Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/xZWQ3LurCLoNj9UeUy81wNs27v0.roa
File:                     xZWQ3LurCLoNj9UeUy81wNs27v0.roa (raw, json)
Hash identifier:          0FeLjTVSGEwX1WhEacFPIEgbPevyUIdtD+pbT1ffaT8=
Subject key identifier:   C5:95:90:DC:BB:AB:08:BA:0D:8F:D5:1E:53:2F:35:C0:DB:36:EE:FD
Certificate issuer:       /CN=58a127453dfba17e10c347fa34bbebab14905a57
Certificate serial:       018CC2DAF68C74C67CC7DAF9F59654BBA131
Authority key identifier: 58:A1:27:45:3D:FB:A1:7E:10:C3:47:FA:34:BB:EB:AB:14:90:5A:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/xZWQ3LurCLoNj9UeUy81wNs27v0.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206564
IP address blocks:        2001:678:5d0::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f6:8c:74:c6:7c:c7:da:f9:f5:96:54:bb:a1:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58a127453dfba17e10c347fa34bbebab14905a57
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c59590dcbbab08ba0d8fd51e532f35c0db36eefd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:92:e8:c4:90:85:ad:c1:74:5b:e8:d0:55:59:
                    37:92:ca:8a:9d:72:76:3c:c9:a4:3d:b2:79:62:e9:
                    b0:d2:7b:96:e3:8c:c4:0f:b3:f0:71:35:06:85:10:
                    60:9e:2c:13:e0:7f:d4:04:5e:0e:2b:a6:70:a9:a0:
                    fa:40:9b:12:b8:55:bd:df:24:ce:68:1f:5d:3f:3d:
                    e5:ae:53:56:c9:bc:86:22:1e:b5:61:bf:8e:ce:67:
                    fa:be:69:69:5d:11:e1:8b:86:89:fa:61:44:3e:70:
                    0c:7d:24:6c:1c:6b:54:57:d2:07:76:f4:a4:12:f5:
                    c5:de:38:d1:f0:cd:bb:8e:a4:e4:6f:a6:f6:a3:73:
                    7a:f0:c8:79:8b:5e:c0:be:ee:75:da:d3:74:b4:43:
                    8c:1d:54:61:2c:47:31:d2:4c:6d:08:4a:2f:76:3e:
                    a2:b5:6c:19:73:0b:b5:ce:e5:61:c7:10:45:7b:3a:
                    f2:1a:de:b2:10:a2:1c:7a:ba:02:2d:30:63:87:37:
                    cd:21:4f:58:0d:3d:91:5f:c3:98:92:91:54:1c:03:
                    d4:86:c5:56:93:89:35:e4:72:ba:0b:9f:14:6e:4c:
                    c1:80:7e:b6:4c:d8:57:aa:f6:00:c8:49:38:b7:d0:
                    4a:38:a6:18:04:1b:ce:bf:fa:cc:ad:53:c4:4c:78:
                    99:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:95:90:DC:BB:AB:08:BA:0D:8F:D5:1E:53:2F:35:C0:DB:36:EE:FD
            X509v3 Authority Key Identifier:
                keyid:58:A1:27:45:3D:FB:A1:7E:10:C3:47:FA:34:BB:EB:AB:14:90:5A:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WKEnRT37oX4Qw0f6NLvrqxSQWlc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/xZWQ3LurCLoNj9UeUy81wNs27v0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/f1dfe3-2609-46b8-b03f-da96019d4c20/1/WKEnRT37oX4Qw0f6NLvrqxSQWlc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:5d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:da:11:33:c8:7c:eb:c7:96:a7:a7:e3:39:b7:3c:76:7c:90:
         63:47:a5:39:24:98:90:c4:42:23:49:55:a8:78:ec:f5:4b:48:
         fd:1a:6c:1a:17:4b:5d:14:01:39:2f:7f:d0:70:cc:ea:32:1c:
         57:a4:2c:a1:ac:24:18:d7:4f:71:7f:d0:c8:5c:ea:7e:da:06:
         5d:8e:16:2a:7b:38:4f:cc:83:6b:c5:7a:85:23:6a:69:b3:a6:
         a4:e3:98:59:1f:5e:f9:d3:58:3a:56:92:1d:2c:9f:5c:30:a7:
         e1:26:f7:75:2a:f8:f7:9e:91:ec:5b:80:c7:1e:17:48:f0:c5:
         bc:7b:76:55:52:0f:17:a7:55:0a:c2:c1:ff:84:db:cc:f9:74:
         20:1b:46:e8:c0:23:46:8b:76:17:d9:2c:63:da:17:2e:f6:9f:
         62:f5:b9:4e:34:79:16:8c:cd:25:5e:e8:29:77:41:b9:47:a9:
         4e:f3:9c:03:32:d9:06:f4:3d:6c:b3:c2:f1:bc:b5:d2:96:29:
         d6:99:9e:e9:47:26:2a:23:5b:56:a7:46:5a:ae:cc:3e:a4:78:
         2c:e5:35:90:68:dc:52:a5:d6:b4:bd:cf:a6:f2:b9:b0:e8:8d:
         a8:e4:43:39:ac:5b:a0:f8:10:90:80:80:44:9f:cd:51:4c:cb:
         90:00:c1:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2vaMdMZ8x9r59ZZUu6ExMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YTEyNzQ1M2RmYmExN2UxMGMzNDdmYTM0YmJlYmFiMTQ5
MDVhNTcwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTk1OTBkY2JiYWIwOGJhMGQ4ZmQ1MWU1MzJmMzVjMGRiMzZlZWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpLoxJCFrcF0W+jQVVk3ksqKnXJ2
PMmkPbJ5Yumw0nuW44zED7PwcTUGhRBgniwT4H/UBF4OK6ZwqaD6QJsSuFW93yTO
aB9dPz3lrlNWybyGIh61Yb+Ozmf6vmlpXRHhi4aJ+mFEPnAMfSRsHGtUV9IHdvSk
EvXF3jjR8M27jqTkb6b2o3N68Mh5i17Avu512tN0tEOMHVRhLEcx0kxtCEovdj6i
tWwZcwu1zuVhxxBFezryGt6yEKIceroCLTBjhzfNIU9YDT2RX8OYkpFUHAPUhsVW
k4k15HK6C58UbkzBgH62TNhXqvYAyEk4t9BKOKYYBBvOv/rMrVPETHiZxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMWVkNy7qwi6DY/VHlMvNcDbNu79MB8GA1UdIwQY
MBaAFFihJ0U9+6F+EMNH+jS766sUkFpXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0tFblJUMzdvWDRRdzBmNk5MdnJxeFNRV2xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9mMWRmZTMtMjYwOS00NmI4LWIwM2Yt
ZGE5NjAxOWQ0YzIwLzEveFpXUTNMdXJDTG9OajlVZVV5ODF3TnMyN3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9mMWRmZTMtMjYwOS00NmI4LWIwM2YtZGE5NjAxOWQ0YzIw
LzEvV0tFblJUMzdvWDRRdzBmNk5MdnJxeFNRV2xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAXQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBb2hEzyHzrx5anp+M5tzx2fJBjR6U5JJiQxEIj
SVWoeOz1S0j9GmwaF0tdFAE5L3/QcMzqMhxXpCyhrCQY109xf9DIXOp+2gZdjhYq
ezhPzINrxXqFI2pps6ak45hZH17501g6VpIdLJ9cMKfhJvd1Kvj3npHsW4DHHhdI
8MW8e3ZVUg8Xp1UKwsH/hNvM+XQgG0bowCNGi3YX2Sxj2hcu9p9i9blONHkWjM0l
Xugpd0G5R6lO85wDMtkG9D1ss8LxvLXSlinWmZ7pRyYqI1tWp0Zarsw+pHgs5TWQ
aNxSpda0vc+m8rmw6I2o5EM5rFug+BCQgIBEn81RTMuQAMHi
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:07:57 2024 by rpki-client on console-fra.rpki-client.org