Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/4s7BTSW0AudaH1ml8sYqKziR194.roa
File:                     4s7BTSW0AudaH1ml8sYqKziR194.roa (raw, json)
Hash identifier:          mqmjeA8s+n+v+gEdWzfW8uF2f+ERtw91nI7Dh/2AWBA=
Subject key identifier:   E2:CE:C1:4D:25:B4:02:E7:5A:1F:59:A5:F2:C6:2A:2B:38:91:D7:DE
Certificate issuer:       /CN=87be093097097c4457ff5aa3e5893c8c15432612
Certificate serial:       018CC8DF8333148F0A531816DE079D10AAB5
Authority key identifier: 87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/4s7BTSW0AudaH1ml8sYqKziR194.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211972
IP address blocks:        2a10:9902:731::/48 maxlen: 48
                          2a10:9902:730::/48 maxlen: 48
                          2a10:9902:733::/48 maxlen: 48
                          2a10:9902:732::/48 maxlen: 48
                          2a10:9902:73f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:83:33:14:8f:0a:53:18:16:de:07:9d:10:aa:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87be093097097c4457ff5aa3e5893c8c15432612
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2cec14d25b402e75a1f59a5f2c62a2b3891d7de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:11:8a:cf:a8:c0:b3:30:18:4c:9a:f1:76:5d:
                    27:6c:92:1a:20:f6:9b:1a:85:58:8f:d3:5d:7e:53:
                    b5:97:b0:c6:b0:33:3d:29:93:81:49:cf:f5:7f:51:
                    c8:4b:9f:bc:8d:aa:5d:26:ac:6e:f4:fa:c4:10:92:
                    14:b0:ef:44:7e:d9:8d:76:28:b9:1a:6c:8e:1d:9f:
                    13:28:87:45:54:3c:3e:55:eb:c4:47:96:60:30:3b:
                    55:25:45:9d:ca:da:53:5f:5c:e7:fb:9c:34:ca:0f:
                    62:50:65:72:06:52:00:05:96:6e:49:24:ef:6f:ff:
                    1b:70:c1:54:2e:a5:e2:fa:3f:a9:9d:fb:d7:4c:78:
                    9f:44:ea:40:ee:5a:c8:8d:77:37:55:44:54:0d:7e:
                    67:e7:ab:13:38:d3:53:20:b9:09:57:1f:25:61:e6:
                    53:4e:47:bf:c6:70:fb:3d:34:a5:56:36:05:cc:fd:
                    ca:ae:86:f9:9d:32:3f:fd:cf:1c:55:5d:16:ec:d3:
                    c4:ef:85:20:e6:df:ff:70:eb:3f:83:78:6f:f1:22:
                    2d:24:5a:40:49:83:69:b7:48:19:23:35:24:8a:e9:
                    c7:14:b7:cd:92:6f:15:6c:c2:e6:b5:36:af:e6:bb:
                    90:3a:b0:51:fc:1f:07:54:c3:ef:f8:a6:ef:bc:c1:
                    6b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:CE:C1:4D:25:B4:02:E7:5A:1F:59:A5:F2:C6:2A:2B:38:91:D7:DE
            X509v3 Authority Key Identifier:
                keyid:87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/4s7BTSW0AudaH1ml8sYqKziR194.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:9902:730::/46
                  2a10:9902:73f::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:cd:90:33:4b:35:c1:7b:19:ba:7c:3e:cf:19:be:1a:08:36:
         e9:e7:a8:5b:d7:1c:9f:1d:93:49:33:b5:3b:13:c0:e1:9d:51:
         58:25:86:ad:ac:b7:95:9d:5c:27:b8:df:af:70:90:48:16:80:
         03:c2:16:49:d9:4e:6a:e1:3d:b9:78:11:6a:6b:b8:e5:c1:69:
         0a:be:45:93:d6:19:af:07:5a:fd:34:58:16:35:62:30:27:ee:
         c3:2e:36:ac:af:3a:d4:2c:30:54:e4:1b:42:c2:42:fd:27:a1:
         00:6b:f9:8c:4e:50:51:51:ea:5d:a7:bd:ba:d2:7f:c0:29:85:
         5c:d4:5b:18:fb:2d:37:0e:bf:80:f1:be:9e:5f:f3:1f:04:d1:
         5f:c3:9a:d0:be:cb:a2:47:66:8c:ce:ad:6b:78:b7:f9:e6:e8:
         4a:9f:12:d3:76:86:28:16:58:26:d2:10:32:51:af:5d:3c:18:
         09:57:7b:70:4f:40:8e:fc:7e:f1:28:36:3c:82:87:ae:49:37:
         ed:4b:cb:6f:bd:82:ba:e7:78:f8:fe:72:c1:b4:e7:2e:2d:0f:
         76:ec:ec:67:83:b7:8a:5b:28:e9:cf:69:96:97:8e:c5:c4:20:
         28:cd:a9:ad:f2:a7:99:a4:a4:7b:36:90:58:28:bc:58:61:81:
         be:40:68:fa
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI34MzFI8KUxgW3gedEKq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YmUwOTMwOTcwOTdjNDQ1N2ZmNWFhM2U1ODkzYzhjMTU0
MzI2MTIwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmNlYzE0ZDI1YjQwMmU3NWExZjU5YTVmMmM2MmEyYjM4OTFkN2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xGKz6jAszAYTJrxdl0nbJIaIPab
GoVYj9NdflO1l7DGsDM9KZOBSc/1f1HIS5+8japdJqxu9PrEEJIUsO9EftmNdii5
GmyOHZ8TKIdFVDw+VevER5ZgMDtVJUWdytpTX1zn+5w0yg9iUGVyBlIABZZuSSTv
b/8bcMFULqXi+j+pnfvXTHifROpA7lrIjXc3VURUDX5n56sTONNTILkJVx8lYeZT
Tke/xnD7PTSlVjYFzP3Krob5nTI//c8cVV0W7NPE74Ug5t//cOs/g3hv8SItJFpA
SYNpt0gZIzUkiunHFLfNkm8VbMLmtTav5ruQOrBR/B8HVMPv+KbvvMFrTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOLOwU0ltALnWh9ZpfLGKis4kdfeMB8GA1UdIwQY
MBaAFIe+CTCXCXxEV/9ao+WJPIwVQyYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMt
MmNkZTY1ZjMxMTJhLzEvNHM3QlRTVzBBdWRhSDFtbDhzWXFLemlSMTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMtMmNkZTY1ZjMxMTJh
LzEvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcCKhCZAgcw
AwcAKhCZAgc/MA0GCSqGSIb3DQEBCwUAA4IBAQB6zZAzSzXBexm6fD7PGb4aCDbp
56hb1xyfHZNJM7U7E8DhnVFYJYatrLeVnVwnuN+vcJBIFoADwhZJ2U5q4T25eBFq
a7jlwWkKvkWT1hmvB1r9NFgWNWIwJ+7DLjasrzrULDBU5BtCwkL9J6EAa/mMTlBR
Uepdp7260n/AKYVc1FsY+y03Dr+A8b6eX/MfBNFfw5rQvsuiR2aMzq1reLf55uhK
nxLTdoYoFlgm0hAyUa9dPBgJV3twT0CO/H7xKDY8goeuSTftS8tvvYK653j4/nLB
tOcuLQ927Oxng7eKWyjpz2mWl47FxCAozamt8qeZpKR7NpBYKLxYYYG+QGj6
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:03:00 2024 by rpki-client on console-ams.rpki-client.org