Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/GneUHI0EUFeFt7ZIv6YaBMr_qvA.roa
File:                     GneUHI0EUFeFt7ZIv6YaBMr_qvA.roa (raw, json)
Hash identifier:          jGuCVnAb8SoJfeLV9ticA6LyGDi8bDyYtBKPIbTGPQ0=
Subject key identifier:   1A:77:94:1C:8D:04:50:57:85:B7:B6:48:BF:A6:1A:04:CA:FF:AA:F0
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC425766EB9F18C25EC6BD182B9A56E52
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/GneUHI0EUFeFt7ZIv6YaBMr_qvA.roa
Signing time:             Mon 01 Jan 2024 08:30:38 +0000
ROA not before:           Mon 01 Jan 2024 08:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213029
IP address blocks:        2a0b:b87:ffbc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:76:6e:b9:f1:8c:25:ec:6b:d1:82:b9:a5:6e:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a77941c8d04505785b7b648bfa61a04caffaaf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:12:ed:f0:8c:7f:5a:03:46:35:31:19:1c:e5:
                    1d:05:e0:ef:47:19:fb:08:59:8e:bd:f5:89:db:bc:
                    77:6a:ad:73:2b:73:7f:59:6b:0c:52:b6:6e:5d:27:
                    53:99:34:10:03:3f:3e:16:b6:cf:d2:e0:73:be:7e:
                    75:07:66:bf:a0:2c:87:ad:ea:cd:68:6d:97:20:4f:
                    f8:35:35:10:e8:6d:f6:6c:f4:99:4a:0b:fc:87:79:
                    b9:a0:22:92:15:41:2b:b8:90:13:20:76:4b:83:98:
                    04:ad:bf:96:4d:36:5c:8e:33:6a:72:e9:bd:11:b0:
                    b2:4d:5a:89:df:cc:cc:5d:f2:75:72:45:34:94:d3:
                    4c:43:a5:ac:a6:20:13:25:92:e5:b5:f4:02:76:ad:
                    3d:b7:aa:5d:ed:66:ef:c5:c0:b9:5d:61:f6:e3:0a:
                    7c:73:20:83:a5:d6:ab:f9:f3:95:c7:77:5e:be:96:
                    c1:08:5b:d1:8e:26:8a:eb:fe:33:1f:d2:d5:2f:fb:
                    c3:96:c1:5d:a6:ac:bf:ce:fd:27:5e:3a:b8:ce:da:
                    16:8e:fe:8e:b5:99:bc:51:02:e5:3c:4a:14:fd:39:
                    6b:22:d6:6e:67:2d:d7:1f:2b:d8:38:95:46:a2:17:
                    e1:7e:51:b4:00:fc:96:0a:4d:5b:bb:3d:cb:7a:e2:
                    6b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:77:94:1C:8D:04:50:57:85:B7:B6:48:BF:A6:1A:04:CA:FF:AA:F0
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/GneUHI0EUFeFt7ZIv6YaBMr_qvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffbc::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:f1:af:37:df:69:f1:c7:38:6d:e2:54:89:d3:dd:bb:a1:7b:
         9c:66:d7:0a:2b:0d:ca:26:35:fd:0e:0a:82:ea:31:8c:92:0e:
         13:a1:93:53:8b:d2:40:a5:97:74:4c:18:0c:1d:ba:45:16:57:
         43:1b:6d:d4:77:61:e7:02:59:23:ba:8f:0d:46:0b:c4:f0:c0:
         ba:9b:94:97:fc:f8:57:b2:8f:3b:1f:b0:44:4f:a0:89:c1:63:
         d2:b1:f6:a0:51:30:31:16:e9:5c:86:f1:6f:4a:8e:d1:fc:c6:
         88:d3:41:87:91:6e:bf:ca:dd:96:ed:1c:67:da:59:75:54:b1:
         db:14:8f:89:ab:dc:a7:06:5e:74:dc:15:c5:bd:99:03:60:b0:
         cc:df:77:bf:88:2c:99:41:b9:49:a2:7c:e0:13:5d:8d:ea:e4:
         1e:b2:0b:1e:58:92:fe:26:b2:38:b1:0a:ee:c6:50:a5:1f:b8:
         a9:a7:81:d6:53:22:dd:5a:e8:16:8a:cb:2e:c5:ea:9e:23:20:
         fd:99:9b:b5:3f:58:a1:e3:18:42:f3:d6:87:8e:7e:47:39:82:
         d5:5d:86:56:ea:ad:6b:01:2c:61:25:d5:98:2a:e6:22:d0:52:
         ca:3a:8e:c0:40:b9:55:d4:9b:39:2e:ef:43:7a:93:c1:e8:4f:
         96:2c:9e:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJXZuufGMJexr0YK5pW5SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTc3OTQxYzhkMDQ1MDU3ODViN2I2NDhiZmE2MWEwNGNhZmZhYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRLt8Ix/WgNGNTEZHOUdBeDvRxn7
CFmOvfWJ27x3aq1zK3N/WWsMUrZuXSdTmTQQAz8+FrbP0uBzvn51B2a/oCyHrerN
aG2XIE/4NTUQ6G32bPSZSgv8h3m5oCKSFUEruJATIHZLg5gErb+WTTZcjjNqcum9
EbCyTVqJ38zMXfJ1ckU0lNNMQ6WspiATJZLltfQCdq09t6pd7WbvxcC5XWH24wp8
cyCDpdar+fOVx3devpbBCFvRjiaK6/4zH9LVL/vDlsFdpqy/zv0nXjq4ztoWjv6O
tZm8UQLlPEoU/TlrItZuZy3XHyvYOJVGohfhflG0APyWCk1buz3LeuJrsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBp3lByNBFBXhbe2SL+mGgTK/6rwMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvR25lVUhJMEVVRmVGdDdaSXY2WWFCTXJfcXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+8
MA0GCSqGSIb3DQEBCwUAA4IBAQAh8a8332nxxzht4lSJ0927oXucZtcKKw3KJjX9
DgqC6jGMkg4ToZNTi9JApZd0TBgMHbpFFldDG23Ud2HnAlkjuo8NRgvE8MC6m5SX
/PhXso87H7BET6CJwWPSsfagUTAxFulchvFvSo7R/MaI00GHkW6/yt2W7Rxn2ll1
VLHbFI+Jq9ynBl503BXFvZkDYLDM33e/iCyZQblJonzgE12N6uQesgseWJL+JrI4
sQruxlClH7ipp4HWUyLdWugWissuxeqeIyD9mZu1P1ih4xhC89aHjn5HOYLVXYZW
6q1rASxhJdWYKuYi0FLKOo7AQLlV1Js5Lu9DepPB6E+WLJ4x
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:40:39 2024 by rpki-client on console-fra.rpki-client.org