Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/krjDxfU590GjTH49GE4EgTMh2SQ.roa
File:                     krjDxfU590GjTH49GE4EgTMh2SQ.roa (raw, json)
Hash identifier:          hrSYcdx5kxvJA5HJ5ilgciv45kJOsUoLeAOkrImHdPw=
Subject key identifier:   92:B8:C3:C5:F5:39:F7:41:A3:4C:7E:3D:18:4E:04:81:33:21:D9:24
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       018CCA99EE19A27409D80A48CA197D1E0E4D
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/krjDxfU590GjTH49GE4EgTMh2SQ.roa
Signing time:             Tue 02 Jan 2024 14:35:34 +0000
ROA not before:           Tue 02 Jan 2024 14:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208266
IP address blocks:        2a0e:800:ff40::/42 maxlen: 48
                          2a0e:800:ff20::/48 maxlen: 48
                          2a0e:800:ff21::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ee:19:a2:74:09:d8:0a:48:ca:19:7d:1e:0e:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan  2 14:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92b8c3c5f539f741a34c7e3d184e04813321d924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9e:b4:5b:39:e6:1b:62:74:89:b0:14:93:15:
                    62:ee:69:b5:0f:5a:82:2b:b5:b9:67:d0:a3:3d:7d:
                    4d:33:2b:99:75:d9:64:a7:78:6f:ff:b5:40:d3:f9:
                    93:62:6b:14:60:27:59:44:ad:50:58:35:6b:f1:c2:
                    62:a3:1a:cb:11:51:cc:2f:1a:85:6a:d4:64:c0:db:
                    9e:24:db:04:01:8e:a9:2e:61:37:4c:60:d5:b2:83:
                    fc:75:2f:40:6f:c8:65:7d:f8:04:f4:20:1c:cc:c0:
                    8b:a0:ed:7f:b1:1a:d9:92:8e:8c:fa:7f:6c:54:ca:
                    5a:ff:19:04:f3:dc:a1:79:7f:c8:18:c6:74:d6:d6:
                    ce:e3:7c:a7:86:dc:de:5c:da:2b:57:b1:83:43:4f:
                    8f:17:9b:74:91:1e:b9:6c:ed:67:b0:5d:4c:a0:53:
                    5c:c1:4d:f6:e1:bd:30:11:45:68:81:e3:8e:bd:6d:
                    71:da:12:62:77:04:a2:77:8a:16:b9:1e:9d:92:4c:
                    83:cb:5e:e1:9e:87:33:1e:ce:68:b3:a4:75:e8:e1:
                    2e:8e:b1:c9:8c:45:be:16:22:48:93:b6:03:f5:a6:
                    6e:36:f2:be:8a:2a:04:e6:1a:d6:2e:56:db:e0:16:
                    d7:65:f8:1b:a6:5c:d7:93:02:8d:ca:c0:a9:03:43:
                    55:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:B8:C3:C5:F5:39:F7:41:A3:4C:7E:3D:18:4E:04:81:33:21:D9:24
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/krjDxfU590GjTH49GE4EgTMh2SQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:800:ff20::/47
                  2a0e:800:ff40::/42

    Signature Algorithm: sha256WithRSAEncryption
         a8:f5:31:35:5f:c6:57:12:ad:6a:13:e2:d6:03:4a:a4:09:ae:
         08:6d:af:36:d4:6e:37:a5:72:aa:80:f8:55:8b:a7:a2:f5:e6:
         a5:a8:50:60:84:8c:af:8f:eb:e9:38:91:da:6e:f5:a0:35:cd:
         4b:e2:b4:9d:79:50:64:32:59:f6:a1:04:b5:6f:20:82:7d:89:
         8f:18:6a:1c:37:97:40:ec:3f:8b:fb:e2:09:91:a5:55:aa:d9:
         64:89:47:a7:6d:d3:cc:57:d9:3a:f2:17:4f:f4:6e:dc:ed:d5:
         9e:4b:28:52:14:b8:36:74:ea:dd:e6:79:a4:c2:a7:5e:a9:12:
         1b:25:bc:44:12:89:16:ea:8c:7a:fb:03:a5:f6:32:db:91:21:
         ff:0a:4f:20:22:b4:3b:54:25:f3:64:76:66:d8:75:c3:ad:17:
         76:ba:b8:7e:68:bb:ae:e8:9c:71:ee:33:8f:74:36:41:83:7d:
         2d:67:73:21:65:d9:90:7e:5e:5b:33:84:e5:8b:68:51:2f:84:
         21:5c:35:af:9b:b9:9c:8b:14:4c:65:e0:75:98:a7:50:90:1a:
         82:ef:bd:d2:4c:f8:4f:76:cb:8b:41:27:cd:18:1a:5a:14:b8:
         05:89:3f:36:e4:21:0d:6c:b3:f8:97:b0:65:f0:cb:34:a7:f9:
         e5:ce:25:9c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKme4ZonQJ2ApIyhl9Hg5NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjQwMTAyMTQzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmI4YzNjNWY1MzlmNzQxYTM0YzdlM2QxODRlMDQ4MTMzMjFkOTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJ60WznmG2J0ibAUkxVi7mm1D1qC
K7W5Z9CjPX1NMyuZddlkp3hv/7VA0/mTYmsUYCdZRK1QWDVr8cJioxrLEVHMLxqF
atRkwNueJNsEAY6pLmE3TGDVsoP8dS9Ab8hlffgE9CAczMCLoO1/sRrZko6M+n9s
VMpa/xkE89yheX/IGMZ01tbO43ynhtzeXNorV7GDQ0+PF5t0kR65bO1nsF1MoFNc
wU324b0wEUVogeOOvW1x2hJidwSid4oWuR6dkkyDy17hnoczHs5os6R16OEujrHJ
jEW+FiJIk7YD9aZuNvK+iioE5hrWLlbb4BbXZfgbplzXkwKNysCpA0NVFwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJK4w8X1OfdBo0x+PRhOBIEzIdkkMB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEva3JqRHhmVTU5MEdqVEg0OUdFNEVnVE1oMlNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKg4IAP8g
AwcGKg4IAP9AMA0GCSqGSIb3DQEBCwUAA4IBAQCo9TE1X8ZXEq1qE+LWA0qkCa4I
ba821G43pXKqgPhVi6ei9ealqFBghIyvj+vpOJHabvWgNc1L4rSdeVBkMln2oQS1
byCCfYmPGGocN5dA7D+L++IJkaVVqtlkiUenbdPMV9k68hdP9G7c7dWeSyhSFLg2
dOrd5nmkwqdeqRIbJbxEEokW6ox6+wOl9jLbkSH/Ck8gIrQ7VCXzZHZm2HXDrRd2
urh+aLuu6Jxx7jOPdDZBg30tZ3MhZdmQfl5bM4Tli2hRL4QhXDWvm7mcixRMZeB1
mKdQkBqC773STPhPdsuLQSfNGBpaFLgFiT825CENbLP4l7Bl8Ms0p/nlziWc
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:02:27 2024 by rpki-client on console-ams.rpki-client.org