Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QRJSUGm7jSw9QbuHl1-UUiosCaQ.roa
File:                     QRJSUGm7jSw9QbuHl1-UUiosCaQ.roa (raw, json)
Hash identifier:          4mUYGEZRLtR94pvLiw/HwgxcdqdDwOTZ1DwGRLejSYI=
Subject key identifier:   41:12:52:50:69:BB:8D:2C:3D:41:BB:87:97:5F:94:52:2A:2C:09:A4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD0A915FD67E01A8F55002EEA5EADF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QRJSUGm7jSw9QbuHl1-UUiosCaQ.roa
Signing time:             Tue 02 Jan 2024 10:34:18 +0000
ROA not before:           Tue 02 Jan 2024 10:34:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204729
IP address blocks:        2a0e:b107:1b9d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:0a:91:5f:d6:7e:01:a8:f5:50:02:ee:a5:ea:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4112525069bb8d2c3d41bb87975f94522a2c09a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d6:2f:90:ab:df:6d:a7:4b:6a:24:0b:55:d7:
                    5e:3e:13:04:80:e9:7c:66:ee:78:e8:e9:ee:b3:f9:
                    ae:1e:9c:a4:54:12:ab:6a:ba:36:d2:d4:ef:67:13:
                    b0:7c:ee:1c:11:d7:7b:19:93:eb:4a:2a:ef:4f:8d:
                    f9:af:27:0a:6b:2c:df:e8:dc:d2:c5:6f:84:27:dc:
                    61:2c:da:b2:8e:26:44:65:e5:f3:a3:37:c8:ff:44:
                    30:3f:5b:c0:cf:66:87:66:b9:33:7b:19:29:1a:c0:
                    ce:dc:0b:1b:ce:3a:59:81:6c:64:93:da:08:64:32:
                    e6:b4:5a:22:64:80:17:4a:2a:34:95:59:aa:92:09:
                    2c:8b:f5:e4:2a:49:e4:47:3f:3b:6c:c0:c7:2d:84:
                    3a:11:fc:77:39:d6:00:e5:3e:77:23:f0:85:22:85:
                    fc:d0:e3:4c:03:68:fb:69:1d:0e:e7:07:3f:b1:33:
                    a7:10:14:d0:68:21:e5:2c:fa:01:ec:7e:d4:1c:f1:
                    a4:ad:55:f9:23:39:df:fc:b9:cf:ba:3d:29:bd:64:
                    f6:28:df:54:f6:72:eb:64:1d:ad:11:25:2b:2f:21:
                    09:e5:da:db:3e:e7:44:cc:6a:c8:67:0e:80:b6:3d:
                    62:e1:70:d9:13:e6:04:a2:77:ca:e6:fe:16:72:3f:
                    c8:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:12:52:50:69:BB:8D:2C:3D:41:BB:87:97:5F:94:52:2A:2C:09:A4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QRJSUGm7jSw9QbuHl1-UUiosCaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1b9d::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:eb:d3:17:90:f6:6d:f5:cc:c3:39:1f:89:d4:10:f0:c5:3a:
         84:93:95:eb:f6:77:49:43:55:98:b5:b4:08:20:6e:86:1b:5c:
         96:02:b0:12:ea:da:01:b0:1a:95:2a:12:d1:43:2c:71:f6:6d:
         68:6a:2b:73:ad:9b:71:f5:c6:21:89:ab:88:67:cf:bb:fa:9c:
         7d:cf:f9:7b:d6:e7:31:ea:1e:6a:09:a8:65:90:c2:5e:9a:0f:
         26:ba:b6:1e:bb:4a:47:c7:54:0a:07:04:ff:9a:5d:7c:5e:cd:
         20:b3:2f:65:8a:3c:12:3f:52:98:79:ed:5f:0b:18:8b:68:9c:
         8c:0f:ad:ea:ec:3d:bc:de:95:0c:b4:b4:75:ae:cc:28:94:5a:
         a2:5d:86:d9:34:53:64:f9:56:dd:a0:2d:84:10:7e:d3:50:55:
         ea:12:bb:6f:31:10:d5:8c:62:4d:35:3f:bf:1d:5b:85:37:fd:
         37:56:dc:cb:7d:b5:20:41:f9:5e:20:d8:07:2d:22:a3:4c:ce:
         71:e2:ff:72:95:12:6a:57:fa:ca:7f:21:fa:45:15:18:e9:89:
         2d:90:6b:5d:dd:f8:12:78:44:ce:cc:cc:2e:bb:72:36:f7:15:
         88:63:0b:7e:15:4a:e8:71:5a:93:26:5b:c7:15:0c:b4:04:2b:
         b5:43:14:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQqRX9Z+Aaj1UALuperfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTEyNTI1MDY5YmI4ZDJjM2Q0MWJiODc5NzVmOTQ1MjJhMmMwOWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdYvkKvfbadLaiQLVddePhMEgOl8
Zu546Onus/muHpykVBKraro20tTvZxOwfO4cEdd7GZPrSirvT435rycKayzf6NzS
xW+EJ9xhLNqyjiZEZeXzozfI/0QwP1vAz2aHZrkzexkpGsDO3AsbzjpZgWxkk9oI
ZDLmtFoiZIAXSio0lVmqkgksi/XkKknkRz87bMDHLYQ6Efx3OdYA5T53I/CFIoX8
0ONMA2j7aR0O5wc/sTOnEBTQaCHlLPoB7H7UHPGkrVX5Iznf/LnPuj0pvWT2KN9U
9nLrZB2tESUrLyEJ5drbPudEzGrIZw6Atj1i4XDZE+YEonfK5v4Wcj/ILwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEESUlBpu40sPUG7h5dflFIqLAmkMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUVJKU1VHbTdqU3c5UWJ1SGwxLVVVaW9zQ2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxud
MA0GCSqGSIb3DQEBCwUAA4IBAQCZ69MXkPZt9czDOR+J1BDwxTqEk5Xr9ndJQ1WY
tbQIIG6GG1yWArAS6toBsBqVKhLRQyxx9m1oaitzrZtx9cYhiauIZ8+7+px9z/l7
1ucx6h5qCahlkMJemg8murYeu0pHx1QKBwT/ml18Xs0gsy9lijwSP1KYee1fCxiL
aJyMD63q7D283pUMtLR1rswolFqiXYbZNFNk+VbdoC2EEH7TUFXqErtvMRDVjGJN
NT+/HVuFN/03VtzLfbUgQfleINgHLSKjTM5x4v9ylRJqV/rKfyH6RRUY6YktkGtd
3fgSeETOzMwuu3I29xWIYwt+FUrocVqTJlvHFQy0BCu1QxRT
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:07:56 2024 by rpki-client on console-ams.rpki-client.org