Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/9aZEA4Nk8EErOYwavy5TNiAwQvA.roa
File:                     9aZEA4Nk8EErOYwavy5TNiAwQvA.roa (raw, json)
Hash identifier:          yJxRteR9hjsDYywi96aJDl8Kp+eWsAq2bp4QRouucu8=
Subject key identifier:   F5:A6:44:03:83:64:F0:41:2B:39:8C:1A:BF:2E:53:36:20:30:42:F0
Certificate issuer:       /CN=17526ccac4f9064e058549b30172c84439787fbc
Certificate serial:       018CC424EA0815C231BD2CF6637C70CC345C
Authority key identifier: 17:52:6C:CA:C4:F9:06:4E:05:85:49:B3:01:72:C8:44:39:78:7F:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/9aZEA4Nk8EErOYwavy5TNiAwQvA.roa
Signing time:             Mon 01 Jan 2024 08:30:02 +0000
ROA not before:           Mon 01 Jan 2024 08:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12679
IP address blocks:        2a0c:b6c7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ea:08:15:c2:31:bd:2c:f6:63:7c:70:cc:34:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17526ccac4f9064e058549b30172c84439787fbc
        Validity
            Not Before: Jan  1 08:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5a644038364f0412b398c1abf2e5336203042f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b3:75:41:e3:0a:26:92:ef:92:36:d0:d0:fd:
                    f7:cc:76:b7:cc:65:c4:a4:da:1a:b7:e0:7c:ef:c3:
                    07:58:24:1e:53:08:4a:09:04:76:a0:0c:86:0e:35:
                    79:5f:47:8a:50:cf:5f:ed:46:ae:fe:ae:10:0e:b8:
                    24:64:02:cd:38:e1:66:05:d1:08:6a:fd:47:e5:3c:
                    96:a2:3e:de:f8:38:af:41:fe:c0:ab:13:83:e2:ea:
                    d0:dc:af:cf:fd:72:20:36:00:7a:73:e7:4a:80:1d:
                    6a:d9:82:76:16:54:5a:4b:ca:ad:83:cd:91:ee:54:
                    0e:ce:65:d6:10:6a:ba:91:30:c8:15:c6:ab:38:0a:
                    75:56:02:2e:09:ae:0b:27:4b:8f:bc:90:e3:dd:12:
                    90:77:d4:7e:fb:d6:f2:e5:58:f6:ab:51:26:df:57:
                    8d:64:55:60:82:fa:71:65:3f:fc:1f:4a:3f:1d:0c:
                    fd:b7:ab:df:75:91:84:c3:ea:73:29:5b:ca:9e:63:
                    d9:4f:df:7b:63:66:bf:d0:4d:e2:44:03:ff:58:67:
                    d9:ec:0c:3a:f2:e7:b0:50:25:8e:68:7c:30:74:fb:
                    37:5b:f1:8f:ce:d4:d1:0b:8f:52:c3:ab:23:8c:ff:
                    a0:5f:51:17:8b:de:7d:7a:41:29:b1:a1:40:6b:f1:
                    1b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:A6:44:03:83:64:F0:41:2B:39:8C:1A:BF:2E:53:36:20:30:42:F0
            X509v3 Authority Key Identifier:
                keyid:17:52:6C:CA:C4:F9:06:4E:05:85:49:B3:01:72:C8:44:39:78:7F:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/9aZEA4Nk8EErOYwavy5TNiAwQvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b6c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:3f:57:d9:1f:a4:ed:9e:e1:73:0c:e4:33:da:c5:45:55:a7:
         40:f6:26:dd:5d:dc:91:63:f2:cd:7f:45:b6:0f:59:58:b5:80:
         84:2a:e3:59:94:03:b2:15:b6:ef:73:44:a5:5f:0c:86:00:af:
         48:7a:d2:1d:c4:46:9b:c4:cc:e5:41:5d:25:53:8d:32:cb:b0:
         50:40:70:62:6d:01:46:00:fc:8b:57:6e:5a:27:fe:ea:67:15:
         50:7d:ae:06:df:1d:8c:c7:26:b9:b4:62:3d:26:5d:3b:c4:cb:
         e1:90:b6:7b:a2:8e:9f:f0:e8:ff:41:59:6b:e1:49:75:6d:7c:
         39:8f:f1:e0:b7:d3:8e:e2:85:cb:fc:b6:68:c1:f4:c5:3b:d6:
         b3:80:12:d6:03:38:b2:a0:49:0e:eb:d2:42:4e:3e:01:3c:e1:
         54:48:bb:78:36:d5:4b:f2:14:48:62:dc:eb:66:ea:13:30:f3:
         5e:f9:59:a4:c1:80:af:04:83:68:23:12:15:dd:33:89:52:c4:
         70:3b:86:4c:ee:93:94:ca:a2:48:9f:08:c0:de:f1:bf:cf:55:
         1f:f0:66:a9:e2:f1:ab:30:91:9a:68:c8:64:8c:d1:a7:ef:58:
         26:38:f9:b3:6b:60:ac:8e:8d:d6:69:4f:a3:15:57:27:7d:dd:
         8f:75:99:3b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJOoIFcIxvSz2Y3xwzDRcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NTI2Y2NhYzRmOTA2NGUwNTg1NDliMzAxNzJjODQ0Mzk3
ODdmYmMwHhcNMjQwMTAxMDgzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWE2NDQwMzgzNjRmMDQxMmIzOThjMWFiZjJlNTMzNjIwMzA0MmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7N1QeMKJpLvkjbQ0P33zHa3zGXE
pNoat+B878MHWCQeUwhKCQR2oAyGDjV5X0eKUM9f7Uau/q4QDrgkZALNOOFmBdEI
av1H5TyWoj7e+DivQf7AqxOD4urQ3K/P/XIgNgB6c+dKgB1q2YJ2FlRaS8qtg82R
7lQOzmXWEGq6kTDIFcarOAp1VgIuCa4LJ0uPvJDj3RKQd9R++9by5Vj2q1Em31eN
ZFVggvpxZT/8H0o/HQz9t6vfdZGEw+pzKVvKnmPZT997Y2a/0E3iRAP/WGfZ7Aw6
8uewUCWOaHwwdPs3W/GPztTRC49Sw6sjjP+gX1EXi959ekEpsaFAa/EbGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPWmRAODZPBBKzmMGr8uUzYgMELwMB8GA1UdIwQY
MBaAFBdSbMrE+QZOBYVJswFyyEQ5eH+8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjFKc3lzVDVCazRGaFVtekFYTElSRGw0Zjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9jOWFhODEtNWJmZC00NTM1LTk2MDYt
OTQxY2M2YTdiYWQ5LzEvOWFaRUE0Tms4RUVyT1l3YXZ5NVROaUF3UXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9jOWFhODEtNWJmZC00NTM1LTk2MDYtOTQxY2M2YTdiYWQ5
LzEvRjFKc3lzVDVCazRGaFVtekFYTElSRGw0Zjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgy2xzAN
BgkqhkiG9w0BAQsFAAOCAQEAsz9X2R+k7Z7hcwzkM9rFRVWnQPYm3V3ckWPyzX9F
tg9ZWLWAhCrjWZQDshW273NEpV8MhgCvSHrSHcRGm8TM5UFdJVONMsuwUEBwYm0B
RgD8i1duWif+6mcVUH2uBt8djMcmubRiPSZdO8TL4ZC2e6KOn/Do/0FZa+FJdW18
OY/x4LfTjuKFy/y2aMH0xTvWs4AS1gM4sqBJDuvSQk4+ATzhVEi7eDbVS/IUSGLc
62bqEzDzXvlZpMGArwSDaCMSFd0ziVLEcDuGTO6TlMqiSJ8IwN7xv89VH/BmqeLx
qzCRmmjIZIzRp+9YJjj5s2tgrI6N1mlPoxVXJ33dj3WZOw==
-----END CERTIFICATE-----
Generated at Thu Nov 21 23:47:58 2024 by rpki-client on console-ams.rpki-client.org