Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/1JaAiN2yFjhB4HufpXnnCTsAYmk.roa
File:                     1JaAiN2yFjhB4HufpXnnCTsAYmk.roa (raw, json)
Hash identifier:          EATZ0RMzoroT15YM5/MNE7mg1yFQb9M5Gg0t7ZgpVwo=
Subject key identifier:   D4:96:80:88:DD:B2:16:38:41:E0:7B:9F:A5:79:E7:09:3B:00:62:69
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       018CC9BBA3ECAF1D1A2C6F066C8083970589
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/1JaAiN2yFjhB4HufpXnnCTsAYmk.roa
Signing time:             Tue 02 Jan 2024 10:32:46 +0000
ROA not before:           Tue 02 Jan 2024 10:32:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207530
IP address blocks:        2a09:d2c1:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:a3:ec:af:1d:1a:2c:6f:06:6c:80:83:97:05:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Jan  2 10:32:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4968088ddb2163841e07b9fa579e7093b006269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6f:e0:38:46:65:4f:e2:0c:10:f5:46:9e:3c:
                    5c:2e:2d:f1:f6:8c:b4:0f:7c:9f:76:da:8e:8b:ea:
                    1b:fa:da:ea:f8:25:15:c8:5a:b3:e8:a2:8d:c5:ff:
                    3c:96:b3:94:b8:75:b9:a1:52:e2:92:e6:21:16:d8:
                    81:fc:19:16:6f:21:51:9f:5d:37:c4:48:13:41:ec:
                    65:20:97:16:3b:f6:bf:0f:d0:b2:a1:74:36:70:18:
                    f7:de:e2:d8:92:9b:a7:e0:7a:86:05:7e:28:c4:42:
                    01:bc:0f:65:1d:f2:6d:c3:1d:cc:27:57:f9:8a:34:
                    d4:5e:e2:cc:40:d9:5f:86:9b:25:a7:b6:28:72:b2:
                    30:53:25:6a:ff:d9:6f:af:3b:96:08:d2:a8:f8:8c:
                    53:f0:6f:0b:5e:5b:07:23:d1:97:3c:e7:cc:8e:1d:
                    bd:08:a4:bc:6c:1b:d2:df:56:50:43:a7:61:ec:cf:
                    3f:a6:a3:dd:e5:6d:b0:d5:b3:1a:04:5c:94:ba:e2:
                    d1:a7:98:27:b7:cf:d7:01:28:2c:d1:05:29:fc:1d:
                    c2:e3:2b:92:dd:43:65:ca:f6:c7:6b:3e:4a:03:e8:
                    35:95:59:d8:3b:21:98:a4:a0:85:d1:74:b3:ca:93:
                    42:4b:3b:e2:1b:03:df:e4:6b:62:60:09:9d:c5:ba:
                    70:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:96:80:88:DD:B2:16:38:41:E0:7B:9F:A5:79:E7:09:3B:00:62:69
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/1JaAiN2yFjhB4HufpXnnCTsAYmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d2c1:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:58:3b:d0:fb:c6:3f:16:9c:47:85:a0:5b:a8:a7:7c:73:82:
         9e:d0:e4:bd:72:c6:d3:e7:81:61:f5:8e:cd:17:08:fd:7b:2d:
         72:c8:ea:56:63:bc:a3:7d:69:1d:5c:d1:c8:a7:72:31:ab:85:
         41:be:f6:82:f6:56:96:40:b3:aa:0e:ed:dd:89:56:64:44:49:
         55:b4:66:d9:36:4c:1c:cd:31:d4:76:06:7c:fe:b2:af:7e:a8:
         c5:b5:7f:3c:4d:c6:0f:cd:4a:a2:36:c1:f0:e9:d3:26:3a:0c:
         43:21:68:8b:6b:6d:18:b3:06:c6:b4:a5:b1:eb:6e:4c:38:27:
         26:71:3a:94:5e:77:c0:31:5d:a9:38:fb:f6:04:8e:cb:13:e4:
         01:b7:05:ad:a0:ac:04:1a:93:98:84:47:fa:ab:58:20:a5:de:
         d5:19:fd:3e:6f:92:1f:ca:85:36:0d:d6:a2:c5:65:36:5b:3b:
         f2:be:76:d1:32:46:63:82:81:ba:32:dd:b4:ea:12:a3:e7:7f:
         4e:a6:87:75:5b:c3:47:c6:2c:61:d2:3b:f1:14:f9:05:5c:57:
         6b:a2:da:b8:f6:a9:35:aa:20:72:70:b2:77:09:21:4f:cd:3f:
         73:b9:9d:e0:62:46:02:ff:f5:57:bb:4e:6f:e9:21:ac:d2:99:
         14:6e:e8:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu6Psrx0aLG8GbICDlwWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjQwMTAyMTAzMjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDk2ODA4OGRkYjIxNjM4NDFlMDdiOWZhNTc5ZTcwOTNiMDA2MjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoW/gOEZlT+IMEPVGnjxcLi3x9oy0
D3yfdtqOi+ob+trq+CUVyFqz6KKNxf88lrOUuHW5oVLikuYhFtiB/BkWbyFRn103
xEgTQexlIJcWO/a/D9CyoXQ2cBj33uLYkpun4HqGBX4oxEIBvA9lHfJtwx3MJ1f5
ijTUXuLMQNlfhpslp7YocrIwUyVq/9lvrzuWCNKo+IxT8G8LXlsHI9GXPOfMjh29
CKS8bBvS31ZQQ6dh7M8/pqPd5W2w1bMaBFyUuuLRp5gnt8/XASgs0QUp/B3C4yuS
3UNlyvbHaz5KA+g1lVnYOyGYpKCF0XSzypNCSzviGwPf5GtiYAmdxbpwRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNSWgIjdshY4QeB7n6V55wk7AGJpMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvMUphQWlOMnlGamhCNEh1ZnBYbm5DVHNBWW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgnSwQAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBdWDvQ+8Y/FpxHhaBbqKd8c4Ke0OS9csbT54Fh
9Y7NFwj9ey1yyOpWY7yjfWkdXNHIp3Ixq4VBvvaC9laWQLOqDu3diVZkRElVtGbZ
NkwczTHUdgZ8/rKvfqjFtX88TcYPzUqiNsHw6dMmOgxDIWiLa20YswbGtKWx625M
OCcmcTqUXnfAMV2pOPv2BI7LE+QBtwWtoKwEGpOYhEf6q1ggpd7VGf0+b5IfyoU2
DdaixWU2WzvyvnbRMkZjgoG6Mt206hKj539Opod1W8NHxixh0jvxFPkFXFdrotq4
9qk1qiBycLJ3CSFPzT9zuZ3gYkYC//VXu05v6SGs0pkUbuhi
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:04:35 2024 by rpki-client on console-ams.rpki-client.org