Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RJPxyLgF2184lVIPbkgJh4jnYbI.roa
File:                     RJPxyLgF2184lVIPbkgJh4jnYbI.roa (raw, json)
Hash identifier:          oTGj/2dmcHvflHmtIQaJACnJZZhiXyAyuasA3AZWF28=
Subject key identifier:   44:93:F1:C8:B8:05:DB:5F:38:95:52:0F:6E:48:09:87:88:E7:61:B2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCE2AD8596F769CD4105FF38D6F564
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RJPxyLgF2184lVIPbkgJh4jnYbI.roa
Signing time:             Tue 02 Jan 2024 10:34:08 +0000
ROA not before:           Tue 02 Jan 2024 10:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149007
IP address blocks:        2a0e:b107:1800::/44 maxlen: 48
                          2a0e:b107:1806::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e2:ad:85:96:f7:69:cd:41:05:ff:38:d6:f5:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4493f1c8b805db5f3895520f6e48098788e761b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ea:e6:01:e5:6f:44:40:c9:5d:39:fc:f2:24:
                    01:08:a1:74:84:b4:f6:58:41:2f:86:0c:32:78:d8:
                    6d:18:c6:f7:b8:ad:f4:8d:b2:cd:f1:6d:70:31:9e:
                    dd:6e:c1:69:5b:f9:60:26:33:2b:79:41:12:70:e0:
                    59:ed:68:53:d7:10:15:01:17:83:09:10:a1:d6:21:
                    2b:9a:ad:35:11:5d:2f:c4:1f:23:f5:d2:e4:50:57:
                    d2:ef:d7:d4:3d:6c:a6:8a:e2:4c:b5:99:6a:3c:ae:
                    5a:2e:69:44:16:e5:47:f3:2f:32:90:65:14:1b:2b:
                    42:a7:f1:e6:42:68:7b:f1:92:77:36:1b:d5:e4:e6:
                    cc:5a:30:f4:e7:b6:f3:5a:ca:8b:15:6d:28:a0:ad:
                    24:1d:b4:e0:f0:1e:e2:0c:bb:94:64:f8:e6:ce:07:
                    ba:98:87:fa:9e:a8:9a:21:c3:aa:4d:a0:7c:ac:db:
                    a4:1e:4f:e1:f2:b3:98:dd:3c:f6:27:dd:79:1a:ef:
                    e6:d1:b9:41:68:9c:89:34:47:ef:20:92:b4:40:8a:
                    f2:7a:ee:49:83:7f:bf:9a:48:89:07:71:ed:d1:3f:
                    1f:a0:cc:cb:5a:ec:f3:d6:5e:47:3d:55:c1:fa:77:
                    80:77:fd:48:7b:26:7b:9c:67:5a:4d:29:d5:d7:39:
                    76:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:93:F1:C8:B8:05:DB:5F:38:95:52:0F:6E:48:09:87:88:E7:61:B2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RJPxyLgF2184lVIPbkgJh4jnYbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1800::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:4b:8c:67:d9:19:4a:58:2e:30:33:7a:ec:af:00:8c:71:83:
         a3:78:89:24:b4:8d:87:79:ad:e2:fb:b9:f0:68:f1:b5:e6:fa:
         80:61:0f:c7:bf:d3:8f:f2:93:5a:13:ed:19:2d:dc:e0:f1:68:
         b7:f7:de:c5:c6:00:4c:2d:47:60:6f:11:51:16:1e:e1:f4:c3:
         48:33:fe:ed:3e:64:f2:1c:06:43:7f:a3:21:a2:bf:6c:03:de:
         6e:a4:f5:96:fd:ce:15:df:a7:2b:6c:07:2e:18:c4:a7:00:17:
         5f:f6:05:7a:a3:73:b5:f5:29:d0:84:f6:3a:c8:48:55:9e:de:
         30:c6:05:39:e7:bf:6c:dc:bb:aa:05:81:d5:a4:6f:32:c7:16:
         ab:26:95:b3:70:c5:db:65:f4:a9:e2:cb:bc:42:b1:c7:6d:73:
         8f:2c:40:38:74:59:e4:6e:ec:a2:96:57:90:39:c8:41:19:c6:
         7f:90:32:81:de:b9:1c:3b:c3:e8:a5:f1:2e:00:de:e8:96:a0:
         46:6b:a8:e7:49:3e:73:a9:de:a4:de:fb:00:d1:28:f6:f8:d1:
         24:21:0e:eb:23:13:6c:1f:8b:cb:c2:22:64:4a:41:7a:35:8f:
         c8:73:d2:07:33:0e:e0:6a:d4:6b:64:35:05:4b:67:88:c9:ca:
         27:fc:1a:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOKthZb3ac1BBf841vVkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDkzZjFjOGI4MDVkYjVmMzg5NTUyMGY2ZTQ4MDk4Nzg4ZTc2MWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsurmAeVvREDJXTn88iQBCKF0hLT2
WEEvhgwyeNhtGMb3uK30jbLN8W1wMZ7dbsFpW/lgJjMreUEScOBZ7WhT1xAVAReD
CRCh1iErmq01EV0vxB8j9dLkUFfS79fUPWymiuJMtZlqPK5aLmlEFuVH8y8ykGUU
GytCp/HmQmh78ZJ3NhvV5ObMWjD057bzWsqLFW0ooK0kHbTg8B7iDLuUZPjmzge6
mIf6nqiaIcOqTaB8rNukHk/h8rOY3Tz2J915Gu/m0blBaJyJNEfvIJK0QIryeu5J
g3+/mkiJB3Ht0T8foMzLWuzz1l5HPVXB+neAd/1IeyZ7nGdaTSnV1zl2xwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEST8ci4BdtfOJVSD25ICYeI52GyMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUkpQeHlMZ0YyMTg0bFZJUGJrZ0poNGpuWWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxgA
MA0GCSqGSIb3DQEBCwUAA4IBAQAGS4xn2RlKWC4wM3rsrwCMcYOjeIkktI2Hea3i
+7nwaPG15vqAYQ/Hv9OP8pNaE+0ZLdzg8Wi3997FxgBMLUdgbxFRFh7h9MNIM/7t
PmTyHAZDf6Mhor9sA95upPWW/c4V36crbAcuGMSnABdf9gV6o3O19SnQhPY6yEhV
nt4wxgU5579s3LuqBYHVpG8yxxarJpWzcMXbZfSp4su8QrHHbXOPLEA4dFnkbuyi
lleQOchBGcZ/kDKB3rkcO8PopfEuAN7olqBGa6jnST5zqd6k3vsA0Sj2+NEkIQ7r
IxNsH4vLwiJkSkF6NY/Ic9IHMw7gatRrZDUFS2eIycon/Bqz
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:24:30 2024 by rpki-client on console-fra.rpki-client.org