Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-epT5JC1MSqcCL42fntjqcKBgo0.roa
File:                     1-epT5JC1MSqcCL42fntjqcKBgo0.roa (raw, json)
Hash identifier:          UIoLeMuYl2qCR5nQmEissu2TUbJFL01s1GH+rkbtWYM=
Subject key identifier:   F9:EA:53:E4:90:B5:31:2A:9C:08:BE:36:7E:7B:63:A9:C2:81:82:8D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCDE60193524D3884879D391203761
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-epT5JC1MSqcCL42fntjqcKBgo0.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140961
IP address blocks:        2a0e:b107:2220::/45 maxlen: 48
                          2a0e:b107:2228::/45 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:de:60:19:35:24:d3:88:48:79:d3:91:20:37:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9ea53e490b5312a9c08be367e7b63a9c281828d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9c:50:5b:88:3d:f8:6e:b4:1d:5c:c7:40:b5:
                    c9:e5:66:f6:45:84:e0:f7:d4:19:00:2e:ed:cb:52:
                    35:79:24:15:ca:ef:54:37:d2:83:43:2b:7c:04:49:
                    f9:da:a2:fa:56:28:60:c3:97:f2:9b:af:41:71:27:
                    20:f5:ba:76:d8:56:00:db:ed:ad:f9:3d:63:8f:91:
                    02:b2:56:0c:c1:3f:09:88:e1:36:58:34:2c:a4:5b:
                    d8:df:3e:8d:90:ce:51:c5:80:d1:64:6c:7a:60:a8:
                    1a:a3:d5:0e:57:21:22:73:68:56:55:0a:40:79:f6:
                    f9:e9:d9:42:45:bc:e0:70:b9:11:87:3a:12:ef:a6:
                    79:f8:ea:15:46:e2:bb:60:6a:9c:4f:86:bd:e3:dd:
                    64:d8:c3:78:e8:c5:c9:ff:b5:4f:1d:91:0e:d7:2c:
                    67:9f:f5:44:d0:74:03:88:8f:6e:9a:49:f8:d9:39:
                    01:14:41:7a:6c:a7:55:99:40:cb:9f:15:8d:df:48:
                    92:a0:7c:7e:e8:d1:46:03:e2:8f:80:39:99:aa:b0:
                    49:28:83:cd:a9:05:1a:f2:2e:c7:0d:40:45:c7:3e:
                    c6:2a:fc:30:25:ba:fe:e6:ef:60:8d:89:e2:6f:0a:
                    16:1d:eb:b5:cc:77:75:c1:15:47:f7:a6:de:23:40:
                    8c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:EA:53:E4:90:B5:31:2A:9C:08:BE:36:7E:7B:63:A9:C2:81:82:8D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-epT5JC1MSqcCL42fntjqcKBgo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2220::/44

    Signature Algorithm: sha256WithRSAEncryption
         6c:ac:eb:c6:be:76:b2:34:45:a7:69:ba:b7:30:15:77:90:b0:
         65:0a:6a:81:4c:ee:7b:8b:26:79:bd:de:52:43:e7:5c:de:46:
         8f:c6:41:47:a7:4c:af:ce:8d:b4:5f:a8:9e:31:d7:22:5c:fe:
         6c:12:53:c0:ad:57:75:61:c9:2a:26:4e:d1:2f:fa:46:cb:52:
         53:54:84:22:d9:7d:2a:4e:a9:cd:84:a6:3b:53:4f:18:b0:c5:
         c4:89:c9:b1:a1:64:a2:dc:fe:a8:83:12:1e:9d:3b:59:19:a9:
         5e:22:7c:07:05:5e:84:87:87:e6:ff:be:f8:89:9e:e7:be:89:
         5a:b9:e0:37:a6:a2:13:33:05:1e:ef:2b:59:a7:39:86:d8:38:
         8e:e3:13:c2:4b:ec:34:ad:5b:cb:7e:a4:d0:3e:bd:15:de:c1:
         ba:0d:f8:39:0b:0f:02:90:01:b5:5b:5d:22:9b:e8:f0:84:ca:
         f8:8e:9b:1a:d1:5c:52:5f:2f:8e:75:ef:28:8e:22:04:41:e8:
         25:67:57:24:d6:ad:7a:91:3e:d0:75:8d:df:15:c3:e8:22:65:
         cc:99:ee:3a:05:a6:58:fe:35:fe:8f:be:6f:62:cb:f9:51:64:
         e6:f0:f4:b1:04:ac:87:1d:10:ea:a8:2c:a2:a9:00:25:43:19:
         e9:d4:aa:61
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzJvN5gGTUk04hIedORIDdhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWVhNTNlNDkwYjUzMTJhOWMwOGJlMzY3ZTdiNjNhOWMyODE4MjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJxQW4g9+G60HVzHQLXJ5Wb2RYTg
99QZAC7ty1I1eSQVyu9UN9KDQyt8BEn52qL6Vihgw5fym69BcScg9bp22FYA2+2t
+T1jj5ECslYMwT8JiOE2WDQspFvY3z6NkM5RxYDRZGx6YKgao9UOVyEic2hWVQpA
efb56dlCRbzgcLkRhzoS76Z5+OoVRuK7YGqcT4a9491k2MN46MXJ/7VPHZEO1yxn
n/VE0HQDiI9umkn42TkBFEF6bKdVmUDLnxWN30iSoHx+6NFGA+KPgDmZqrBJKIPN
qQUa8i7HDUBFxz7GKvwwJbr+5u9gjYnibwoWHeu1zHd1wRVH96beI0CM/wIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPnqU+SQtTEqnAi+Nn57Y6nCgYKNMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMS1lcFQ1SkMxTVNxY0NMNDJmbnRqcWNLQmdvMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZh
NS8xL1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoOsQci
IDANBgkqhkiG9w0BAQsFAAOCAQEAbKzrxr52sjRFp2m6tzAVd5CwZQpqgUzue4sm
eb3eUkPnXN5Gj8ZBR6dMr86NtF+onjHXIlz+bBJTwK1XdWHJKiZO0S/6RstSU1SE
Itl9Kk6pzYSmO1NPGLDFxInJsaFkotz+qIMSHp07WRmpXiJ8BwVehIeH5v+++Ime
576JWrngN6aiEzMFHu8rWac5htg4juMTwkvsNK1by36k0D69Fd7Bug34OQsPApAB
tVtdIpvo8ITK+I6bGtFcUl8vjnXvKI4iBEHoJWdXJNatepE+0HWN3xXD6CJlzJnu
OgWmWP41/o++b2LL+VFk5vD0sQSshx0Q6qgsoqkAJUMZ6dSqYQ==
-----END CERTIFICATE-----
Generated at Sun Nov 24 15:42:23 2024 by rpki-client on console-fra.rpki-client.org