Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4Htk9AUEmhaZSV31QmKce-ax0wI.roa
File:                     4Htk9AUEmhaZSV31QmKce-ax0wI.roa (raw, json)
Hash identifier:          Rn2ftiswZtb00l1W4QvnV/3oJ4VpNiMK0VQZVTG0QMo=
Subject key identifier:   E0:7B:64:F4:05:04:9A:16:99:49:5D:F5:42:62:9C:7B:E6:B1:D3:02
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD2C01D06B4A83D7FFB3DE0C51D717
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4Htk9AUEmhaZSV31QmKce-ax0wI.roa
Signing time:             Tue 02 Jan 2024 10:34:27 +0000
ROA not before:           Tue 02 Jan 2024 10:34:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210864
IP address blocks:        2a0e:b107:1a00::/48 maxlen: 48
                          2a0e:b107:1a05::/48 maxlen: 48
                          2a0e:b107:1a0a::/48 maxlen: 48
                          2a0e:b107:1a04::/48 maxlen: 48
                          2a0e:b107:1a09::/48 maxlen: 48
                          2a0e:b107:1a03::/48 maxlen: 48
                          2a0e:b107:1a08::/48 maxlen: 48
                          2a0e:b107:1a02::/48 maxlen: 48
                          2a0e:b107:1a07::/48 maxlen: 48
                          2a0e:b107:1a0c::/48 maxlen: 48
                          2a0e:b107:1a01::/48 maxlen: 48
                          2a0e:b107:1a06::/48 maxlen: 48
                          2a0e:b107:1a0b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:2c:01:d0:6b:4a:83:d7:ff:b3:de:0c:51:d7:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e07b64f405049a1699495df542629c7be6b1d302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:1e:34:9b:76:93:db:27:78:bc:74:a9:13:35:
                    36:49:ca:40:a3:eb:62:6d:48:ea:ce:e0:b0:12:51:
                    2b:56:f2:87:6b:af:45:94:6d:e1:82:5b:1a:5a:00:
                    40:ba:1c:7f:18:65:fa:f7:99:26:ec:3c:d1:62:33:
                    67:55:0a:36:31:3e:e1:5d:00:e5:5d:44:96:3e:aa:
                    49:3f:ef:53:c9:8d:4e:93:31:af:db:6d:e8:9e:fd:
                    03:f0:53:74:32:87:f4:f3:7d:cf:97:a8:11:9c:19:
                    5b:d5:99:76:a1:8c:ef:7d:fe:04:58:99:ca:cd:d4:
                    42:29:b4:a1:65:9f:cd:46:c6:ab:8a:54:17:f9:71:
                    67:9a:4c:fb:d7:64:55:6a:a2:d6:8f:ce:fd:cc:d1:
                    a2:f8:da:30:ab:21:75:73:b2:93:ba:26:9f:eb:c8:
                    21:14:5f:12:1d:b1:1d:ae:1e:3b:79:d7:bd:95:69:
                    03:e9:76:4b:9c:8b:fe:f8:ae:0d:0a:7c:03:88:75:
                    ed:c2:9c:24:3d:0c:12:09:4b:84:1d:f3:24:4d:9c:
                    59:75:c9:74:15:17:bb:4e:ff:71:4e:0a:15:2f:3e:
                    27:7b:3c:0d:3c:b0:f8:fc:e8:86:ec:50:23:ee:a2:
                    5a:ba:09:cd:ba:0c:c4:1b:46:8e:63:17:45:83:01:
                    f9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:7B:64:F4:05:04:9A:16:99:49:5D:F5:42:62:9C:7B:E6:B1:D3:02
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4Htk9AUEmhaZSV31QmKce-ax0wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1a00::-2a0e:b107:1a0c:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         5b:30:e9:b8:3d:e4:e4:9a:2c:f8:66:23:b5:55:54:84:42:29:
         4f:e1:be:29:8a:ea:0a:8d:47:62:6c:16:60:df:da:e2:7d:ff:
         82:6d:4b:9b:06:6d:a9:11:81:43:19:d0:f4:7f:4d:1d:74:54:
         33:d7:58:fe:a4:77:0c:ff:9c:9a:04:76:32:32:1e:0d:bc:e9:
         ec:76:fb:9d:19:d1:ab:b1:d6:20:be:b3:43:ad:1e:03:6e:27:
         86:09:e5:4c:0d:cd:48:d7:a1:05:c9:ba:20:60:69:1f:3a:e9:
         da:d3:9d:56:6a:25:0b:b2:e4:69:b2:48:ef:38:a3:8b:fb:a8:
         8b:53:7e:69:97:f3:10:a5:5e:e0:76:6f:04:2c:4c:82:84:8c:
         a8:1d:48:e8:ad:51:11:fa:d5:e6:be:21:c9:37:c5:35:1a:c9:
         ac:36:fa:33:1b:53:1c:e0:ff:51:35:58:6d:89:eb:9c:f4:38:
         bd:0e:f4:49:24:56:64:b1:a1:e6:95:a9:b9:5e:c8:d1:c0:af:
         5b:a8:e2:dc:9e:86:e6:8e:a8:42:b4:bd:26:4a:36:54:46:9a:
         87:9f:a7:77:c6:02:fd:90:02:db:22:77:13:a8:34:4e:11:45:
         f0:60:b2:b3:71:f2:6d:81:f0:80:f6:e0:cb:cc:71:0b:f3:0e:
         2a:e3:a8:0c
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzJvSwB0GtKg9f/s94MUdcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDdiNjRmNDA1MDQ5YTE2OTk0OTVkZjU0MjYyOWM3YmU2YjFkMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgh40m3aT2yd4vHSpEzU2ScpAo+ti
bUjqzuCwElErVvKHa69FlG3hglsaWgBAuhx/GGX695km7DzRYjNnVQo2MT7hXQDl
XUSWPqpJP+9TyY1OkzGv223onv0D8FN0Mof0833Pl6gRnBlb1Zl2oYzvff4EWJnK
zdRCKbShZZ/NRsarilQX+XFnmkz712RVaqLWj879zNGi+NowqyF1c7KTuiaf68gh
FF8SHbEdrh47ede9lWkD6XZLnIv++K4NCnwDiHXtwpwkPQwSCUuEHfMkTZxZdcl0
FRe7Tv9xTgoVLz4nezwNPLD4/OiG7FAj7qJaugnNugzEG0aOYxdFgwH5BwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFOB7ZPQFBJoWmUld9UJinHvmsdMCMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNEh0azlBVUVtaGFaU1YzMVFtS2NlLWF4MHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAAjATMBEDBgEqDrEH
GgMHACoOsQcaDDANBgkqhkiG9w0BAQsFAAOCAQEAWzDpuD3k5Jos+GYjtVVUhEIp
T+G+KYrqCo1HYmwWYN/a4n3/gm1LmwZtqRGBQxnQ9H9NHXRUM9dY/qR3DP+cmgR2
MjIeDbzp7Hb7nRnRq7HWIL6zQ60eA24nhgnlTA3NSNehBcm6IGBpHzrp2tOdVmol
C7LkabJI7ziji/uoi1N+aZfzEKVe4HZvBCxMgoSMqB1I6K1REfrV5r4hyTfFNRrJ
rDb6MxtTHOD/UTVYbYnrnPQ4vQ70SSRWZLGh5pWpuV7I0cCvW6ji3J6G5o6oQrS9
Jko2VEaah5+nd8YC/ZAC2yJ3E6g0ThFF8GCys3HybYHwgPbgy8xxC/MOKuOoDA==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:07:53 2024 by rpki-client on console-ams.rpki-client.org