Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/0Jq8n90k5szqAQEsosfOtvTL8Mo.roa
File:                     0Jq8n90k5szqAQEsosfOtvTL8Mo.roa (raw, json)
Hash identifier:          W5q7e4geFMuGk+ZGYK+lAMz/e3RY5llpNVLUu5Wrqgs=
Subject key identifier:   D0:9A:BC:9F:DD:24:E6:CC:EA:01:01:2C:A2:C7:CE:B6:F4:CB:F0:CA
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       0191368BEA98F53091091A27D3B526FEC5A5
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/0Jq8n90k5szqAQEsosfOtvTL8Mo.roa
Signing time:             Fri 09 Aug 2024 09:50:24 +0000
ROA not before:           Fri 09 Aug 2024 09:50:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a11:3c40::/32 maxlen: 32
                          2a11:3c41::/32 maxlen: 32
                          2a11:3c43::/32 maxlen: 32
                          2a11:3c46::/32 maxlen: 32
                          2a11:6bc1::/32 maxlen: 32
                          2a11:6bc2::/32 maxlen: 32
                          2a11:6bc3::/32 maxlen: 32
                          2a11:6bc4::/32 maxlen: 32
                          2a11:6bc6::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:11:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:36:8b:ea:98:f5:30:91:09:1a:27:d3:b5:26:fe:c5:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Aug  9 09:50:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d09abc9fdd24e6ccea01012ca2c7ceb6f4cbf0ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0a:20:29:26:22:97:7e:60:54:e9:45:d0:d6:
                    73:4b:60:17:38:32:75:51:79:7f:39:ce:5b:50:0c:
                    89:11:ac:27:91:72:c6:eb:f8:59:f9:ac:06:49:45:
                    0c:86:ba:3b:3e:35:8e:c2:40:40:2b:b1:5c:82:16:
                    d8:c6:5d:32:52:cf:4a:5c:98:94:6b:1a:95:7f:57:
                    ec:e1:c2:fe:6c:26:9e:02:5c:46:97:35:c0:ab:3b:
                    e9:55:a0:0b:bd:03:a9:dd:85:81:9c:ef:48:0e:4f:
                    e9:04:f7:b6:91:08:d7:7c:13:18:89:c8:30:9c:46:
                    63:97:26:74:af:f9:24:97:b3:d2:b4:ef:dc:74:45:
                    11:a2:64:1f:16:94:dc:7b:dc:dc:82:10:b3:30:83:
                    5e:41:68:55:bf:04:d4:33:2f:d0:d8:38:6f:46:67:
                    61:93:55:b1:d1:e0:de:27:19:20:c9:a4:8b:a7:16:
                    ea:18:9e:4e:ff:c9:b6:6f:2a:d8:5c:45:36:5c:03:
                    c1:ff:d0:62:49:a6:68:c9:22:39:38:fc:fa:bd:b7:
                    75:c4:dd:82:31:72:b8:e0:07:fa:14:e7:de:ab:6f:
                    83:d1:b0:c3:74:8d:b6:66:1b:d9:d1:87:a8:03:ed:
                    f6:ab:96:f7:16:2b:d9:d7:8b:c4:56:c8:ee:59:86:
                    07:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9A:BC:9F:DD:24:E6:CC:EA:01:01:2C:A2:C7:CE:B6:F4:CB:F0:CA
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/0Jq8n90k5szqAQEsosfOtvTL8Mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3c40::/31
                  2a11:3c43::/32
                  2a11:3c46::/32
                  2a11:6bc1::-2a11:6bc4:ffff:ffff:ffff:ffff:ffff:ffff
                  2a11:6bc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:50:7a:0e:d4:11:e4:ef:de:bd:79:25:af:ee:6e:6d:c2:a1:
         d2:81:87:e2:7b:f0:37:d3:71:71:56:a1:71:c9:65:bc:42:e8:
         12:bf:30:43:46:a8:8c:93:e0:82:4b:87:a5:df:c6:31:91:c8:
         8c:63:40:ac:b2:2d:20:c3:08:35:28:c7:78:27:45:c2:45:e0:
         50:14:26:b2:09:a0:2f:ba:65:e0:de:a6:0b:99:0d:f5:fc:f7:
         ae:e1:84:8d:b2:87:d1:76:49:77:29:42:d2:78:9d:e4:13:c9:
         a3:96:b1:c1:09:bc:6e:06:f6:66:00:0d:f8:4d:a1:09:f0:2a:
         05:ad:ff:9a:4d:26:58:0d:f2:5e:00:c3:99:06:61:7b:ac:ff:
         4f:d6:4b:41:57:d5:95:36:95:fc:32:9d:8c:c6:58:fb:a6:8e:
         b7:6e:1a:c7:a5:73:bb:5c:7d:94:b0:62:0e:f2:57:ef:4f:7e:
         73:c6:80:97:cd:e7:4a:05:ae:df:cf:89:5b:b8:fb:ac:c2:7e:
         1e:89:b0:59:02:64:92:c1:7d:4d:8c:af:92:b9:16:5c:4e:1d:
         90:14:a0:3c:8f:71:96:ca:41:50:ea:a5:1f:54:2d:a7:47:5c:
         fe:c9:56:b1:6f:b8:30:d4:fe:61:84:71:3c:f3:b0:5d:8e:fe:
         08:6d:2a:b9
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZE2i+qY9TCRCRon07Um/sWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwODA5MDk1MDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDlhYmM5ZmRkMjRlNmNjZWEwMTAxMmNhMmM3Y2ViNmY0Y2JmMGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQogKSYil35gVOlF0NZzS2AXODJ1
UXl/Oc5bUAyJEawnkXLG6/hZ+awGSUUMhro7PjWOwkBAK7FcghbYxl0yUs9KXJiU
axqVf1fs4cL+bCaeAlxGlzXAqzvpVaALvQOp3YWBnO9IDk/pBPe2kQjXfBMYicgw
nEZjlyZ0r/kkl7PStO/cdEURomQfFpTce9zcghCzMINeQWhVvwTUMy/Q2DhvRmdh
k1Wx0eDeJxkgyaSLpxbqGJ5O/8m2byrYXEU2XAPB/9BiSaZoySI5OPz6vbd1xN2C
MXK44Af6FOfeq2+D0bDDdI22ZhvZ0YeoA+32q5b3FivZ14vEVsjuWYYHawIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFNCavJ/dJObM6gEBLKLHzrb0y/DKMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvMEpxOG45MGs1c3pxQVFFc29zZk90dlRMOE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAAjAsAwUBKhE8QAMF
ACoRPEMDBQAqETxGMA4DBQAqEWvBAwUAKhFrxAMFACoRa8YwDQYJKoZIhvcNAQEL
BQADggEBACVQeg7UEeTv3r15Ja/ubm3CodKBh+J78DfTcXFWoXHJZbxC6BK/MENG
qIyT4IJLh6XfxjGRyIxjQKyyLSDDCDUox3gnRcJF4FAUJrIJoC+6ZeDepguZDfX8
967hhI2yh9F2SXcpQtJ4neQTyaOWscEJvG4G9mYADfhNoQnwKgWt/5pNJlgN8l4A
w5kGYXus/0/WS0FX1ZU2lfwynYzGWPumjrduGselc7tcfZSwYg7yV+9PfnPGgJfN
50oFrt/PiVu4+6zCfh6JsFkCZJLBfU2Mr5K5FlxOHZAUoDyPcZbKQVDqpR9ULadH
XP7JVrFvuDDU/mGEcTzzsF2O/ghtKrk=
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:10:55 2024 by rpki-client on console-fra.rpki-client.org