Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/2d6ddf-d448-4566-b364-f0b2dd07f727/1/KSTzKgVWUvCIUrWJkDbNAZRY1eU.roa
File:                     KSTzKgVWUvCIUrWJkDbNAZRY1eU.roa (raw, json)
Hash identifier:          BxEzAu5+3GhcCrQFPuD3DtLekD9rPewvnpsmFGOhsVM=
Subject key identifier:   29:24:F3:2A:05:56:52:F0:88:52:B5:89:90:36:CD:01:94:58:D5:E5
Certificate issuer:       /CN=e2407a7696f07984143054d411e3ca5f1836ecd4
Certificate serial:       018CC56E2CD951FCD7AB5F0F3276D3E7D6B6
Authority key identifier: E2:40:7A:76:96:F0:79:84:14:30:54:D4:11:E3:CA:5F:18:36:EC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4kB6dpbweYQUMFTUEePKXxg27NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/2d6ddf-d448-4566-b364-f0b2dd07f727/1/KSTzKgVWUvCIUrWJkDbNAZRY1eU.roa
Signing time:             Mon 01 Jan 2024 14:29:41 +0000
ROA not before:           Mon 01 Jan 2024 14:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201377
IP address blocks:        2001:67c:ae4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/2d6ddf-d448-4566-b364-f0b2dd07f727/1/4kB6dpbweYQUMFTUEePKXxg27NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/2d6ddf-d448-4566-b364-f0b2dd07f727/1/4kB6dpbweYQUMFTUEePKXxg27NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4kB6dpbweYQUMFTUEePKXxg27NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:2c:d9:51:fc:d7:ab:5f:0f:32:76:d3:e7:d6:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2407a7696f07984143054d411e3ca5f1836ecd4
        Validity
            Not Before: Jan  1 14:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2924f32a055652f08852b5899036cd019458d5e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:bb:3a:97:19:de:88:58:eb:f0:ec:03:cc:4b:
                    de:54:fb:2e:c7:b4:61:34:25:b1:a4:de:80:d4:70:
                    04:11:ce:1a:76:39:93:dc:ab:f8:37:cc:81:f9:47:
                    ee:d4:1b:f6:c3:dd:04:a1:d8:92:0b:02:ae:7c:2a:
                    f8:ed:3c:f4:f8:4e:86:be:c7:25:d4:0b:f0:ae:47:
                    35:38:b6:c5:0e:8c:9e:22:d7:88:13:67:d7:0f:e9:
                    34:25:73:98:fc:f5:85:19:cd:c6:e4:37:16:c9:be:
                    b4:59:49:7b:37:ec:64:7e:6a:2a:75:72:41:9f:f9:
                    59:76:a4:4b:da:36:06:b7:ed:0e:93:d2:98:22:6b:
                    ee:76:ef:dc:61:a2:2f:4f:3d:03:26:6b:58:23:85:
                    30:e8:cd:1f:4d:f2:b4:22:99:5e:2d:be:71:f2:ea:
                    ec:c2:78:6d:4f:bd:94:ad:fc:74:f6:f3:f2:23:a0:
                    71:da:78:d8:6d:79:13:0b:63:50:a8:b0:21:6b:16:
                    95:b6:75:9e:3a:8c:43:e5:46:46:24:7c:29:b5:13:
                    4e:7e:bd:72:ec:72:63:b6:44:ca:2b:7c:53:57:74:
                    98:1b:a6:07:f6:d9:f0:97:88:03:e0:82:2a:82:74:
                    3f:cd:87:d1:9c:bc:1b:53:a1:c7:97:47:04:5e:40:
                    fe:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:24:F3:2A:05:56:52:F0:88:52:B5:89:90:36:CD:01:94:58:D5:E5
            X509v3 Authority Key Identifier:
                keyid:E2:40:7A:76:96:F0:79:84:14:30:54:D4:11:E3:CA:5F:18:36:EC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4kB6dpbweYQUMFTUEePKXxg27NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/2d6ddf-d448-4566-b364-f0b2dd07f727/1/KSTzKgVWUvCIUrWJkDbNAZRY1eU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/2d6ddf-d448-4566-b364-f0b2dd07f727/1/4kB6dpbweYQUMFTUEePKXxg27NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ae4::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:2f:9d:c3:b5:52:68:ab:8a:b8:db:66:0f:22:bb:fb:b3:e9:
         e3:31:6b:6a:8a:63:51:e5:cd:0c:c8:dc:08:d6:da:b5:93:61:
         ab:1a:24:9a:99:45:1d:5b:e3:4e:68:e4:71:d3:1f:f7:1e:73:
         e2:19:1d:a2:50:37:2d:cd:b3:68:65:92:46:a9:71:d5:c9:3c:
         ff:7e:b5:a8:43:59:af:6d:7b:03:78:05:69:a4:0d:a0:f1:88:
         a5:d3:d2:dc:7e:a4:97:2b:4e:b9:c5:0c:b7:84:24:b6:16:92:
         58:1a:1b:d5:07:fa:45:dc:18:b3:66:75:41:7c:35:68:d9:31:
         98:c0:a3:21:11:10:f3:a1:69:c4:70:5a:eb:5f:32:ad:2e:3c:
         a0:62:00:48:0f:b4:99:ce:14:6b:bf:70:7a:fa:d1:08:42:5f:
         17:57:09:14:b3:e4:15:15:6c:19:cc:26:63:31:f5:24:93:e7:
         02:e7:ff:16:54:90:b9:65:fe:2f:19:f3:d1:ea:c4:4e:02:76:
         2b:31:43:af:a8:95:34:f1:c8:74:d2:10:78:e0:d5:22:41:2b:
         63:82:bd:14:a6:cd:2c:44:e3:95:6f:e3:b1:e0:21:6e:9a:2e:
         53:76:48:61:6d:4d:cd:f2:93:70:60:57:43:39:5a:87:4a:11:
         c7:e0:54:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbizZUfzXq18PMnbT59a2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNDA3YTc2OTZmMDc5ODQxNDMwNTRkNDExZTNjYTVmMTgz
NmVjZDQwHhcNMjQwMTAxMTQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTI0ZjMyYTA1NTY1MmYwODg1MmI1ODk5MDM2Y2QwMTk0NThkNWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobs6lxneiFjr8OwDzEveVPsux7Rh
NCWxpN6A1HAEEc4adjmT3Kv4N8yB+Ufu1Bv2w90EodiSCwKufCr47Tz0+E6Gvscl
1Avwrkc1OLbFDoyeIteIE2fXD+k0JXOY/PWFGc3G5DcWyb60WUl7N+xkfmoqdXJB
n/lZdqRL2jYGt+0Ok9KYImvudu/cYaIvTz0DJmtYI4Uw6M0fTfK0IpleLb5x8urs
wnhtT72Urfx09vPyI6Bx2njYbXkTC2NQqLAhaxaVtnWeOoxD5UZGJHwptRNOfr1y
7HJjtkTKK3xTV3SYG6YH9tnwl4gD4IIqgnQ/zYfRnLwbU6HHl0cEXkD+sQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCkk8yoFVlLwiFK1iZA2zQGUWNXlMB8GA1UdIwQY
MBaAFOJAenaW8HmEFDBU1BHjyl8YNuzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGtCNmRwYndlWVFVTUZUVUVlUEtYeGcyN05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8yZDZkZGYtZDQ0OC00NTY2LWIzNjQt
ZjBiMmRkMDdmNzI3LzEvS1NUektnVldVdkNJVXJXSmtEYk5BWlJZMWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8yZDZkZGYtZDQ0OC00NTY2LWIzNjQtZjBiMmRkMDdmNzI3
LzEvNGtCNmRwYndlWVFVTUZUVUVlUEtYeGcyN05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArk
MA0GCSqGSIb3DQEBCwUAA4IBAQATL53DtVJoq4q422YPIrv7s+njMWtqimNR5c0M
yNwI1tq1k2GrGiSamUUdW+NOaORx0x/3HnPiGR2iUDctzbNoZZJGqXHVyTz/frWo
Q1mvbXsDeAVppA2g8Yil09LcfqSXK065xQy3hCS2FpJYGhvVB/pF3BizZnVBfDVo
2TGYwKMhERDzoWnEcFrrXzKtLjygYgBID7SZzhRrv3B6+tEIQl8XVwkUs+QVFWwZ
zCZjMfUkk+cC5/8WVJC5Zf4vGfPR6sROAnYrMUOvqJU08ch00hB44NUiQStjgr0U
ps0sROOVb+Ox4CFumi5TdkhhbU3N8pNwYFdDOVqHShHH4FTZ
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:05:02 2024 by rpki-client on console-ams.rpki-client.org