Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1tL-oc4Daz45pGbg2HLKgV_YS6Y.roa
File:                     1tL-oc4Daz45pGbg2HLKgV_YS6Y.roa (raw, json)
Hash identifier:          gysubQeeH/vKdPGCxORSaJWPBqDCMHyuWWc+6uyYAlw=
Subject key identifier:   D6:D2:FE:A1:CE:03:6B:3E:39:A4:66:E0:D8:72:CA:81:5F:D8:4B:A6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0191AEC18359DD5CA5EF4CBB28E763EE0D00
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1tL-oc4Daz45pGbg2HLKgV_YS6Y.roa
Signing time:             Sun 01 Sep 2024 18:03:23 +0000
ROA not before:           Sun 01 Sep 2024 18:03:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58087
IP address blocks:        2a0e:97c0:3e3::/48 maxlen: 48
                          2a0e:97c0:710::/48 maxlen: 48
                          2a0e:97c0:711::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ae:c1:83:59:dd:5c:a5:ef:4c:bb:28:e7:63:ee:0d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep  1 18:03:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6d2fea1ce036b3e39a466e0d872ca815fd84ba6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:75:e0:09:88:87:03:1f:48:c7:88:bb:8d:c5:
                    1e:43:5c:67:67:ba:66:63:d0:6b:bd:4b:ec:60:ca:
                    92:7e:9f:17:c4:cf:9c:44:42:fe:ae:f4:2e:bf:d1:
                    98:c5:bb:e8:a8:ee:1e:a2:53:f9:d8:90:90:df:6c:
                    c4:6a:4c:13:08:57:8f:4e:3a:77:d4:c4:0e:0d:02:
                    57:d4:bb:29:61:6a:4a:28:b6:11:a9:a1:5a:f4:6b:
                    e1:0b:57:89:97:20:06:f3:de:50:7c:ff:30:22:99:
                    49:d7:46:5e:5c:11:21:de:9b:c8:b7:32:bf:e6:00:
                    dc:9b:b3:e3:b1:1e:e7:15:27:d6:e3:75:45:ab:df:
                    ee:10:b1:4f:54:7e:66:26:1f:a3:78:60:2d:f1:db:
                    8d:23:61:98:f4:15:b3:f3:3c:b3:18:f5:47:12:8f:
                    11:82:04:94:35:29:d6:dd:19:d3:51:6e:b3:90:81:
                    85:c9:17:b1:ea:ec:75:b9:8d:c7:34:ee:7f:4a:0b:
                    54:8d:7c:93:83:32:53:a1:5e:85:f4:01:b7:1a:4d:
                    ea:33:19:35:9f:2e:2a:cf:00:d6:7b:e4:7c:aa:29:
                    e0:d5:73:6b:34:02:b7:e3:4b:64:f8:d2:b5:89:17:
                    e4:b9:d6:fd:9c:fd:df:d1:e6:78:95:47:43:4d:46:
                    97:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D2:FE:A1:CE:03:6B:3E:39:A4:66:E0:D8:72:CA:81:5F:D8:4B:A6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1tL-oc4Daz45pGbg2HLKgV_YS6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:3e3::/48
                  2a0e:97c0:710::/47

    Signature Algorithm: sha256WithRSAEncryption
         13:af:1b:fd:a8:c5:f5:ed:cc:e8:df:88:58:45:dc:98:02:57:
         83:ad:06:d9:48:42:df:33:f5:09:44:01:8e:9b:18:4b:bc:b5:
         d3:df:96:eb:6b:d7:bf:28:cb:8c:1a:50:ed:35:6f:e6:fd:f8:
         02:49:49:6e:b8:6d:b3:6a:4a:e5:f5:a5:85:51:44:8c:5c:9d:
         cc:17:1e:ba:74:50:ab:35:19:21:61:5a:d0:09:6e:21:33:49:
         85:a9:da:ab:cd:50:1b:92:db:a0:7a:40:19:70:ea:f5:b1:b0:
         d5:48:67:90:10:85:47:77:11:58:32:c0:4a:e2:74:84:a3:ce:
         4c:5b:e9:e0:ee:55:7e:c3:4d:fe:71:2e:6e:eb:c3:de:60:e8:
         ee:0a:d9:93:33:90:38:f3:fc:b0:7a:50:ff:91:f0:0c:d2:04:
         5f:ca:a9:3b:50:52:81:af:dd:69:3c:cb:a8:10:eb:26:f2:fc:
         7f:8e:09:32:65:ea:96:49:86:c4:44:da:03:ef:85:29:03:b9:
         4b:6b:09:77:f6:df:83:2b:9b:2b:84:48:27:f8:07:01:01:d8:
         c8:b1:8b:b9:31:23:01:21:88:b5:d2:62:47:bb:e0:05:d9:63:
         de:6b:04:f0:75:f8:d5:69:2f:90:32:6d:2a:d7:00:07:34:54:
         2e:58:6e:0f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZGuwYNZ3Vyl70y7KOdj7g0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwOTAxMTgwMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQyZmVhMWNlMDM2YjNlMzlhNDY2ZTBkODcyY2E4MTVmZDg0YmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XXgCYiHAx9Ix4i7jcUeQ1xnZ7pm
Y9BrvUvsYMqSfp8XxM+cREL+rvQuv9GYxbvoqO4eolP52JCQ32zEakwTCFePTjp3
1MQODQJX1LspYWpKKLYRqaFa9GvhC1eJlyAG895QfP8wIplJ10ZeXBEh3pvItzK/
5gDcm7PjsR7nFSfW43VFq9/uELFPVH5mJh+jeGAt8duNI2GY9BWz8zyzGPVHEo8R
ggSUNSnW3RnTUW6zkIGFyRex6ux1uY3HNO5/SgtUjXyTgzJToV6F9AG3Gk3qMxk1
ny4qzwDWe+R8qing1XNrNAK340tk+NK1iRfkudb9nP3f0eZ4lUdDTUaXmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNbS/qHOA2s+OaRm4NhyyoFf2EumMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMXRMLW9jNERhejQ1cEdiZzJITEtnVl9ZUzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6XwAPj
AwcBKg6XwAcQMA0GCSqGSIb3DQEBCwUAA4IBAQATrxv9qMX17czo34hYRdyYAleD
rQbZSELfM/UJRAGOmxhLvLXT35bra9e/KMuMGlDtNW/m/fgCSUluuG2zakrl9aWF
UUSMXJ3MFx66dFCrNRkhYVrQCW4hM0mFqdqrzVAbktugekAZcOr1sbDVSGeQEIVH
dxFYMsBK4nSEo85MW+ng7lV+w03+cS5u68PeYOjuCtmTM5A48/ywelD/kfAM0gRf
yqk7UFKBr91pPMuoEOsm8vx/jgkyZeqWSYbERNoD74UpA7lLawl39t+DK5srhEgn
+AcBAdjIsYu5MSMBIYi10mJHu+AF2WPeawTwdfjVaS+QMm0q1wAHNFQuWG4P
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:07:53 2024 by rpki-client on console-ams.rpki-client.org