Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/ocjdF42zvShfnjSZwRVS8Um8OMY.roa
File:                     ocjdF42zvShfnjSZwRVS8Um8OMY.roa (raw, json)
Hash identifier:          6X8ZOeeBNErElmUJWEp/QtQ6E6tjEOy+1AIo5EFFQIM=
Subject key identifier:   A1:C8:DD:17:8D:B3:BD:28:5F:9E:34:99:C1:15:52:F1:49:BC:38:C6
Certificate issuer:       /CN=b0dfafd36730396fe338e772dadbe4c3c85cd952
Certificate serial:       018CC8DEA0F729614353309CBFB5D39439BC
Authority key identifier: B0:DF:AF:D3:67:30:39:6F:E3:38:E7:72:DA:DB:E4:C3:C8:5C:D9:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sN-v02cwOW_jOOdy2tvkw8hc2VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/ocjdF42zvShfnjSZwRVS8Um8OMY.roa
Signing time:             Tue 02 Jan 2024 06:31:22 +0000
ROA not before:           Tue 02 Jan 2024 06:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42721
IP address blocks:        2a09:6340::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/sN-v02cwOW_jOOdy2tvkw8hc2VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/sN-v02cwOW_jOOdy2tvkw8hc2VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sN-v02cwOW_jOOdy2tvkw8hc2VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a0:f7:29:61:43:53:30:9c:bf:b5:d3:94:39:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0dfafd36730396fe338e772dadbe4c3c85cd952
        Validity
            Not Before: Jan  2 06:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1c8dd178db3bd285f9e3499c11552f149bc38c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2e:21:6d:d8:86:d4:72:6b:a1:42:da:3d:6a:
                    57:52:cb:04:d5:e3:1a:0e:c2:b5:9d:fb:d2:37:3b:
                    64:0b:1d:b5:37:4c:32:b4:e5:c6:fc:5f:ba:38:19:
                    bf:86:ac:1b:c7:c9:48:59:b2:d4:a0:3c:f2:c0:51:
                    96:48:ee:cf:43:f5:26:f3:e1:26:44:c4:f3:7b:c4:
                    b3:b1:6f:ab:e3:7a:e6:0a:2d:dd:72:a3:cc:c7:08:
                    13:71:d3:24:98:8a:bb:9c:31:d8:20:42:37:8a:e2:
                    ff:dd:8d:30:ac:2a:92:01:8f:10:b6:fc:81:64:16:
                    74:ce:4a:c8:40:57:09:50:2f:28:a3:57:af:23:ef:
                    30:b6:38:13:54:8a:84:8a:ef:f0:29:93:30:b5:ca:
                    a3:e6:5a:d4:80:79:bf:b3:6f:c2:50:8d:63:0d:61:
                    a8:7e:68:c1:de:7c:fc:18:92:d2:22:f0:43:64:1c:
                    b3:47:f5:89:7e:99:c1:b9:4a:a7:30:d9:d7:0b:a5:
                    45:cf:3e:f6:38:8f:ab:42:e0:39:39:f4:47:0d:f3:
                    74:d2:08:10:ae:39:a4:94:a0:0f:50:af:e7:c6:48:
                    5e:6c:d6:67:88:08:d3:59:88:f7:9d:53:6e:a9:8b:
                    a1:c4:64:9d:cf:03:2c:30:0d:c8:df:87:d4:da:47:
                    55:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C8:DD:17:8D:B3:BD:28:5F:9E:34:99:C1:15:52:F1:49:BC:38:C6
            X509v3 Authority Key Identifier:
                keyid:B0:DF:AF:D3:67:30:39:6F:E3:38:E7:72:DA:DB:E4:C3:C8:5C:D9:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sN-v02cwOW_jOOdy2tvkw8hc2VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/ocjdF42zvShfnjSZwRVS8Um8OMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f696fd-4d9d-4e28-926e-0aa5b46bf8aa/1/sN-v02cwOW_jOOdy2tvkw8hc2VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6340::/44

    Signature Algorithm: sha256WithRSAEncryption
         53:96:1d:a7:a7:96:c8:12:29:59:58:dc:ae:61:cb:a4:96:88:
         97:40:e6:ac:d2:37:52:75:c4:50:99:cf:41:84:6c:82:aa:63:
         c5:97:01:41:5a:be:c4:39:47:bc:c2:b5:d3:e7:33:dd:3f:b0:
         f2:54:d0:05:72:e5:61:61:3e:e8:ff:3f:47:a6:fa:21:d9:44:
         01:a8:a4:fc:6d:81:56:5a:a6:0f:25:f6:08:d4:c8:a2:ac:53:
         53:b3:cb:50:10:35:7d:58:2d:18:95:42:92:06:e1:fa:f1:e9:
         cd:c2:11:02:be:35:b8:53:01:4a:48:49:b7:29:75:de:6f:41:
         97:30:24:cb:f7:89:8e:a8:22:96:9e:3a:97:9b:8e:c4:8d:ab:
         d6:a0:d8:05:2f:49:1f:15:5c:28:be:f7:6a:49:a6:b3:d5:24:
         67:4f:83:52:e2:24:58:d2:95:7f:f4:33:70:bd:ee:4b:3b:d6:
         d8:06:26:5c:59:e8:f7:69:03:32:f4:57:bb:c1:32:52:43:ef:
         c7:5b:a3:42:b8:ff:fe:75:55:4e:a4:67:3f:a8:5f:b9:ec:fc:
         4f:17:81:fb:5b:e1:64:f0:90:dc:64:a9:3a:9e:b3:e5:7e:e3:
         a7:64:bb:a3:0f:7a:98:bf:58:24:8c:3e:fc:7e:5c:95:43:e4:
         40:6c:d4:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3qD3KWFDUzCcv7XTlDm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZGZhZmQzNjczMDM5NmZlMzM4ZTc3MmRhZGJlNGMzYzg1
Y2Q5NTIwHhcNMjQwMTAyMDYzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWM4ZGQxNzhkYjNiZDI4NWY5ZTM0OTljMTE1NTJmMTQ5YmMzOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqi4hbdiG1HJroULaPWpXUssE1eMa
DsK1nfvSNztkCx21N0wytOXG/F+6OBm/hqwbx8lIWbLUoDzywFGWSO7PQ/Um8+Em
RMTze8SzsW+r43rmCi3dcqPMxwgTcdMkmIq7nDHYIEI3iuL/3Y0wrCqSAY8QtvyB
ZBZ0zkrIQFcJUC8oo1evI+8wtjgTVIqEiu/wKZMwtcqj5lrUgHm/s2/CUI1jDWGo
fmjB3nz8GJLSIvBDZByzR/WJfpnBuUqnMNnXC6VFzz72OI+rQuA5OfRHDfN00ggQ
rjmklKAPUK/nxkhebNZniAjTWYj3nVNuqYuhxGSdzwMsMA3I34fU2kdV+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKHI3ReNs70oX540mcEVUvFJvDjGMB8GA1UdIwQY
MBaAFLDfr9NnMDlv4zjnctrb5MPIXNlSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc04tdjAyY3dPV19qT09keTJ0dmt3OGhjMlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mNjk2ZmQtNGQ5ZC00ZTI4LTkyNmUt
MGFhNWI0NmJmOGFhLzEvb2NqZEY0Mnp2U2hmbmpTWndSVlM4VW04T01ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mNjk2ZmQtNGQ5ZC00ZTI4LTkyNmUtMGFhNWI0NmJmOGFh
LzEvc04tdjAyY3dPV19qT09keTJ0dmt3OGhjMlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgljQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBTlh2np5bIEilZWNyuYcukloiXQOas0jdSdcRQ
mc9BhGyCqmPFlwFBWr7EOUe8wrXT5zPdP7DyVNAFcuVhYT7o/z9Hpvoh2UQBqKT8
bYFWWqYPJfYI1MiirFNTs8tQEDV9WC0YlUKSBuH68enNwhECvjW4UwFKSEm3KXXe
b0GXMCTL94mOqCKWnjqXm47EjavWoNgFL0kfFVwovvdqSaaz1SRnT4NS4iRY0pV/
9DNwve5LO9bYBiZcWej3aQMy9Fe7wTJSQ+/HW6NCuP/+dVVOpGc/qF+57PxPF4H7
W+Fk8JDcZKk6nrPlfuOnZLujD3qYv1gkjD78flyVQ+RAbNSS
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:11:35 2024 by rpki-client on console-fra.rpki-client.org