Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/brGVx2gXTO-j0YiNVA2oTS8jSlU.roa
File:                     brGVx2gXTO-j0YiNVA2oTS8jSlU.roa (raw, json)
Hash identifier:          v6+Zbw809J41VCp2uMNCmNr1FVHmRNbRP09+1bJvlj4=
Subject key identifier:   6E:B1:95:C7:68:17:4C:EF:A3:D1:88:8D:54:0D:A8:4D:2F:23:4A:55
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019033F8B284F42FBAE20071AAF62F684992
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/brGVx2gXTO-j0YiNVA2oTS8jSlU.roa
Signing time:             Thu 20 Jun 2024 04:47:34 +0000
ROA not before:           Thu 20 Jun 2024 04:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213261
IP address blocks:        2a0d:6f80:2a43::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:33:f8:b2:84:f4:2f:ba:e2:00:71:aa:f6:2f:68:49:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 20 04:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6eb195c768174cefa3d1888d540da84d2f234a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:08:36:ca:7f:5e:a8:44:2c:03:98:5d:9b:b0:
                    cc:b4:61:62:1c:ac:17:d2:8d:cd:e5:93:bc:a0:65:
                    5e:41:bf:cd:34:c2:c0:1c:4d:e7:66:5b:d0:51:a2:
                    03:93:13:25:ac:6a:08:98:81:a0:b7:a8:be:f2:65:
                    0b:49:50:11:20:30:3b:f7:1b:11:f5:ed:1a:ff:01:
                    ac:df:5b:51:de:ec:25:2e:23:81:7e:83:fb:08:4c:
                    55:5b:2e:0f:2a:4b:a5:63:96:c3:c4:61:ff:22:1f:
                    db:05:a7:f7:7f:24:c2:8c:24:1d:8d:9d:e2:ae:26:
                    b4:a2:7c:a8:f6:76:66:86:e5:77:3e:bc:58:e0:8c:
                    36:35:5c:56:11:99:0e:a2:15:a8:00:9b:7c:ea:83:
                    ea:02:ba:92:c5:09:a1:10:2e:a3:83:63:9f:55:ab:
                    70:3a:66:79:78:76:06:84:18:ae:9e:e5:54:5d:d4:
                    8c:8f:cf:d9:7c:78:29:be:8f:6f:1d:56:79:2a:e2:
                    de:a6:a2:cb:e5:22:fb:7a:97:41:63:15:bf:f4:24:
                    a5:29:92:44:98:80:3f:c4:9e:e3:2f:c2:7d:4b:ae:
                    a1:7c:53:4d:58:c7:c7:94:cf:d2:0e:0c:9a:ab:09:
                    3f:1d:38:b6:00:86:d8:67:13:22:25:ba:93:e2:3e:
                    9d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:B1:95:C7:68:17:4C:EF:A3:D1:88:8D:54:0D:A8:4D:2F:23:4A:55
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/brGVx2gXTO-j0YiNVA2oTS8jSlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:2a43::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:6a:6b:b8:ad:1c:fa:f9:ca:a7:38:bc:e5:64:01:06:d8:32:
         80:8d:e2:52:31:b3:61:79:6c:8b:12:c0:5c:48:df:79:cc:94:
         c7:e1:73:a4:f4:1a:21:0f:dd:25:fd:5f:ea:ad:11:b3:46:cf:
         bd:df:55:de:56:9e:f6:e6:98:39:a1:07:fd:18:8f:e2:b6:b8:
         d2:ef:4e:2d:10:91:b4:84:8f:1a:03:9f:ee:68:3b:28:6d:e5:
         18:9c:90:77:81:34:80:9e:eb:b6:d5:7c:97:72:c2:4a:cd:25:
         c9:0b:66:b9:ca:86:91:96:f4:06:1f:50:21:4b:84:dc:5c:b1:
         54:7d:45:39:21:21:0b:c7:0d:4e:2c:58:f5:3b:51:f5:4b:46:
         97:e6:2c:17:34:3a:96:04:a7:b9:f4:44:f7:d6:db:3b:66:47:
         06:6b:d9:07:78:44:3f:89:fd:9c:d9:0f:d7:78:43:2a:51:84:
         6c:12:f9:e6:15:ee:3b:14:38:b6:a0:4e:2f:3c:a8:aa:30:1a:
         18:4f:f7:e2:c3:ec:7f:a2:ba:ec:fb:8f:88:df:d4:9f:b0:63:
         09:c4:e7:f0:4c:f6:52:59:4c:18:5c:eb:be:0e:14:f3:65:1b:
         78:fe:3a:31:ee:8b:a6:8c:ec:bd:2e:6a:fa:18:cd:2b:d0:25:
         ed:f3:1c:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAz+LKE9C+64gBxqvYvaEmSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNjIwMDQ0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWIxOTVjNzY4MTc0Y2VmYTNkMTg4OGQ1NDBkYTg0ZDJmMjM0YTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQg2yn9eqEQsA5hdm7DMtGFiHKwX
0o3N5ZO8oGVeQb/NNMLAHE3nZlvQUaIDkxMlrGoImIGgt6i+8mULSVARIDA79xsR
9e0a/wGs31tR3uwlLiOBfoP7CExVWy4PKkulY5bDxGH/Ih/bBaf3fyTCjCQdjZ3i
ria0onyo9nZmhuV3PrxY4Iw2NVxWEZkOohWoAJt86oPqArqSxQmhEC6jg2OfVatw
OmZ5eHYGhBiunuVUXdSMj8/ZfHgpvo9vHVZ5KuLepqLL5SL7epdBYxW/9CSlKZJE
mIA/xJ7jL8J9S66hfFNNWMfHlM/SDgyaqwk/HTi2AIbYZxMiJbqT4j6dPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG6xlcdoF0zvo9GIjVQNqE0vI0pVMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvYnJHVngyZ1hUTy1qMFlpTlZBMm9UUzhqU2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgCpD
MA0GCSqGSIb3DQEBCwUAA4IBAQBbamu4rRz6+cqnOLzlZAEG2DKAjeJSMbNheWyL
EsBcSN95zJTH4XOk9BohD90l/V/qrRGzRs+931XeVp725pg5oQf9GI/itrjS704t
EJG0hI8aA5/uaDsobeUYnJB3gTSAnuu21XyXcsJKzSXJC2a5yoaRlvQGH1AhS4Tc
XLFUfUU5ISELxw1OLFj1O1H1S0aX5iwXNDqWBKe59ET31ts7ZkcGa9kHeEQ/if2c
2Q/XeEMqUYRsEvnmFe47FDi2oE4vPKiqMBoYT/fiw+x/orrs+4+I39SfsGMJxOfw
TPZSWUwYXOu+DhTzZRt4/jox7oumjOy9Lmr6GM0r0CXt8xzX
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:08:29 2024 by rpki-client on console-fra.rpki-client.org