Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/8rvVVOxo8s_BguyYt-gyqDmKYns.roa
File:                     8rvVVOxo8s_BguyYt-gyqDmKYns.roa (raw, json)
Hash identifier:          0feQ+kMUF1kDno8x+H2CYPeRz3tpDEbMHQOzJ5YQz+M=
Subject key identifier:   F2:BB:D5:54:EC:68:F2:CF:C1:82:EC:98:B7:E8:32:A8:39:8A:62:7B
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       018CCA99EE9503CF9A6D49C4A1547FA93209
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/8rvVVOxo8s_BguyYt-gyqDmKYns.roa
Signing time:             Tue 02 Jan 2024 14:35:34 +0000
ROA not before:           Tue 02 Jan 2024 14:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209018
IP address blocks:        2a0e:800:ff10::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ee:95:03:cf:9a:6d:49:c4:a1:54:7f:a9:32:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan  2 14:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2bbd554ec68f2cfc182ec98b7e832a8398a627b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d2:88:ae:8a:88:60:af:11:a9:31:53:36:1f:
                    90:42:1a:17:d5:d3:2c:68:ae:44:ed:1e:f8:63:89:
                    14:2a:7b:3f:63:3b:ca:ed:11:b8:1f:2b:4c:30:5b:
                    a8:69:73:4b:94:1a:7c:5e:64:e4:ac:4a:f8:ba:68:
                    86:3a:88:09:25:fa:cb:fc:63:59:6c:7d:be:cb:79:
                    22:2c:82:7d:9c:19:01:5c:18:5b:27:03:94:3c:a3:
                    fc:d8:16:62:69:ad:59:fc:75:96:7e:60:41:28:8e:
                    bf:cd:b7:7d:a9:70:b0:f7:04:3c:3c:8d:ab:bf:93:
                    a0:e8:73:77:54:3b:93:36:69:62:1d:d6:6f:7d:b1:
                    bf:d6:6b:8e:d0:8d:0d:1a:09:bc:3a:ae:13:5e:7b:
                    bb:7f:d3:7d:d3:84:a2:c1:a1:ed:1a:e5:8e:1d:df:
                    53:b7:b5:36:e5:31:6e:6c:18:dc:7a:ee:67:f2:8e:
                    0d:8d:b6:ac:c2:d3:e4:a4:f7:cd:e5:3a:bf:be:1a:
                    30:1d:d2:4d:45:25:19:c8:3c:5d:50:bb:8c:6f:b1:
                    99:8e:eb:1d:16:d5:c5:49:f2:cb:96:ea:18:65:ef:
                    cc:f5:0e:a3:88:2b:83:f4:b0:07:94:6d:a9:d0:43:
                    c5:c7:a8:fd:e9:3e:80:a1:63:98:56:e8:e9:55:14:
                    e4:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:BB:D5:54:EC:68:F2:CF:C1:82:EC:98:B7:E8:32:A8:39:8A:62:7B
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/8rvVVOxo8s_BguyYt-gyqDmKYns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:800:ff10::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:a9:d0:da:9b:d6:4d:dc:52:4c:52:80:80:ee:22:17:ad:4b:
         a1:f8:c7:a7:d5:bb:39:c9:87:13:91:bc:25:b3:06:6f:1a:cf:
         6f:f8:a0:e4:21:19:3d:20:79:e5:a1:94:55:90:c2:83:23:58:
         ef:fd:95:71:69:b5:24:99:83:6b:5e:c2:e8:cd:55:38:3d:26:
         87:96:b2:6e:11:86:bc:b0:6c:a8:0e:22:ac:1c:16:d4:6c:02:
         8c:e2:f4:28:c0:7c:35:60:45:85:fc:4f:7d:c4:44:3c:7f:ee:
         43:79:08:db:3e:23:32:fb:62:28:9a:e4:a5:12:3e:7b:c9:4e:
         c9:94:13:25:86:24:04:ae:26:7e:aa:b0:c0:53:7e:64:1a:cd:
         3e:0a:b4:aa:03:bb:13:b8:54:49:ce:1e:86:9e:3d:bc:b2:11:
         3b:71:25:6c:d3:26:94:ac:ac:c6:0c:21:49:84:a6:ba:de:19:
         44:45:61:5f:e1:6b:c3:6f:e8:93:3b:9e:c9:95:5a:13:57:fd:
         e5:a6:d6:97:10:a5:d8:af:ce:2f:5a:0d:2a:29:0e:dd:61:1f:
         1d:03:2d:52:ec:59:1e:d4:66:77:cd:5b:a8:d8:c6:c4:ea:45:
         79:65:34:85:e4:18:c0:2d:9b:3b:6c:88:ae:9d:50:68:05:2f:
         12:f8:ee:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKme6VA8+abUnEoVR/qTIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjQwMTAyMTQzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmJiZDU1NGVjNjhmMmNmYzE4MmVjOThiN2U4MzJhODM5OGE2MjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9KIroqIYK8RqTFTNh+QQhoX1dMs
aK5E7R74Y4kUKns/YzvK7RG4HytMMFuoaXNLlBp8XmTkrEr4umiGOogJJfrL/GNZ
bH2+y3kiLIJ9nBkBXBhbJwOUPKP82BZiaa1Z/HWWfmBBKI6/zbd9qXCw9wQ8PI2r
v5Og6HN3VDuTNmliHdZvfbG/1muO0I0NGgm8Oq4TXnu7f9N904SiwaHtGuWOHd9T
t7U25TFubBjceu5n8o4NjbaswtPkpPfN5Tq/vhowHdJNRSUZyDxdULuMb7GZjusd
FtXFSfLLluoYZe/M9Q6jiCuD9LAHlG2p0EPFx6j96T6AoWOYVujpVRTkHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPK71VTsaPLPwYLsmLfoMqg5imJ7MB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEvOHJ2VlZPeG84c19CZ3V5WXQtZ3lxRG1LWW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg4IAP8Q
MA0GCSqGSIb3DQEBCwUAA4IBAQA8qdDam9ZN3FJMUoCA7iIXrUuh+Men1bs5yYcT
kbwlswZvGs9v+KDkIRk9IHnloZRVkMKDI1jv/ZVxabUkmYNrXsLozVU4PSaHlrJu
EYa8sGyoDiKsHBbUbAKM4vQowHw1YEWF/E99xEQ8f+5DeQjbPiMy+2IomuSlEj57
yU7JlBMlhiQEriZ+qrDAU35kGs0+CrSqA7sTuFRJzh6Gnj28shE7cSVs0yaUrKzG
DCFJhKa63hlERWFf4WvDb+iTO57JlVoTV/3lptaXEKXYr84vWg0qKQ7dYR8dAy1S
7Fke1GZ3zVuo2MbE6kV5ZTSF5BjALZs7bIiunVBoBS8S+O62
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:02:27 2024 by rpki-client on console-ams.rpki-client.org