d:
         3e:e2:e7:14:72:3e:11:d4:87:f1:27:e1:ac:54:4d:48:58:fb:
         2c:ec:dc:23:e1:90:2c:33:47:8b:87:2e:27:6f:72:bd:1e:36:
         39:0a:bf:93:c1:e1:5b:a0:a1:3c:c6:4d:54:9f:c2:2e:9b:d4:
         94:5b:0d:56:41:db:81:fc:f3:c5:35:ab:96:c7:f7:3e:7d:8a:
         dc:ce:15:0d:44:86:6f:b1:70:17:53:24:cd:fd:fc:13:e1:71:
         4e:a5:5f:5b:e4:12:ce:11:35:38:eb:fc:9c:83:9c:73:ff:90:
         05:8c:17:40:53:5d:4b:63:99:9e:38:cc:48:61:be:5c:b8:f4:
         1b:78:89:10:22:31:57:12:ff:8b:18:6f:5c:da:4a:ec:07:ad:
         89:47:ff:e2:2b:df:a9:63:cc:98:79:db:5d:fa:64:61:0f:7a:
         cf:87:87:2c:27:5a:02:46:2c:c0:86:34:bc:79:0f:a2:9d:16:
         a9:32:01:b4:17:5d:b0:80:82:79:ef:9b:40:f2:f9:09:fe:a2:
         e6:9d:ee:1f:a0:7a:85:0b:9d:19:88:f5:fb:d0:61:37:07:37:
         f4:d5:d4:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAOKV6ngQWy1v02AqBgo/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjQwMTAxMTIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGNmODJhMjlkNzI1Yzk1MGJlODBmYzRiNGVhNjRkZGI1MzZmMWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfS3hVtyH5a1ob0K5Imy8p9+jYAs
LMYxc2dINWAL18k65MZo274dd7sbbRPnXdAebkKtFh19RCfoAoaMNjQM5bwAr6LP
BmtVrm4h+gZYx/WeR0BjnsVsvizzrGJMFMJ+IqyHhSgUxJBgMY/SRMi/ySUwrTUu
jh5r38VZTeOAA3VnRXvYJBcStvqJcfhSqDcBZQ9Plm7vnbgX9oegZUF7Q3LUcsfK
vawoSjeZb+62XtFsmz4TkoEnuMxeHR04D97M0C9KeWEWxyQCdKqzXT8AypZff9hE
ZrwVno31ykH+nzcnRSeAEWtNGkocbGB0viuySStbxM1yJGW0XoZF14C8RQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM3PgqKdclyVC+gPxLTqZN21NvHIMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvemMtQ29wMXlYSlVMNkFfRXRPcGszYlUyOGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgShRwMF
ACoFLQcDBQAqBj6HMA0GCSqGSIb3DQEBCwUAA4IBAQBpa0whqBss7hEz9Sxg+8m2
p97m2M6PtAD8YKh61b2zdrLYDw0+4ucUcj4R1IfxJ+GsVE1IWPss7Nwj4ZAsM0eL
hy4nb3K9HjY5Cr+TweFboKE8xk1Un8Ium9SUWw1WQduB/PPFNauWx/c+fYrczhUN
RIZvsXAXUyTN/fwT4XFOpV9b5BLOETU46/ycg5xz/5AFjBdAU11LY5meOMxIYb5c
uPQbeIkQIjFXEv+LGG9c2krsB62JR//iK9+pY8yYedtd+mRhD3rPh4csJ1oCRizA
hjS8eQ+inRapMgG0F12wgIJ575tA8vkJ/qLmne4foHqFC50ZiPX70GE3Bzf01dTs
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:00:49 2024 by rpki-client on console-ams.rpki-client.org