Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/638uFnBf9u-CU1TBNMi5L2_XhTQ.roa
File:                     638uFnBf9u-CU1TBNMi5L2_XhTQ.roa (raw, json)
Hash identifier:          JWiCRFLKaF7VVrb17k99niihe0/X3aU+vgdBiT5sPCw=
Subject key identifier:   EB:7F:2E:16:70:5F:F6:EF:82:53:54:C1:34:C8:B9:2F:6F:D7:85:34
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018D275A6492233943219A31C53B24CE32CA
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/638uFnBf9u-CU1TBNMi5L2_XhTQ.roa
Signing time:             Sat 20 Jan 2024 14:50:51 +0000
ROA not before:           Sat 20 Jan 2024 14:50:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400907
IP address blocks:        2a0d:6f80:176f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:27:5a:64:92:23:39:43:21:9a:31:c5:3b:24:ce:32:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan 20 14:50:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb7f2e16705ff6ef825354c134c8b92f6fd78534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ff:33:90:05:92:cd:7f:3a:91:be:c3:96:b2:
                    f7:31:a1:ae:4d:43:d4:34:50:91:d0:6a:4e:f4:2c:
                    17:21:04:e9:a4:90:38:26:bc:12:b5:09:cb:f9:1a:
                    38:93:8c:37:96:7a:8b:33:bd:1b:75:d0:cb:d4:e1:
                    d8:f8:bb:c0:7c:80:d3:e6:16:56:91:d2:88:48:22:
                    9c:49:ff:97:ea:c0:0c:15:21:b9:b0:da:94:64:8b:
                    ea:7e:e9:1b:b4:44:0b:63:34:1d:04:ef:20:86:41:
                    3b:4d:27:df:8c:31:90:ea:bf:b5:56:38:2c:a8:7d:
                    0f:70:16:0c:0d:b4:25:48:df:59:48:d3:bc:58:25:
                    de:6b:1e:e6:e8:cd:e8:26:2a:87:66:e0:a1:21:32:
                    28:f6:41:39:ad:e1:18:41:47:21:ac:ba:58:e3:f5:
                    2d:d1:17:21:0b:2e:72:0a:41:d6:d5:a4:51:dd:e8:
                    05:0f:6c:f6:f1:6c:c1:26:b9:78:11:2d:67:88:4a:
                    fc:63:e5:ea:1b:65:d3:11:51:f7:c5:52:e3:3e:6c:
                    45:1b:35:49:7f:0f:05:61:7a:e3:b6:33:fa:f3:92:
                    b2:a3:ed:e3:ce:30:56:eb:55:01:92:83:4d:a5:e6:
                    d1:b0:09:5b:e5:af:82:9a:f9:71:9d:35:51:c4:10:
                    74:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:7F:2E:16:70:5F:F6:EF:82:53:54:C1:34:C8:B9:2F:6F:D7:85:34
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/638uFnBf9u-CU1TBNMi5L2_XhTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:176f::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:f2:d9:68:44:fc:cd:f7:7b:9f:ad:99:c9:ac:a9:84:a2:41:
         9a:c2:34:2e:14:fb:5b:f5:3a:46:f3:5f:e1:da:14:b2:e9:8e:
         ef:0c:09:f0:0b:ea:b1:7f:15:5c:11:0a:a8:38:2d:2e:23:94:
         0a:04:31:65:14:e6:9a:b7:95:e2:ad:b2:69:d6:2e:aa:c8:0f:
         ce:66:2c:b1:71:13:0b:9c:05:f1:b0:25:70:de:5f:56:d4:b3:
         b2:af:ef:00:82:34:45:5d:18:fd:c3:57:42:2f:77:28:ef:7b:
         82:41:d8:78:94:ca:2a:a0:c1:a9:e1:c7:42:a6:19:5f:d0:09:
         c1:2b:e1:5c:d0:8f:f1:da:8c:ec:4c:5e:ff:10:f3:69:84:5b:
         f9:34:30:5a:72:4c:9d:db:a3:e7:23:45:38:5a:39:87:5d:01:
         95:2a:0b:78:06:85:b3:ca:28:f0:60:51:62:94:89:66:78:76:
         1d:8d:a8:ad:62:4e:29:a7:1a:b7:a2:25:eb:fe:b1:47:88:fa:
         b3:e1:a8:dd:4a:39:89:73:95:bd:4a:86:57:85:26:24:7f:07:
         d4:81:7f:60:b3:2d:d1:02:ba:61:c6:f7:29:b3:88:7d:98:7b:
         72:f2:5e:51:82:25:f0:7a:a6:2a:ce:b0:d7:9e:5e:7a:c5:71:
         5b:8c:df:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0nWmSSIzlDIZoxxTskzjLKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTIwMTQ1MDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjdmMmUxNjcwNWZmNmVmODI1MzU0YzEzNGM4YjkyZjZmZDc4NTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/8zkAWSzX86kb7DlrL3MaGuTUPU
NFCR0GpO9CwXIQTppJA4JrwStQnL+Ro4k4w3lnqLM70bddDL1OHY+LvAfIDT5hZW
kdKISCKcSf+X6sAMFSG5sNqUZIvqfukbtEQLYzQdBO8ghkE7TSffjDGQ6r+1Vjgs
qH0PcBYMDbQlSN9ZSNO8WCXeax7m6M3oJiqHZuChITIo9kE5reEYQUchrLpY4/Ut
0RchCy5yCkHW1aRR3egFD2z28WzBJrl4ES1niEr8Y+XqG2XTEVH3xVLjPmxFGzVJ
fw8FYXrjtjP685Kyo+3jzjBW61UBkoNNpebRsAlb5a+CmvlxnTVRxBB0DQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOt/LhZwX/bvglNUwTTIuS9v14U0MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvNjM4dUZuQmY5dS1DVTFUQk5NaTVMMl9YaFRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgBdv
MA0GCSqGSIb3DQEBCwUAA4IBAQBx8tloRPzN93ufrZnJrKmEokGawjQuFPtb9TpG
81/h2hSy6Y7vDAnwC+qxfxVcEQqoOC0uI5QKBDFlFOaat5XirbJp1i6qyA/OZiyx
cRMLnAXxsCVw3l9W1LOyr+8AgjRFXRj9w1dCL3co73uCQdh4lMoqoMGp4cdCphlf
0AnBK+Fc0I/x2ozsTF7/EPNphFv5NDBackyd26PnI0U4WjmHXQGVKgt4BoWzyijw
YFFilIlmeHYdjaitYk4ppxq3oiXr/rFHiPqz4ajdSjmJc5W9SoZXhSYkfwfUgX9g
sy3RArphxvcps4h9mHty8l5RgiXweqYqzrDXnl56xXFbjN+e
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:19:48 2024 by rpki-client on console-ams.rpki-client.org