Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/tE8N1MFkqhk6jIfLMFgoT_wgVX0.roa
File:                     tE8N1MFkqhk6jIfLMFgoT_wgVX0.roa (raw, json)
Hash identifier:          /DH4Q7XpYO6xpsKb10h/5Ri6pMZ75rQlQtf46bYEzS4=
Subject key identifier:   B4:4F:0D:D4:C1:64:AA:19:3A:8C:87:CB:30:58:28:4F:FC:20:55:7D
Certificate issuer:       /CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
Certificate serial:       018CC6B7A00EC5032A31F30814B6FA9FEDFE
Authority key identifier: FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/tE8N1MFkqhk6jIfLMFgoT_wgVX0.roa
Signing time:             Mon 01 Jan 2024 20:29:31 +0000
ROA not before:           Mon 01 Jan 2024 20:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203279
IP address blocks:        2a0a:4540:101::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a0:0e:c5:03:2a:31:f3:08:14:b6:fa:9f:ed:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
        Validity
            Not Before: Jan  1 20:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b44f0dd4c164aa193a8c87cb3058284ffc20557d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f8:5a:4b:cf:79:c9:31:12:b1:83:0c:e9:5f:
                    03:f5:15:18:c6:bb:f4:e3:ba:0e:74:55:e6:d7:f9:
                    5b:f8:40:ca:9c:53:f6:51:91:09:5f:09:e3:a6:12:
                    e3:02:8f:e5:8b:79:50:65:8d:38:01:ee:de:2e:4b:
                    02:dc:7c:27:ed:41:e0:7d:fa:f8:f1:20:07:aa:4f:
                    c0:62:f5:11:a7:bd:df:10:da:aa:08:29:27:ee:6f:
                    0c:a9:fd:09:68:78:aa:1b:34:f0:8b:d9:e0:72:3c:
                    8c:92:c4:a5:97:52:18:ad:8f:4a:28:66:41:b4:7d:
                    5b:7b:60:44:78:1f:57:95:0e:d7:25:98:7e:61:af:
                    8b:59:e7:85:14:a2:5e:65:28:3a:73:03:9a:34:7b:
                    2a:95:09:9a:38:0b:4a:8f:2d:14:7f:cd:c4:62:41:
                    b0:27:c3:46:03:46:02:23:a6:f2:c8:af:a2:ec:21:
                    b9:c3:4f:d7:9c:e7:a4:e9:45:cd:09:da:73:48:82:
                    a2:b0:6c:04:e6:81:ae:b6:3b:2a:de:4a:f4:48:36:
                    8d:15:f7:2f:47:68:84:7b:48:a6:5b:ea:a8:c9:e4:
                    c1:c0:9d:7b:97:f5:ff:4b:80:65:c0:49:be:14:82:
                    14:9d:a7:59:eb:89:51:ce:f4:81:e6:91:37:77:ca:
                    f2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:4F:0D:D4:C1:64:AA:19:3A:8C:87:CB:30:58:28:4F:FC:20:55:7D
            X509v3 Authority Key Identifier:
                keyid:FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/tE8N1MFkqhk6jIfLMFgoT_wgVX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4540:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:69:30:2f:f0:e7:a1:1f:da:6c:d8:4f:f6:ad:18:4d:5d:a9:
         43:6f:8c:fb:91:a4:0d:b0:86:b5:7e:fe:a5:75:cd:f5:72:54:
         9d:df:8a:7c:ab:a4:7d:33:d6:7d:a3:a3:01:db:3c:84:61:0d:
         22:29:e9:16:87:7d:f4:12:10:07:2b:60:cf:c2:4a:5a:fd:2a:
         44:05:86:14:2c:22:4e:5c:33:72:0d:34:78:ad:d7:62:a9:df:
         fd:95:bb:55:62:bb:c1:e1:94:b2:01:84:49:32:eb:03:e2:fb:
         e8:96:4b:ff:be:15:e0:11:fe:13:10:f3:40:17:a4:fb:f0:89:
         a3:d9:f7:be:a2:3c:0e:77:1b:36:76:9f:4f:9a:ec:ee:8d:c6:
         f4:78:44:83:53:f5:c8:d6:2a:b5:91:b3:a7:9f:44:2b:36:69:
         19:2d:89:ba:74:8a:17:cc:fe:89:45:0f:a6:43:06:75:7d:a6:
         a5:ec:eb:99:3e:95:e2:0f:b1:a2:22:92:be:71:92:e1:ca:1c:
         fa:d6:66:90:85:fa:4d:ee:6b:53:53:b9:05:43:e4:b8:0f:e5:
         28:92:52:a9:00:71:da:88:4b:bc:d8:8e:c9:4b:96:c5:1f:ba:
         a9:fc:98:bb:02:85:af:a8:6a:ae:16:33:28:d5:b4:7b:4f:41:
         84:0c:65:c3
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzGt6AOxQMqMfMIFLb6n+3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYWM1MGYxOWQ5OTMwYWVlYzA5Y2QyN2Y1MDhmYzUwMmVh
MTRkMWYwHhcNMjQwMTAxMjAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDRmMGRkNGMxNjRhYTE5M2E4Yzg3Y2IzMDU4Mjg0ZmZjMjA1NTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPhaS895yTESsYMM6V8D9RUYxrv0
47oOdFXm1/lb+EDKnFP2UZEJXwnjphLjAo/li3lQZY04Ae7eLksC3Hwn7UHgffr4
8SAHqk/AYvURp73fENqqCCkn7m8Mqf0JaHiqGzTwi9ngcjyMksSll1IYrY9KKGZB
tH1be2BEeB9XlQ7XJZh+Ya+LWeeFFKJeZSg6cwOaNHsqlQmaOAtKjy0Uf83EYkGw
J8NGA0YCI6byyK+i7CG5w0/XnOek6UXNCdpzSIKisGwE5oGutjsq3kr0SDaNFfcv
R2iEe0imW+qoyeTBwJ17l/X/S4BlwEm+FIIUnadZ64lRzvSB5pE3d8ryuwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFLRPDdTBZKoZOoyHyzBYKE/8IFV9MB8GA1UdIwQY
MBaAFPusUPGdmTCu7AnNJ/UI/FAuoU0fMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02eFE4WjJaTUs3c0NjMG45UWo4VUM2aFRSOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04Yjkx
LWQ2MmU0NTRiZjM3Zi8xL3RFOE4xTUZrcWhrNmpJZkxNRmdvVF93Z1ZYMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04YjkxLWQ2MmU0NTRiZjM3
Zi8xLzEtNnhROFoyWk1LN3NDYzBuOVFqOFVDNmhUUjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqCkVA
AQEwDQYJKoZIhvcNAQELBQADggEBABRpMC/w56Ef2mzYT/atGE1dqUNvjPuRpA2w
hrV+/qV1zfVyVJ3finyrpH0z1n2jowHbPIRhDSIp6RaHffQSEAcrYM/CSlr9KkQF
hhQsIk5cM3INNHit12Kp3/2Vu1Viu8HhlLIBhEky6wPi++iWS/++FeAR/hMQ80AX
pPvwiaPZ976iPA53GzZ2n0+a7O6NxvR4RINT9cjWKrWRs6efRCs2aRktibp0ihfM
/olFD6ZDBnV9pqXs65k+leIPsaIikr5xkuHKHPrWZpCF+k3ua1NTuQVD5LgP5SiS
UqkAcdqIS7zYjslLlsUfuqn8mLsCha+oaq4WMyjVtHtPQYQMZcM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:39:19 2024 by rpki-client on console-ams.rpki-client.org