Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/A_LqRIGxNY0dUMT6govcqdBQD8Q.roa
File:                     A_LqRIGxNY0dUMT6govcqdBQD8Q.roa (raw, json)
Hash identifier:          ZOk2ULgQUJt/kL/qZmRbohamav6BIy5ksIPMnGO3hA4=
Subject key identifier:   03:F2:EA:44:81:B1:35:8D:1D:50:C4:FA:82:8B:DC:A9:D0:50:0F:C4
Certificate issuer:       /CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
Certificate serial:       018CC6B79F917EBF4ACA388872FFA097986E
Authority key identifier: FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/A_LqRIGxNY0dUMT6govcqdBQD8Q.roa
Signing time:             Mon 01 Jan 2024 20:29:31 +0000
ROA not before:           Mon 01 Jan 2024 20:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0a:4540:1000::/48 maxlen: 48
                          2a0a:4540:220::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:9f:91:7e:bf:4a:ca:38:88:72:ff:a0:97:98:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
        Validity
            Not Before: Jan  1 20:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03f2ea4481b1358d1d50c4fa828bdca9d0500fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:39:e6:cd:44:b3:83:fa:49:3f:5a:d0:0a:29:
                    94:20:c3:b4:62:82:91:fa:0b:6d:fa:31:29:14:f3:
                    19:7b:10:b3:e9:ac:a6:28:4b:57:12:c8:64:f5:2a:
                    f0:ff:89:99:52:f8:e9:14:6a:1d:52:23:80:54:46:
                    53:9a:de:fd:4f:54:52:97:90:3c:87:9a:80:3b:ee:
                    02:84:47:27:a9:a1:ed:04:5d:bb:b5:e3:74:2d:a2:
                    4e:a4:2c:1d:57:67:90:fb:d8:69:0e:05:01:a9:13:
                    3a:0e:69:6d:3a:0b:ef:3d:b6:3d:96:91:eb:79:cb:
                    94:3e:79:da:84:47:9d:6e:f3:47:0a:48:66:5e:df:
                    cc:4a:bd:65:08:8e:9a:d3:39:01:de:32:be:84:6f:
                    84:95:dd:61:d3:3f:e0:2d:28:31:29:a7:22:21:ed:
                    be:f6:be:1b:78:2f:e1:90:08:bf:07:99:bb:42:98:
                    16:35:62:11:7b:ee:21:53:5b:0b:c5:a1:cf:97:63:
                    46:69:24:48:47:21:79:3d:af:0f:bb:1a:bb:47:4d:
                    10:35:df:7d:45:b8:7c:93:59:31:c7:00:52:d1:e5:
                    06:48:c8:a8:f8:43:b8:f7:29:89:70:b2:dd:4e:19:
                    f9:e8:04:2b:6f:9a:58:6d:0e:ad:76:c6:8f:59:33:
                    ef:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:F2:EA:44:81:B1:35:8D:1D:50:C4:FA:82:8B:DC:A9:D0:50:0F:C4
            X509v3 Authority Key Identifier:
                keyid:FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/A_LqRIGxNY0dUMT6govcqdBQD8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4540:220::/48
                  2a0a:4540:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:9c:e5:d8:91:4c:66:65:68:4e:91:3f:7f:6c:7c:3b:94:cc:
         d0:e5:66:f9:71:a2:32:91:7d:bd:e1:11:a6:90:64:e3:66:c1:
         c4:55:40:f6:6e:c4:20:07:4b:b4:e1:92:b7:33:9a:78:ff:b2:
         4d:8f:73:df:9b:e0:ca:13:fd:b5:ef:f8:a4:11:d6:27:ea:fb:
         ef:49:5a:e8:61:a2:50:65:9e:2a:f6:a9:b8:b8:c8:c1:3c:d9:
         80:bd:bf:51:33:3f:58:3d:de:a9:93:72:b8:b0:fd:34:19:17:
         45:52:b7:78:d5:ce:18:5f:a7:01:37:fc:5f:9b:4a:06:62:05:
         f4:ee:9c:5d:8c:36:e1:98:12:78:54:cc:e7:28:29:5b:96:be:
         90:0f:43:d8:7e:b1:96:90:d4:a1:2e:05:ca:bf:db:b7:4c:46:
         85:64:e7:7e:44:41:c9:17:24:b2:95:1f:9c:24:3d:b9:fa:5f:
         34:ff:0a:22:6c:3d:b7:29:4d:d7:5a:fe:af:47:4d:61:2d:7a:
         1e:57:8a:1e:fe:2f:61:18:a6:f8:ee:e5:10:61:70:8f:60:6a:
         1c:25:98:c6:10:e3:72:9d:08:16:58:85:b8:cb:01:c3:5b:33:
         35:d5:28:09:84:fb:2b:13:4f:da:4b:32:bd:77:a2:bc:d9:c7:
         b0:b9:4b:38
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGt5+Rfr9KyjiIcv+gl5huMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYWM1MGYxOWQ5OTMwYWVlYzA5Y2QyN2Y1MDhmYzUwMmVh
MTRkMWYwHhcNMjQwMTAxMjAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2YyZWE0NDgxYjEzNThkMWQ1MGM0ZmE4MjhiZGNhOWQwNTAwZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljnmzUSzg/pJP1rQCimUIMO0YoKR
+gtt+jEpFPMZexCz6aymKEtXEshk9Srw/4mZUvjpFGodUiOAVEZTmt79T1RSl5A8
h5qAO+4ChEcnqaHtBF27teN0LaJOpCwdV2eQ+9hpDgUBqRM6DmltOgvvPbY9lpHr
ecuUPnnahEedbvNHCkhmXt/MSr1lCI6a0zkB3jK+hG+Eld1h0z/gLSgxKaciIe2+
9r4beC/hkAi/B5m7QpgWNWIRe+4hU1sLxaHPl2NGaSRIRyF5Pa8Puxq7R00QNd99
Rbh8k1kxxwBS0eUGSMio+EO49ymJcLLdThn56AQrb5pYbQ6tdsaPWTPv3wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAPy6kSBsTWNHVDE+oKL3KnQUA/EMB8GA1UdIwQY
MBaAFPusUPGdmTCu7AnNJ/UI/FAuoU0fMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02eFE4WjJaTUs3c0NjMG45UWo4VUM2aFRSOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04Yjkx
LWQ2MmU0NTRiZjM3Zi8xL0FfTHFSSUd4TlkwZFVNVDZnb3ZjcWRCUUQ4US5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04YjkxLWQ2MmU0NTRiZjM3
Zi8xLzEtNnhROFoyWk1LN3NDYzBuOVFqOFVDNmhUUjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqCkVA
AiADBwAqCkVAEAAwDQYJKoZIhvcNAQELBQADggEBAKSc5diRTGZlaE6RP39sfDuU
zNDlZvlxojKRfb3hEaaQZONmwcRVQPZuxCAHS7Thkrczmnj/sk2Pc9+b4MoT/bXv
+KQR1ifq++9JWuhholBlnir2qbi4yME82YC9v1EzP1g93qmTcriw/TQZF0VSt3jV
zhhfpwE3/F+bSgZiBfTunF2MNuGYEnhUzOcoKVuWvpAPQ9h+sZaQ1KEuBcq/27dM
RoVk535EQckXJLKVH5wkPbn6XzT/CiJsPbcpTdda/q9HTWEteh5Xih7+L2EYpvju
5RBhcI9gahwlmMYQ43KdCBZYhbjLAcNbMzXVKAmE+ysTT9pLMr13orzZx7C5Szg=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:40:40 2024 by rpki-client on console-fra.rpki-client.org