Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/MA9M4r7NWeSAXZ9llcKo09CEKZg.roa
File:                     MA9M4r7NWeSAXZ9llcKo09CEKZg.roa (raw, json)
Hash identifier:          eQVkdQqixwk/8raVkFuaF3fYWgt86QawwCsDukdPrXQ=
Subject key identifier:   30:0F:4C:E2:BE:CD:59:E4:80:5D:9F:65:95:C2:A8:D3:D0:84:29:98
Certificate issuer:       /CN=fcb550b710d7f0f94b0ce432cf0e4e950cc4e1ca
Certificate serial:       01905F0A650831A6A9164DE4772A8BBC39FE
Authority key identifier: FC:B5:50:B7:10:D7:F0:F9:4B:0C:E4:32:CF:0E:4E:95:0C:C4:E1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_LVQtxDX8PlLDOQyzw5OlQzE4co.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/MA9M4r7NWeSAXZ9llcKo09CEKZg.roa
Signing time:             Fri 28 Jun 2024 13:30:35 +0000
ROA not before:           Fri 28 Jun 2024 13:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16347
IP address blocks:        2a04:ac40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/_LVQtxDX8PlLDOQyzw5OlQzE4co.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/_LVQtxDX8PlLDOQyzw5OlQzE4co.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_LVQtxDX8PlLDOQyzw5OlQzE4co.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5f:0a:65:08:31:a6:a9:16:4d:e4:77:2a:8b:bc:39:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcb550b710d7f0f94b0ce432cf0e4e950cc4e1ca
        Validity
            Not Before: Jun 28 13:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=300f4ce2becd59e4805d9f6595c2a8d3d0842998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6e:dc:c0:e1:d0:ff:36:22:0e:4b:4d:80:8b:
                    6d:5d:66:ff:38:75:e0:a6:5e:83:64:87:ee:21:98:
                    9a:64:b8:5a:7e:bc:db:8e:2b:cc:5e:b6:bb:4b:91:
                    9d:77:91:c8:47:69:95:fe:ef:d1:0b:5b:c8:31:4e:
                    26:b3:af:41:dd:82:73:42:06:0c:35:d3:27:be:39:
                    07:53:95:26:9c:9d:a7:0e:dd:99:9c:07:84:53:97:
                    79:fb:d1:5e:2c:46:e1:e5:68:cd:39:b2:02:76:cc:
                    e1:f4:c3:b9:78:3d:86:2e:58:a4:40:88:ab:c4:14:
                    31:65:ac:9e:d4:bc:19:e0:b3:6c:43:9f:47:20:9c:
                    24:e3:9f:7a:cd:85:c3:b0:c7:73:06:27:c8:eb:99:
                    67:14:5d:29:e5:a5:b1:37:5c:73:7f:49:22:56:06:
                    c8:99:29:df:ab:62:f2:be:2d:5d:ef:c9:1f:01:1a:
                    90:a5:84:a2:d6:6e:8b:7d:59:c2:d6:0b:db:a4:b8:
                    ba:21:d6:84:7d:34:12:75:7b:22:3e:a0:99:bc:b4:
                    a6:44:b5:e9:d3:b8:19:21:d7:3d:01:8e:1e:61:8e:
                    35:f9:c7:8a:f2:a1:77:f6:12:ec:01:70:6b:19:29:
                    e8:dc:f3:3c:2a:d7:5d:e5:e5:16:16:b1:e1:4f:09:
                    2f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:0F:4C:E2:BE:CD:59:E4:80:5D:9F:65:95:C2:A8:D3:D0:84:29:98
            X509v3 Authority Key Identifier:
                keyid:FC:B5:50:B7:10:D7:F0:F9:4B:0C:E4:32:CF:0E:4E:95:0C:C4:E1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_LVQtxDX8PlLDOQyzw5OlQzE4co.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/MA9M4r7NWeSAXZ9llcKo09CEKZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/_LVQtxDX8PlLDOQyzw5OlQzE4co.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ac40::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:c3:63:59:16:99:8b:23:1d:09:3a:e9:f0:20:2d:81:ba:77:
         2c:e3:bc:f8:d0:2e:0b:87:1a:c5:55:ac:37:fa:bb:8f:9f:73:
         8f:14:af:96:b1:b2:39:c1:30:7e:8a:fa:2c:60:3d:86:cb:77:
         f0:89:9e:35:07:e8:c7:6b:da:8b:84:d2:22:72:cd:fa:16:4a:
         26:e7:ec:5d:38:d9:e7:3a:39:45:d5:7d:1b:2f:b9:1b:9e:6a:
         6b:36:a5:7f:bd:9f:9d:a5:3c:f4:ce:6f:95:0d:b6:6c:54:35:
         34:e0:28:08:36:d7:d7:80:d0:09:27:a1:e1:e5:d1:4d:b6:52:
         0b:19:ad:40:35:9e:f5:b3:42:98:16:ab:35:88:90:89:12:71:
         1d:15:54:bf:32:06:ca:76:7a:b7:98:b2:cf:72:5c:f0:1d:9c:
         ea:e8:25:a9:e7:66:5c:6e:a5:c9:61:cb:c7:38:8f:a2:92:c8:
         3b:7d:80:8d:14:07:b7:e2:d4:27:d3:8f:4b:c0:74:dc:2e:3d:
         bd:00:36:48:4c:a4:38:4b:00:9c:af:1a:fb:3e:75:ed:37:bd:
         d9:f9:d7:26:9b:2e:25:3b:b0:c6:92:ff:15:86:8b:e5:5e:d9:
         fe:98:12:59:a6:a2:c4:a1:57:1d:22:63:cf:f2:6d:84:34:9c:
         a3:69:1b:b3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBfCmUIMaapFk3kdyqLvDn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYjU1MGI3MTBkN2YwZjk0YjBjZTQzMmNmMGU0ZTk1MGNj
NGUxY2EwHhcNMjQwNjI4MTMzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDBmNGNlMmJlY2Q1OWU0ODA1ZDlmNjU5NWMyYThkM2QwODQyOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlm7cwOHQ/zYiDktNgIttXWb/OHXg
pl6DZIfuIZiaZLhafrzbjivMXra7S5Gdd5HIR2mV/u/RC1vIMU4ms69B3YJzQgYM
NdMnvjkHU5UmnJ2nDt2ZnAeEU5d5+9FeLEbh5WjNObICdszh9MO5eD2GLlikQIir
xBQxZaye1LwZ4LNsQ59HIJwk4596zYXDsMdzBifI65lnFF0p5aWxN1xzf0kiVgbI
mSnfq2Lyvi1d78kfARqQpYSi1m6LfVnC1gvbpLi6IdaEfTQSdXsiPqCZvLSmRLXp
07gZIdc9AY4eYY41+ceK8qF39hLsAXBrGSno3PM8Ktdd5eUWFrHhTwkvFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDAPTOK+zVnkgF2fZZXCqNPQhCmYMB8GA1UdIwQY
MBaAFPy1ULcQ1/D5SwzkMs8OTpUMxOHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0xWUXR4RFg4UGxMRE9ReXp3NU9sUXpFNGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9lNWNmNjctZTI5Ni00NmU4LTkxOWMt
NDczYTI5YWMzMzYzLzEvTUE5TTRyN05XZVNBWFo5bGxjS28wOUNFS1pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9lNWNmNjctZTI5Ni00NmU4LTkxOWMtNDczYTI5YWMzMzYz
LzEvX0xWUXR4RFg4UGxMRE9ReXp3NU9sUXpFNGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgSsQDAN
BgkqhkiG9w0BAQsFAAOCAQEAKMNjWRaZiyMdCTrp8CAtgbp3LOO8+NAuC4caxVWs
N/q7j59zjxSvlrGyOcEwfor6LGA9hst38ImeNQfox2vai4TSInLN+hZKJufsXTjZ
5zo5RdV9Gy+5G55qazalf72fnaU89M5vlQ22bFQ1NOAoCDbX14DQCSeh4eXRTbZS
CxmtQDWe9bNCmBarNYiQiRJxHRVUvzIGynZ6t5iyz3Jc8B2c6uglqedmXG6lyWHL
xziPopLIO32AjRQHt+LUJ9OPS8B03C49vQA2SEykOEsAnK8a+z517Te92fnXJpsu
JTuwxpL/FYaL5V7Z/pgSWaaixKFXHSJjz/JthDSco2kbsw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:10:46 2024 by rpki-client on console-ams.rpki-client.org