Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J9AyDhPOaNkGzEInqCaz5Q6fOC8.roa
File:                     J9AyDhPOaNkGzEInqCaz5Q6fOC8.roa (raw, json)
Hash identifier:          qgl/9JneMzJxH0KVd0DsdnUU+B0At0j23195i8S3oQk=
Subject key identifier:   27:D0:32:0E:13:CE:68:D9:06:CC:42:27:A8:26:B3:E5:0E:9F:38:2F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017AFC58762EE6C91E3F353F1ACFB0
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J9AyDhPOaNkGzEInqCaz5Q6fOC8.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212424
IP address blocks:        2a0c:b641:2f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7a:fc:58:76:2e:e6:c9:1e:3f:35:3f:1a:cf:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27d0320e13ce68d906cc4227a826b3e50e9f382f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a0:52:68:51:94:17:84:0e:91:0a:0c:ab:85:
                    ad:e1:97:1b:26:c5:12:de:17:02:ec:50:71:06:dc:
                    04:d9:34:81:9d:8e:4c:ad:1f:ef:a0:35:24:c6:91:
                    1a:19:66:aa:dd:5d:63:42:52:b0:a6:07:8c:bb:d1:
                    15:00:f3:9f:68:a3:84:dc:6f:7c:c7:f1:89:51:4b:
                    18:92:64:46:5d:55:8e:7a:aa:5e:e6:73:fa:e2:0f:
                    a8:fa:e0:f4:e7:ba:71:21:48:7c:11:0c:fe:57:57:
                    3e:db:4e:d5:61:e0:25:e2:dd:ba:80:a9:f9:18:fc:
                    14:6f:a0:4a:a8:de:30:c3:e2:3d:1a:f9:d4:45:df:
                    fd:d0:8f:0c:67:98:97:74:8f:95:fb:32:38:10:e8:
                    c2:8c:a8:7e:70:6a:d2:cd:27:93:81:91:dc:cc:d1:
                    30:84:d3:ce:fa:a4:e9:a5:d8:b4:15:52:ef:5b:da:
                    8f:40:fc:d6:04:3e:68:d8:2f:28:8b:ad:4d:2f:96:
                    aa:23:bd:d5:db:11:e5:a9:45:39:fb:54:53:8c:e6:
                    92:7f:93:3b:e8:4c:ae:81:89:74:10:4a:51:0e:97:
                    45:16:a8:91:c7:1d:f6:d2:98:8d:72:82:79:cd:11:
                    b0:b6:24:43:ba:86:33:e0:5a:74:e6:ac:d3:dd:e2:
                    a8:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:D0:32:0E:13:CE:68:D9:06:CC:42:27:A8:26:B3:E5:0E:9F:38:2F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J9AyDhPOaNkGzEInqCaz5Q6fOC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:2f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         05:52:06:7d:af:a5:7e:28:d0:8a:b7:03:86:6c:ad:9c:75:27:
         27:9b:c9:4b:c4:49:84:68:ed:74:b2:5c:28:61:98:c3:49:d2:
         e8:61:34:d5:e4:30:26:66:6d:b1:e3:87:c0:9b:51:45:61:f8:
         d8:60:56:5c:1d:18:d9:d1:e2:d4:58:da:94:d7:ae:a4:f8:e7:
         cd:ad:5f:31:22:9f:06:1e:ba:52:60:59:68:95:73:fd:9c:5c:
         da:ce:e1:e8:28:09:f9:15:18:69:55:25:bc:df:8f:bf:93:80:
         35:ba:61:1a:ed:9b:9f:3e:ef:4c:4c:f8:25:0f:7a:0f:a6:4e:
         45:6f:24:cc:b3:58:16:f2:de:c2:1e:4f:27:02:55:8f:fc:4c:
         83:18:68:d3:61:cf:8f:63:52:ce:1a:ed:96:d9:81:ab:4b:20:
         ad:c0:2b:e7:73:07:81:e2:bd:34:ff:48:07:f6:ce:a0:85:ed:
         b1:47:92:00:59:61:4b:b9:40:8d:0d:20:1e:9e:b2:8e:5d:68:
         d7:a6:bb:3f:aa:c0:87:5d:5b:f8:42:ce:f7:8d:98:2c:e7:b0:
         60:e1:9f:70:ff:cd:aa:0a:69:67:9a:4f:8c:22:62:ca:33:ab:
         31:c6:7f:65:b7:0c:51:7d:a3:62:00:0f:62:09:cb:3d:1e:e4:
         bd:31:b0:9a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXr8WHYu5skePzU/Gs+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2QwMzIwZTEzY2U2OGQ5MDZjYzQyMjdhODI2YjNlNTBlOWYzODJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6BSaFGUF4QOkQoMq4Wt4ZcbJsUS
3hcC7FBxBtwE2TSBnY5MrR/voDUkxpEaGWaq3V1jQlKwpgeMu9EVAPOfaKOE3G98
x/GJUUsYkmRGXVWOeqpe5nP64g+o+uD057pxIUh8EQz+V1c+207VYeAl4t26gKn5
GPwUb6BKqN4ww+I9GvnURd/90I8MZ5iXdI+V+zI4EOjCjKh+cGrSzSeTgZHczNEw
hNPO+qTppdi0FVLvW9qPQPzWBD5o2C8oi61NL5aqI73V2xHlqUU5+1RTjOaSf5M7
6EyugYl0EEpRDpdFFqiRxx320piNcoJ5zRGwtiRDuoYz4Fp05qzT3eKo4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCfQMg4TzmjZBsxCJ6gms+UOnzgvMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSjlBeURoUE9hTmtHekVJbnFDYXo1UTZmT0M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQLw
MA0GCSqGSIb3DQEBCwUAA4IBAQAFUgZ9r6V+KNCKtwOGbK2cdScnm8lLxEmEaO10
slwoYZjDSdLoYTTV5DAmZm2x44fAm1FFYfjYYFZcHRjZ0eLUWNqU166k+OfNrV8x
Ip8GHrpSYFlolXP9nFzazuHoKAn5FRhpVSW834+/k4A1umEa7ZufPu9MTPglD3oP
pk5FbyTMs1gW8t7CHk8nAlWP/EyDGGjTYc+PY1LOGu2W2YGrSyCtwCvncweB4r00
/0gH9s6ghe2xR5IAWWFLuUCNDSAenrKOXWjXprs/qsCHXVv4Qs73jZgs57Bg4Z9w
/82qCmlnmk+MImLKM6sxxn9ltwxRfaNiAA9iCcs9HuS9MbCa
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:36:36 2024 by rpki-client on console-fra.rpki-client.org