Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/b73add-ea0f-4c22-980e-059bab015cc3/1/kg-X3vXZg48bU6ImsIztKmS_FzE.roa
File:                     kg-X3vXZg48bU6ImsIztKmS_FzE.roa (raw, json)
Hash identifier:          nRM7rXh74ZxW2a1memTAGXkFe+xQ7LRRqBUOffrqzOw=
Subject key identifier:   92:0F:97:DE:F5:D9:83:8F:1B:53:A2:26:B0:8C:ED:2A:64:BF:17:31
Certificate issuer:       /CN=bbe026ef26920909d931ea4dac9d9390486b4153
Certificate serial:       018CC86F70285036BA8F764A76BCA09F259D
Authority key identifier: BB:E0:26:EF:26:92:09:09:D9:31:EA:4D:AC:9D:93:90:48:6B:41:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u-Am7yaSCQnZMepNrJ2TkEhrQVM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/b73add-ea0f-4c22-980e-059bab015cc3/1/kg-X3vXZg48bU6ImsIztKmS_FzE.roa
Signing time:             Tue 02 Jan 2024 04:29:55 +0000
ROA not before:           Tue 02 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1680
IP address blocks:        2a10:640::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/b73add-ea0f-4c22-980e-059bab015cc3/1/u-Am7yaSCQnZMepNrJ2TkEhrQVM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/b73add-ea0f-4c22-980e-059bab015cc3/1/u-Am7yaSCQnZMepNrJ2TkEhrQVM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u-Am7yaSCQnZMepNrJ2TkEhrQVM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:70:28:50:36:ba:8f:76:4a:76:bc:a0:9f:25:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbe026ef26920909d931ea4dac9d9390486b4153
        Validity
            Not Before: Jan  2 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=920f97def5d9838f1b53a226b08ced2a64bf1731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4f:66:b0:31:38:e2:03:2b:4e:55:19:f4:00:
                    74:f6:ee:b3:5a:15:0d:c0:7e:2a:f6:4f:ec:6c:6b:
                    11:9d:e3:7d:c7:2a:39:6f:df:52:95:eb:c6:56:78:
                    47:42:3d:ab:4d:3c:72:83:bd:09:f2:5a:bd:f3:18:
                    66:b9:d6:f8:30:90:e9:d7:ec:26:56:9d:7c:03:f7:
                    ce:60:6f:d9:00:7c:81:6e:dd:d1:8a:b5:44:6f:49:
                    d6:6d:90:48:4a:17:06:d3:a0:b1:a7:34:e1:f4:df:
                    23:bf:de:88:16:8c:31:2b:73:26:8e:d1:da:e9:85:
                    4b:d3:73:10:ea:a5:23:79:aa:89:da:59:5a:66:52:
                    5e:8c:41:6a:1c:6a:c7:38:04:58:dc:ea:4d:cf:77:
                    53:0d:67:30:6e:54:ad:97:11:1f:e4:9f:d5:90:f5:
                    ab:47:0f:1d:a5:41:03:4b:36:a2:29:44:c9:03:69:
                    c1:31:49:7f:76:a7:93:e1:13:18:3f:66:2b:f9:d3:
                    6e:30:2c:e3:47:78:af:d6:bd:13:26:a5:23:42:b1:
                    84:e7:a0:06:56:5c:68:a1:96:38:74:00:db:55:5a:
                    89:66:6c:b2:33:cd:dc:d4:2e:c9:c2:54:43:89:ef:
                    b6:ac:6c:05:10:3b:d9:24:41:06:b5:03:f8:25:20:
                    5a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:0F:97:DE:F5:D9:83:8F:1B:53:A2:26:B0:8C:ED:2A:64:BF:17:31
            X509v3 Authority Key Identifier:
                keyid:BB:E0:26:EF:26:92:09:09:D9:31:EA:4D:AC:9D:93:90:48:6B:41:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u-Am7yaSCQnZMepNrJ2TkEhrQVM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/b73add-ea0f-4c22-980e-059bab015cc3/1/kg-X3vXZg48bU6ImsIztKmS_FzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/b73add-ea0f-4c22-980e-059bab015cc3/1/u-Am7yaSCQnZMepNrJ2TkEhrQVM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:640::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:7a:0d:f6:d6:5a:a1:5c:9e:2d:92:c0:75:d5:87:39:39:94:
         59:54:ff:55:a6:23:38:23:21:72:a2:14:c4:01:dd:d3:29:b3:
         30:ac:20:fd:0d:c9:40:4d:5b:4b:c0:9a:de:65:24:c9:8d:5d:
         32:1b:7c:68:64:93:11:2e:29:90:51:9e:7f:a1:3f:59:1b:f5:
         cf:35:dc:c6:1b:d9:33:d5:86:f0:d9:2a:4e:ca:35:ba:52:03:
         2b:14:25:4d:6c:bf:de:14:21:f2:8e:ef:c0:ee:d4:5c:cf:53:
         5e:0d:19:c8:16:d6:35:67:49:06:9d:ac:22:54:da:1f:bb:21:
         ab:2a:6f:91:85:08:89:24:05:4b:45:39:88:e7:f2:e0:96:75:
         a9:43:c6:95:7b:37:88:16:b5:6c:c7:50:46:fa:c9:11:ee:cc:
         e0:25:c8:bf:09:ff:37:44:fe:17:9a:5f:20:be:2b:a7:b7:73:
         e1:ef:49:19:48:de:37:00:6a:ca:a8:8d:eb:3b:f8:2d:a8:34:
         6f:ef:93:0d:75:95:3f:3d:f9:2b:0f:21:49:72:03:9f:c7:e9:
         61:57:9c:3d:2c:a2:0c:ae:b5:78:0c:5f:34:88:c7:82:d7:9b:
         f8:64:08:7f:c7:f5:a6:8a:e5:b2:5d:0d:c3:2a:4d:58:e2:be:
         c0:44:01:65
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIb3AoUDa6j3ZKdrygnyWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZTAyNmVmMjY5MjA5MDlkOTMxZWE0ZGFjOWQ5MzkwNDg2
YjQxNTMwHhcNMjQwMTAyMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjBmOTdkZWY1ZDk4MzhmMWI1M2EyMjZiMDhjZWQyYTY0YmYxNzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkU9msDE44gMrTlUZ9AB09u6zWhUN
wH4q9k/sbGsRneN9xyo5b99SlevGVnhHQj2rTTxyg70J8lq98xhmudb4MJDp1+wm
Vp18A/fOYG/ZAHyBbt3RirVEb0nWbZBIShcG06CxpzTh9N8jv96IFowxK3MmjtHa
6YVL03MQ6qUjeaqJ2llaZlJejEFqHGrHOARY3OpNz3dTDWcwblStlxEf5J/VkPWr
Rw8dpUEDSzaiKUTJA2nBMUl/dqeT4RMYP2Yr+dNuMCzjR3iv1r0TJqUjQrGE56AG
VlxooZY4dADbVVqJZmyyM83c1C7JwlRDie+2rGwFEDvZJEEGtQP4JSBaAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJIPl9712YOPG1OiJrCM7SpkvxcxMB8GA1UdIwQY
MBaAFLvgJu8mkgkJ2THqTaydk5BIa0FTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdS1BbTd5YVNDUW5aTWVwTnJKMlRrRWhyUVZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9iNzNhZGQtZWEwZi00YzIyLTk4MGUt
MDU5YmFiMDE1Y2MzLzEva2ctWDN2WFpnNDhiVTZJbXNJenRLbVNfRnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9iNzNhZGQtZWEwZi00YzIyLTk4MGUtMDU5YmFiMDE1Y2Mz
LzEvdS1BbTd5YVNDUW5aTWVwTnJKMlRrRWhyUVZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhAGQDAN
BgkqhkiG9w0BAQsFAAOCAQEAPHoN9tZaoVyeLZLAddWHOTmUWVT/VaYjOCMhcqIU
xAHd0ymzMKwg/Q3JQE1bS8Ca3mUkyY1dMht8aGSTES4pkFGef6E/WRv1zzXcxhvZ
M9WG8NkqTso1ulIDKxQlTWy/3hQh8o7vwO7UXM9TXg0ZyBbWNWdJBp2sIlTaH7sh
qypvkYUIiSQFS0U5iOfy4JZ1qUPGlXs3iBa1bMdQRvrJEe7M4CXIvwn/N0T+F5pf
IL4rp7dz4e9JGUjeNwBqyqiN6zv4Lag0b++TDXWVPz35Kw8hSXIDn8fpYVecPSyi
DK61eAxfNIjHgteb+GQIf8f1porlsl0NwypNWOK+wEQBZQ==
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:06:07 2024 by rpki-client on console-ams.rpki-client.org