Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/_7KYYtRpiXFngqeA_nFZuiyS74g.roa
File:                     _7KYYtRpiXFngqeA_nFZuiyS74g.roa (raw, json)
Hash identifier:          BwetMdO13e9RPlTc7JA+WUg2gPRpjwF9qLmGmpkhPCI=
Subject key identifier:   FF:B2:98:62:D4:69:89:71:67:82:A7:80:FE:71:59:BA:2C:92:EF:88
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256C4368113E8F231CAB41577C4C15
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/_7KYYtRpiXFngqeA_nFZuiyS74g.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208885
IP address blocks:        2a0b:b86:ffe4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6c:43:68:11:3e:8f:23:1c:ab:41:57:7c:4c:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffb29862d46989716782a780fe7159ba2c92ef88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:44:ea:ba:a6:6b:99:88:f9:e3:63:6f:8a:38:
                    b5:b6:b6:42:26:d2:f4:b8:bd:6c:71:33:d5:2c:ed:
                    66:8e:e8:23:10:3c:22:bc:49:f9:43:32:b6:2d:8e:
                    4e:d0:f9:71:a1:76:c7:81:86:e1:a1:c7:e4:b8:c6:
                    a6:8d:88:4d:27:de:16:2a:59:45:7f:fa:8a:88:5b:
                    04:a9:f1:58:e2:56:cf:cb:e9:44:75:5c:e8:7d:08:
                    a8:66:e5:08:49:7a:0f:89:c2:d3:ed:88:51:bd:a6:
                    86:6e:e0:e5:db:bc:77:85:18:83:38:49:a6:b0:ff:
                    08:91:29:36:50:4f:92:12:59:75:17:fb:59:77:cc:
                    1b:88:27:a7:43:4a:18:18:24:47:d3:0a:9f:2e:57:
                    a8:bc:76:8d:8d:b7:b0:88:ef:6b:45:89:6c:28:e9:
                    74:f6:68:af:99:cc:03:46:1f:64:a3:4b:a0:d5:ec:
                    4e:8e:c9:dd:7c:c7:7b:c1:e6:bc:58:78:4b:49:d8:
                    99:6f:6e:8b:79:17:ea:71:3a:ff:9c:f5:55:14:c7:
                    7f:b1:ef:60:bc:c5:2b:69:ca:1f:1f:25:ee:fd:4f:
                    f1:9b:bf:ff:fe:75:1a:dc:1a:84:a9:41:27:fa:55:
                    37:e0:b7:b5:3f:e3:41:1c:e7:9a:a7:3c:8a:74:3e:
                    ac:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:B2:98:62:D4:69:89:71:67:82:A7:80:FE:71:59:BA:2C:92:EF:88
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/_7KYYtRpiXFngqeA_nFZuiyS74g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b86:ffe4::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:99:5d:12:db:95:73:d5:d6:45:1f:3a:36:93:21:6b:be:f9:
         ba:d1:06:f4:59:02:ac:72:3f:17:84:18:80:4c:2c:8f:8f:8b:
         64:ab:23:f7:e0:5c:9c:92:82:34:7c:1c:0f:d5:7c:2c:4e:18:
         aa:ba:39:86:27:33:a6:a5:16:a8:f2:1c:64:ab:d0:3a:10:48:
         d5:05:f6:3f:a4:41:64:0c:6e:71:bd:79:11:bc:94:cf:d9:cf:
         b1:86:f9:44:b3:87:e3:d8:c3:a8:30:97:23:a8:b5:8c:c2:b5:
         14:2c:36:d1:3c:73:ed:22:52:0d:9f:2a:18:f2:f9:fa:4b:35:
         29:7d:31:3e:5a:03:d0:f5:9b:2e:c6:81:ce:bc:21:c4:00:6b:
         b5:16:30:1d:22:8b:f7:97:c4:31:31:ce:cb:37:8e:27:6b:eb:
         56:fc:5c:c5:68:75:69:10:a1:69:a5:16:1d:fb:0c:33:50:56:
         53:27:31:66:64:86:42:f0:84:0d:ef:18:ce:13:75:5a:d0:e3:
         b1:ae:78:47:53:7c:4e:1a:47:7f:7e:9b:a4:c5:51:bd:f5:ce:
         bc:b6:1f:06:98:5f:25:90:80:d5:84:9f:11:65:12:ff:65:17:
         c7:6d:c9:ac:7d:22:eb:0e:93:04:1a:1f:81:1f:81:d5:ae:55:
         8c:8a:31:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJWxDaBE+jyMcq0FXfEwVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmIyOTg2MmQ0Njk4OTcxNjc4MmE3ODBmZTcxNTliYTJjOTJlZjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUTquqZrmYj542Nviji1trZCJtL0
uL1scTPVLO1mjugjEDwivEn5QzK2LY5O0PlxoXbHgYbhocfkuMamjYhNJ94WKllF
f/qKiFsEqfFY4lbPy+lEdVzofQioZuUISXoPicLT7YhRvaaGbuDl27x3hRiDOEmm
sP8IkSk2UE+SEll1F/tZd8wbiCenQ0oYGCRH0wqfLleovHaNjbewiO9rRYlsKOl0
9mivmcwDRh9ko0ug1exOjsndfMd7wea8WHhLSdiZb26LeRfqcTr/nPVVFMd/se9g
vMUracofHyXu/U/xm7///nUa3BqEqUEn+lU34Le1P+NBHOeapzyKdD6sbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP+ymGLUaYlxZ4KngP5xWbosku+IMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvXzdLWVl0UnBpWEZuZ3FlQV9uRlp1aXlTNzRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLhv/k
MA0GCSqGSIb3DQEBCwUAA4IBAQBLmV0S25Vz1dZFHzo2kyFrvvm60Qb0WQKscj8X
hBiATCyPj4tkqyP34FyckoI0fBwP1XwsThiqujmGJzOmpRao8hxkq9A6EEjVBfY/
pEFkDG5xvXkRvJTP2c+xhvlEs4fj2MOoMJcjqLWMwrUULDbRPHPtIlINnyoY8vn6
SzUpfTE+WgPQ9ZsuxoHOvCHEAGu1FjAdIov3l8QxMc7LN44na+tW/FzFaHVpEKFp
pRYd+wwzUFZTJzFmZIZC8IQN7xjOE3Va0OOxrnhHU3xOGkd/fpukxVG99c68th8G
mF8lkIDVhJ8RZRL/ZRfHbcmsfSLrDpMEGh+BH4HVrlWMijEA
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:18:58 2024 by rpki-client on console-ams.rpki-client.org