Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/PTkkSYzfweR_ck6bcq9eq6VkPuE.roa
File:                     PTkkSYzfweR_ck6bcq9eq6VkPuE.roa (raw, json)
Hash identifier:          JTzJNRwnKAQgC5pMWvNgvs48p3R0igxleAErDYFN55Q=
Subject key identifier:   3D:39:24:49:8C:DF:C1:E4:7F:72:4E:9B:72:AF:5E:AB:A5:64:3E:E1
Certificate issuer:       /CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
Certificate serial:       0190BB3843AA3289A1AAB9800E54CCA748FB
Authority key identifier: B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/PTkkSYzfweR_ck6bcq9eq6VkPuE.roa
Signing time:             Tue 16 Jul 2024 11:05:44 +0000
ROA not before:           Tue 16 Jul 2024 11:05:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        2a14:1d40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bb:38:43:aa:32:89:a1:aa:b9:80:0e:54:cc:a7:48:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
        Validity
            Not Before: Jul 16 11:05:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d3924498cdfc1e47f724e9b72af5eaba5643ee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a1:d3:dd:34:70:30:9e:02:bc:6d:94:72:52:
                    2c:46:4f:c6:a3:c6:bb:fc:1d:83:c6:55:bd:58:b0:
                    cb:97:08:a2:6d:57:1a:77:08:f1:fc:bf:10:e9:8c:
                    8f:11:3a:84:2c:ef:44:4b:02:05:1b:b2:15:8b:5c:
                    7c:f6:63:c8:a2:c6:c3:ef:b3:de:4e:38:a1:fb:d8:
                    94:32:f6:62:41:19:0b:c2:b4:07:ab:4f:22:f7:8f:
                    fb:46:7e:a9:d5:c2:3c:b9:6d:01:86:bd:a5:58:e8:
                    f4:0e:27:63:c8:20:99:b9:8a:0a:4b:bf:24:93:f6:
                    16:5d:70:d7:54:1d:2e:86:e4:bd:9b:a8:8d:c8:bc:
                    f5:0d:28:b9:3c:05:aa:8f:09:8a:6c:92:c8:22:b8:
                    d8:4b:28:85:18:c9:28:ae:4f:87:60:98:82:a7:95:
                    26:ed:df:9a:2c:45:01:0f:e0:68:69:60:0e:d5:a1:
                    89:00:48:69:7f:96:e5:36:8d:68:3a:17:df:f7:04:
                    3e:d3:af:d3:ee:91:e1:14:26:b9:99:ac:b8:06:65:
                    78:81:2d:a0:55:01:92:aa:83:a2:bc:73:1c:17:50:
                    fe:6e:40:72:38:1b:0d:7b:5e:3c:37:3f:ac:57:f6:
                    37:d4:6b:ef:12:47:c0:2d:25:1e:ce:6b:9f:b2:01:
                    e2:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:39:24:49:8C:DF:C1:E4:7F:72:4E:9B:72:AF:5E:AB:A5:64:3E:E1
            X509v3 Authority Key Identifier:
                keyid:B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/PTkkSYzfweR_ck6bcq9eq6VkPuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:16:f6:38:fb:3b:0d:b1:d7:0e:22:72:ea:08:e3:c8:49:d8:
         3b:1f:20:91:8c:50:79:3c:d9:7d:7c:58:ff:e9:00:73:f3:43:
         c9:a4:fa:cf:6c:ee:d7:29:41:c1:10:1d:5e:87:08:09:36:73:
         dc:0a:73:05:36:90:50:a4:61:19:08:1e:c5:fd:88:c1:6e:c5:
         a7:99:40:64:5f:1a:17:86:21:83:5d:c4:f8:04:10:8c:9e:81:
         d1:78:de:b5:db:7d:67:20:b3:7b:6e:71:ae:c9:fa:cc:2b:01:
         40:7d:1e:a9:30:49:cd:fb:bc:42:65:54:ad:44:d9:a4:4c:ed:
         3d:b1:e9:eb:94:4c:af:cc:33:01:e0:b0:fc:45:a2:b1:b1:7a:
         52:f4:7e:42:5f:92:d5:a1:ba:fc:f9:ab:02:87:4d:1c:47:28:
         d0:43:5f:71:b5:80:0f:1f:76:15:a0:dc:0a:34:fc:61:a7:cd:
         bb:56:36:dc:3f:22:1a:06:0b:e7:ae:fc:ac:55:89:51:d7:6a:
         df:c7:b1:6e:fb:33:3a:4c:9d:b3:f9:50:4e:66:52:d4:4a:fc:
         1d:f2:2d:a5:f1:78:27:a4:0e:38:25:a8:39:bc:6d:a8:53:99:
         21:91:f1:40:d4:52:d7:2d:8f:27:a0:66:59:fa:54:d3:55:ce:
         20:19:68:dc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZC7OEOqMomhqrmADlTMp0j7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5M2Q0OTA4ZDljNDNhODVmODViZTE5MzM0YTI2ZjVkNTEz
NTBiY2IwHhcNMjQwNzE2MTEwNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDM5MjQ0OThjZGZjMWU0N2Y3MjRlOWI3MmFmNWVhYmE1NjQzZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaHT3TRwMJ4CvG2UclIsRk/Go8a7
/B2DxlW9WLDLlwiibVcadwjx/L8Q6YyPETqELO9ESwIFG7IVi1x89mPIosbD77Pe
Tjih+9iUMvZiQRkLwrQHq08i94/7Rn6p1cI8uW0Bhr2lWOj0DidjyCCZuYoKS78k
k/YWXXDXVB0uhuS9m6iNyLz1DSi5PAWqjwmKbJLIIrjYSyiFGMkork+HYJiCp5Um
7d+aLEUBD+BoaWAO1aGJAEhpf5blNo1oOhff9wQ+06/T7pHhFCa5may4BmV4gS2g
VQGSqoOivHMcF1D+bkByOBsNe148Nz+sV/Y31GvvEkfALSUezmufsgHi/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD05JEmM38Hkf3JOm3KvXqulZD7hMB8GA1UdIwQY
MBaAFLk9SQjZxDqF+FvhkzSib11RNQvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAt
NTI4NzQ2MTFjZDIxLzEvUFRra1NZemZ3ZVJfY2s2YmNxOWVxNlZrUHVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAtNTI4NzQ2MTFjZDIx
LzEvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQdQDAN
BgkqhkiG9w0BAQsFAAOCAQEAPBb2OPs7DbHXDiJy6gjjyEnYOx8gkYxQeTzZfXxY
/+kAc/NDyaT6z2zu1ylBwRAdXocICTZz3ApzBTaQUKRhGQgexf2IwW7Fp5lAZF8a
F4Yhg13E+AQQjJ6B0Xjetdt9ZyCze25xrsn6zCsBQH0eqTBJzfu8QmVUrUTZpEzt
PbHp65RMr8wzAeCw/EWisbF6UvR+Ql+S1aG6/PmrAodNHEco0ENfcbWADx92FaDc
CjT8YafNu1Y23D8iGgYL5678rFWJUddq38exbvszOkyds/lQTmZS1Er8HfItpfF4
J6QOOCWoObxtqFOZIZHxQNRS1y2PJ6BmWfpU01XOIBlo3A==
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:48:41 2024 by rpki-client on console-fra.rpki-client.org