Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1-a02i6GtMriwrf0CsVjghIktjWg.roa
File:                     1-a02i6GtMriwrf0CsVjghIktjWg.roa (raw, json)
Hash identifier:          pIdOInPCcm6ZKLRZfRFgvBf17u6W1NdVb3/8mIw9ug0=
Subject key identifier:   F9:AD:36:8B:A1:AD:32:B8:B0:AD:FD:02:B1:58:E0:84:89:2D:8D:68
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA296A8AC81996D359475EC9BC14FD75
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1-a02i6GtMriwrf0CsVjghIktjWg.roa
Signing time:             Tue 02 Jan 2024 12:32:41 +0000
ROA not before:           Tue 02 Jan 2024 12:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211869
IP address blocks:        2a0e:8f02:2150::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:6a:8a:c8:19:96:d3:59:47:5e:c9:bc:14:fd:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9ad368ba1ad32b8b0adfd02b158e084892d8d68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:7c:35:c5:77:88:79:9e:b1:6c:6c:b3:bb:d7:
                    63:6a:88:27:dc:54:41:57:06:80:9b:68:a3:14:15:
                    c6:32:23:59:48:5d:60:68:91:59:07:b9:5d:18:c4:
                    92:dc:97:ba:59:c4:d1:8c:59:6c:9a:d0:92:4f:95:
                    ae:3f:16:1b:6b:e8:e4:c9:01:56:b2:60:99:d3:5e:
                    fd:b1:d0:cb:f8:e7:61:0a:c4:e1:7a:84:ba:30:df:
                    81:ca:05:a9:55:23:9c:9b:a5:10:e7:02:52:91:7b:
                    f6:4b:90:17:63:36:af:4b:e3:f9:be:65:f7:1d:bb:
                    8c:2c:b5:55:96:a5:b2:22:89:48:d0:7f:29:97:b2:
                    b2:db:6c:78:aa:39:d3:d0:74:92:5e:2d:7e:9b:aa:
                    2d:ba:0d:dd:8a:4d:97:c5:6c:79:92:75:7d:3a:9e:
                    c1:d1:69:7b:7d:73:db:20:f8:39:f9:e9:eb:c0:d3:
                    7d:14:91:cb:4f:3f:96:aa:5a:f8:f0:21:73:57:23:
                    bf:86:f3:56:b4:95:50:03:2b:94:f2:83:2d:f3:4a:
                    d8:bf:35:c3:65:a4:61:1b:58:83:1a:a3:05:f4:4b:
                    8c:3f:7c:0a:2c:e9:16:ae:e0:60:9b:b8:fb:40:87:
                    47:51:e7:30:68:65:19:dc:7b:26:69:7b:be:aa:e3:
                    7a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:AD:36:8B:A1:AD:32:B8:B0:AD:FD:02:B1:58:E0:84:89:2D:8D:68
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1-a02i6GtMriwrf0CsVjghIktjWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2150::/44

    Signature Algorithm: sha256WithRSAEncryption
         a6:cb:8a:67:93:9e:2a:f7:6f:d0:e0:f7:0a:c6:4a:57:00:62:
         ae:ed:fe:99:5f:74:a8:8c:79:6b:fe:2e:a2:28:3a:64:52:3f:
         10:15:c6:5d:47:66:a1:24:96:f0:d3:e2:1b:ec:38:fd:87:3d:
         fd:e8:f7:bb:e4:45:64:79:35:a8:9e:70:3a:c0:80:67:f7:52:
         8c:c5:df:c9:e8:a7:ee:41:27:b0:2b:31:c0:ba:7d:d1:98:13:
         a2:32:89:97:33:a7:a9:24:f4:c7:e1:5f:56:89:68:5a:56:a6:
         88:3f:bb:14:59:26:bf:60:63:c0:2e:c0:09:e2:66:8b:cf:24:
         9d:02:b4:04:e1:a9:98:c0:93:8b:56:44:bc:71:51:5f:2d:cc:
         2d:43:c8:ff:01:73:42:3f:31:37:1a:0a:19:02:9d:c1:83:dc:
         ce:b5:5f:7b:11:0c:01:cc:bf:3d:97:47:00:db:75:5b:05:81:
         14:e8:42:9a:9f:aa:9a:fb:60:6c:a8:7a:82:dd:40:73:9a:f1:
         2e:38:01:14:6f:8c:7e:aa:3a:08:41:5d:cc:39:30:19:e1:9d:
         ff:f4:96:ba:2e:2a:0b:04:cd:30:06:76:4c:53:8a:fe:ac:c3:
         7d:02:21:31:25:a6:e5:11:32:f9:f7:17:a3:50:db:3f:74:99:
         0f:e3:45:9d
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzKKWqKyBmW01lHXsm8FP11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWFkMzY4YmExYWQzMmI4YjBhZGZkMDJiMTU4ZTA4NDg5MmQ4ZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXw1xXeIeZ6xbGyzu9djaogn3FRB
VwaAm2ijFBXGMiNZSF1gaJFZB7ldGMSS3Je6WcTRjFlsmtCST5WuPxYba+jkyQFW
smCZ0179sdDL+OdhCsTheoS6MN+BygWpVSOcm6UQ5wJSkXv2S5AXYzavS+P5vmX3
HbuMLLVVlqWyIolI0H8pl7Ky22x4qjnT0HSSXi1+m6otug3dik2XxWx5knV9Op7B
0Wl7fXPbIPg5+enrwNN9FJHLTz+Wqlr48CFzVyO/hvNWtJVQAyuU8oMt80rYvzXD
ZaRhG1iDGqMF9EuMP3wKLOkWruBgm7j7QIdHUecwaGUZ3HsmaXu+quN6BQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPmtNouhrTK4sK39ArFY4ISJLY1oMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvMS1hMDJpNkd0TXJpd3JmMENzVmpnaElrdGpXZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjUvNThmZjU0LTM0MTAtNGU0Mi1hYWI4LWQyZDdmMmJiNjRk
Zi8xLzFXNzBqdFlWWGRlRVB1MDJNa2FhdXFNUUNfTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoOjwIh
UDANBgkqhkiG9w0BAQsFAAOCAQEApsuKZ5OeKvdv0OD3CsZKVwBiru3+mV90qIx5
a/4uoig6ZFI/EBXGXUdmoSSW8NPiG+w4/Yc9/ej3u+RFZHk1qJ5wOsCAZ/dSjMXf
yein7kEnsCsxwLp90ZgTojKJlzOnqST0x+FfVoloWlamiD+7FFkmv2BjwC7ACeJm
i88knQK0BOGpmMCTi1ZEvHFRXy3MLUPI/wFzQj8xNxoKGQKdwYPczrVfexEMAcy/
PZdHANt1WwWBFOhCmp+qmvtgbKh6gt1Ac5rxLjgBFG+Mfqo6CEFdzDkwGeGd//SW
ui4qCwTNMAZ2TFOK/qzDfQIhMSWm5REy+fcXo1DbP3SZD+NFnQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:03:15 2024 by rpki-client on console-ams.rpki-client.org