Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/b30b57-e7e9-4b2f-99b6-90f97f746676/1/uFcPnWF9JfzemuHy8aiOX4rZirI.roa
File:                     uFcPnWF9JfzemuHy8aiOX4rZirI.roa (raw, json)
Hash identifier:          f2iMSlWoLeHdsuCekbeXi0dRiysFjp68wBKgBJq3ECM=
Subject key identifier:   B8:57:0F:9D:61:7D:25:FC:DE:9A:E1:F2:F1:A8:8E:5F:8A:D9:8A:B2
Certificate issuer:       /CN=91c2c2912e10581587052a5ca770910b26174f14
Certificate serial:       018CC727293D7D6B0BDEC31E91A6DD0605FF
Authority key identifier: 91:C2:C2:91:2E:10:58:15:87:05:2A:5C:A7:70:91:0B:26:17:4F:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kcLCkS4QWBWHBSpcp3CRCyYXTxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/b30b57-e7e9-4b2f-99b6-90f97f746676/1/uFcPnWF9JfzemuHy8aiOX4rZirI.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44901
IP address blocks:        2a05:1700:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/b30b57-e7e9-4b2f-99b6-90f97f746676/1/kcLCkS4QWBWHBSpcp3CRCyYXTxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/b30b57-e7e9-4b2f-99b6-90f97f746676/1/kcLCkS4QWBWHBSpcp3CRCyYXTxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kcLCkS4QWBWHBSpcp3CRCyYXTxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:29:3d:7d:6b:0b:de:c3:1e:91:a6:dd:06:05:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91c2c2912e10581587052a5ca770910b26174f14
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8570f9d617d25fcde9ae1f2f1a88e5f8ad98ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:27:8c:99:6a:ae:77:6e:00:b1:6b:c2:9e:3e:
                    4c:aa:41:2a:87:b2:17:f5:5c:a2:1a:e9:9f:ae:e6:
                    ee:de:ce:11:86:43:73:68:bc:ff:b8:34:6d:fd:f7:
                    ea:fe:b6:64:3f:03:80:14:29:51:01:19:49:26:c7:
                    5b:88:60:81:4b:5e:4f:bd:66:39:84:ff:72:83:f4:
                    60:f4:30:9a:97:f2:13:20:0f:69:a3:12:29:a6:6e:
                    88:64:1f:fc:7b:2e:26:87:06:f2:12:a9:7b:46:a2:
                    55:64:0f:43:7c:7e:d0:06:73:58:33:d8:2f:cd:9a:
                    39:86:7f:32:2f:5b:af:da:df:64:42:62:eb:13:3e:
                    9e:2f:17:9c:75:35:bf:74:5d:d2:af:4b:51:99:b2:
                    21:a6:92:42:30:5b:e0:1e:16:98:e4:d2:c6:ad:5e:
                    64:98:19:49:9d:25:07:8c:d2:07:9a:34:0f:a5:b8:
                    b8:58:a4:f8:d2:4f:88:54:78:e4:26:3e:99:75:ec:
                    16:db:1c:af:85:a7:95:65:25:5e:97:80:ef:e9:e9:
                    8b:db:ea:ed:c7:16:1d:59:84:73:cf:49:95:b1:87:
                    57:c3:c9:e8:a2:53:fd:2b:5b:57:fe:e8:4c:6d:f5:
                    b1:dc:17:b1:61:9f:9c:78:6d:8d:d3:5d:17:d6:60:
                    8f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:57:0F:9D:61:7D:25:FC:DE:9A:E1:F2:F1:A8:8E:5F:8A:D9:8A:B2
            X509v3 Authority Key Identifier:
                keyid:91:C2:C2:91:2E:10:58:15:87:05:2A:5C:A7:70:91:0B:26:17:4F:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kcLCkS4QWBWHBSpcp3CRCyYXTxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/b30b57-e7e9-4b2f-99b6-90f97f746676/1/uFcPnWF9JfzemuHy8aiOX4rZirI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/b30b57-e7e9-4b2f-99b6-90f97f746676/1/kcLCkS4QWBWHBSpcp3CRCyYXTxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1700:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:f7:44:79:a3:24:76:7e:91:ff:ee:96:13:b5:65:43:81:ef:
         cf:11:5c:6a:90:f0:7f:c8:09:83:cb:6d:0c:f0:77:74:23:8a:
         ab:0f:e7:a3:b3:f7:95:e0:3d:14:bf:75:93:cf:0c:f9:85:e1:
         2d:91:ed:a7:63:4f:03:5d:32:3f:b6:76:41:d5:1f:40:60:82:
         3d:7a:29:b0:db:f7:1a:a4:a2:16:e3:8b:27:84:97:15:55:6c:
         bf:4b:eb:2d:c0:06:df:69:9e:bb:05:7a:23:f5:3e:80:8a:56:
         a5:0a:9d:30:60:5d:d0:e9:d9:64:c9:2d:fa:f2:87:c7:bc:63:
         21:fa:14:41:04:8d:e1:c6:66:04:20:62:21:9c:b7:f6:27:bd:
         50:da:72:e0:7e:ed:55:8c:74:23:5c:50:62:14:14:c4:6b:ce:
         07:72:04:07:0b:42:cb:e4:5c:ab:71:f3:86:9c:13:8c:eb:a2:
         31:a7:7f:4d:42:1b:c9:16:f7:dc:de:77:af:3d:02:9c:0c:71:
         1a:ce:ef:bc:ff:75:f3:a1:14:12:54:cf:48:bc:40:e9:d7:0f:
         0d:86:09:87:08:81:a1:9b:fb:7b:6c:86:1e:b3:3f:b7:f2:33:
         58:81:c6:5e:20:55:c0:c1:f2:19:3e:f0:64:06:02:b6:e7:4f:
         ae:b0:f8:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJyk9fWsL3sMekabdBgX/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxYzJjMjkxMmUxMDU4MTU4NzA1MmE1Y2E3NzA5MTBiMjYx
NzRmMTQwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODU3MGY5ZDYxN2QyNWZjZGU5YWUxZjJmMWE4OGU1ZjhhZDk4YWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvieMmWqud24AsWvCnj5MqkEqh7IX
9VyiGumfrubu3s4RhkNzaLz/uDRt/ffq/rZkPwOAFClRARlJJsdbiGCBS15PvWY5
hP9yg/Rg9DCal/ITIA9poxIppm6IZB/8ey4mhwbyEql7RqJVZA9DfH7QBnNYM9gv
zZo5hn8yL1uv2t9kQmLrEz6eLxecdTW/dF3Sr0tRmbIhppJCMFvgHhaY5NLGrV5k
mBlJnSUHjNIHmjQPpbi4WKT40k+IVHjkJj6ZdewW2xyvhaeVZSVel4Dv6emL2+rt
xxYdWYRzz0mVsYdXw8noolP9K1tX/uhMbfWx3BexYZ+ceG2N010X1mCPNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLhXD51hfSX83prh8vGojl+K2YqyMB8GA1UdIwQY
MBaAFJHCwpEuEFgVhwUqXKdwkQsmF08UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2NMQ2tTNFFXQldIQlNwY3AzQ1JDeVlYVHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9iMzBiNTctZTdlOS00YjJmLTk5YjYt
OTBmOTdmNzQ2Njc2LzEvdUZjUG5XRjlKZnplbXVIeThhaU9YNHJaaXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9iMzBiNTctZTdlOS00YjJmLTk5YjYtOTBmOTdmNzQ2Njc2
LzEva2NMQ2tTNFFXQldIQlNwY3AzQ1JDeVlYVHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgUXAAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCd90R5oyR2fpH/7pYTtWVDge/PEVxqkPB/yAmD
y20M8Hd0I4qrD+ejs/eV4D0Uv3WTzwz5heEtke2nY08DXTI/tnZB1R9AYII9eimw
2/capKIW44snhJcVVWy/S+stwAbfaZ67BXoj9T6AilalCp0wYF3Q6dlkyS368ofH
vGMh+hRBBI3hxmYEIGIhnLf2J71Q2nLgfu1VjHQjXFBiFBTEa84HcgQHC0LL5Fyr
cfOGnBOM66Ixp39NQhvJFvfc3nevPQKcDHEazu+8/3XzoRQSVM9IvEDp1w8NhgmH
CIGhm/t7bIYesz+38jNYgcZeIFXAwfIZPvBkBgK250+usPgg
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:29:38 2024 by rpki-client on console-ams.rpki-client.org