Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/fCmcS9FQYHEJLexrWrVYN2TxHVY.roa
File:                     fCmcS9FQYHEJLexrWrVYN2TxHVY.roa (raw, json)
Hash identifier:          vYndb6nl0ZcwiUMXpr4kAT5gueVYeAXeNeptqNPWRZw=
Subject key identifier:   7C:29:9C:4B:D1:50:60:71:09:2D:EC:6B:5A:B5:58:37:64:F1:1D:56
Certificate issuer:       /CN=7803558ea6e5165b3876097af75bf1e92a142cf2
Certificate serial:       018EF621112346DA968DAA22EE9799128E27
Authority key identifier: 78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/fCmcS9FQYHEJLexrWrVYN2TxHVY.roa
Signing time:             Fri 19 Apr 2024 11:32:25 +0000
ROA not before:           Fri 19 Apr 2024 11:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51659
IP address blocks:        2a0d:cdc7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:21:11:23:46:da:96:8d:aa:22:ee:97:99:12:8e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7803558ea6e5165b3876097af75bf1e92a142cf2
        Validity
            Not Before: Apr 19 11:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c299c4bd1506071092dec6b5ab5583764f11d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:84:fb:85:e0:84:ab:b5:fe:8a:b4:2d:51:29:
                    64:8e:f7:e3:14:35:90:5a:f6:58:8a:88:c2:45:2f:
                    37:e8:6a:c7:cc:45:78:44:fa:eb:e5:d2:55:3b:73:
                    8a:90:7d:91:b4:6d:38:2c:39:74:e5:1b:cc:a2:31:
                    b3:d4:2f:0e:72:9a:18:f1:79:1a:b3:91:fb:d0:ed:
                    94:09:52:96:08:21:62:13:d6:c0:d0:5a:b9:d6:10:
                    c0:2d:3e:b1:43:ea:34:4b:53:cc:f8:0d:ba:05:d1:
                    83:6d:1a:7b:2e:14:0c:47:50:8c:38:1d:a3:bf:1b:
                    1e:59:2b:7b:77:94:36:12:0a:79:88:20:1e:d8:07:
                    49:6e:97:13:56:01:61:e6:45:67:43:2f:4d:9d:78:
                    93:3e:7d:37:6d:94:89:88:6d:d9:3d:48:59:db:2f:
                    e6:8e:26:fd:70:af:26:8b:ff:06:ff:b8:4e:7c:45:
                    b2:51:6e:c5:54:14:9e:f7:64:00:49:aa:1b:5f:af:
                    57:19:b0:02:62:73:3f:7e:55:d3:40:c5:90:8d:8c:
                    51:90:b0:22:73:75:4c:73:f8:6e:aa:3d:86:93:60:
                    86:0f:c9:b3:09:6a:6c:0a:f7:f1:8e:db:53:6b:86:
                    35:50:f1:0d:a9:3b:0e:17:c0:f2:22:60:84:2c:51:
                    a1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:29:9C:4B:D1:50:60:71:09:2D:EC:6B:5A:B5:58:37:64:F1:1D:56
            X509v3 Authority Key Identifier:
                keyid:78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/fCmcS9FQYHEJLexrWrVYN2TxHVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:cdc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:fc:a8:45:9c:d2:40:02:45:d0:fa:06:e8:b5:a2:ce:d3:55:
         5d:c3:fa:d3:37:a2:9a:82:97:61:08:69:62:7e:3f:b5:fd:63:
         97:e3:8d:96:60:67:46:e6:7c:de:ec:6b:5e:0c:68:ac:d2:b3:
         c9:51:d9:e8:1d:90:aa:f3:83:51:cc:f7:3f:0d:eb:1a:0a:73:
         08:f7:e0:c0:79:e9:99:20:a1:1a:c1:a6:4a:8b:08:d6:33:0c:
         02:3a:b2:34:e7:a1:c0:1f:17:7f:01:ef:bb:87:5f:cf:b4:cd:
         28:2f:33:65:f0:23:76:b3:d7:7c:09:74:cf:e9:94:d0:04:43:
         a3:fe:32:11:91:63:00:30:e5:49:83:a2:5e:83:c6:71:8b:68:
         f6:83:ea:ec:8d:60:ef:5d:b1:7a:06:f7:1d:42:bd:53:41:32:
         06:da:c0:f4:e7:1e:b2:4f:1f:3f:b4:61:49:90:09:3d:34:8d:
         ed:9d:3d:8e:e2:ee:13:77:92:00:8a:e7:71:23:38:33:fa:ff:
         de:92:32:1a:b7:4b:51:c2:35:b5:61:15:4e:b6:f4:7f:58:f9:
         12:9c:f1:8f:bd:49:4a:c9:27:c1:d6:5f:49:80:d8:ea:73:43:
         8e:88:16:34:b8:02:62:a9:a5:d8:f4:08:d6:42:dc:12:ca:ba:
         35:6c:13:bc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY72IREjRtqWjaoi7peZEo4nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MDM1NThlYTZlNTE2NWIzODc2MDk3YWY3NWJmMWU5MmEx
NDJjZjIwHhcNMjQwNDE5MTEzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzI5OWM0YmQxNTA2MDcxMDkyZGVjNmI1YWI1NTgzNzY0ZjExZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIT7heCEq7X+irQtUSlkjvfjFDWQ
WvZYiojCRS836GrHzEV4RPrr5dJVO3OKkH2RtG04LDl05RvMojGz1C8OcpoY8Xka
s5H70O2UCVKWCCFiE9bA0Fq51hDALT6xQ+o0S1PM+A26BdGDbRp7LhQMR1CMOB2j
vxseWSt7d5Q2Egp5iCAe2AdJbpcTVgFh5kVnQy9NnXiTPn03bZSJiG3ZPUhZ2y/m
jib9cK8mi/8G/7hOfEWyUW7FVBSe92QASaobX69XGbACYnM/flXTQMWQjYxRkLAi
c3VMc/huqj2Gk2CGD8mzCWpsCvfxjttTa4Y1UPENqTsOF8DyImCELFGh5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHwpnEvRUGBxCS3sa1q1WDdk8R1WMB8GA1UdIwQY
MBaAFHgDVY6m5RZbOHYJevdb8ekqFCzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEt
NmYxNjgzNGJjODQ3LzEvZkNtY1M5RlFZSEVKTGV4cldyVllOMlR4SFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEtNmYxNjgzNGJjODQ3
LzEvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg3NxzAN
BgkqhkiG9w0BAQsFAAOCAQEAofyoRZzSQAJF0PoG6LWiztNVXcP60zeimoKXYQhp
Yn4/tf1jl+ONlmBnRuZ83uxrXgxorNKzyVHZ6B2QqvODUcz3Pw3rGgpzCPfgwHnp
mSChGsGmSosI1jMMAjqyNOehwB8XfwHvu4dfz7TNKC8zZfAjdrPXfAl0z+mU0ARD
o/4yEZFjADDlSYOiXoPGcYto9oPq7I1g712xegb3HUK9U0EyBtrA9Ocesk8fP7Rh
SZAJPTSN7Z09juLuE3eSAIrncSM4M/r/3pIyGrdLUcI1tWEVTrb0f1j5Epzxj71J
SsknwdZfSYDY6nNDjogWNLgCYqml2PQI1kLcEsq6NWwTvA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:10:43 2024 by rpki-client on console-ams.rpki-client.org