Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/j1Alzj0YVPdKPnEcUZBmHi56I1U.roa
File:                     j1Alzj0YVPdKPnEcUZBmHi56I1U.roa (raw, json)
Hash identifier:          0nLYf19FAco5PtBZEixEti08sjGL9vvvZqHm0xzL15Y=
Subject key identifier:   8F:50:25:CE:3D:18:54:F7:4A:3E:71:1C:51:90:66:1E:2E:7A:23:55
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD3CCF920D9D87EDC7D9FDDF63CAF7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/j1Alzj0YVPdKPnEcUZBmHi56I1U.roa
Signing time:             Tue 02 Jan 2024 10:34:31 +0000
ROA not before:           Tue 02 Jan 2024 10:34:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211840
IP address blocks:        2a0e:97c0:1ba::/47 maxlen: 48
                          2a0e:97c0:1bd::/48 maxlen: 48
                          2a0e:97c0:1b0::/48 maxlen: 48
                          2a0e:b107:862::/48 maxlen: 48
                          2a0e:b107:86c::/48 maxlen: 48
                          2a0e:b107:861::/48 maxlen: 48
                          2a0e:97c0:1bc::/48 maxlen: 48
                          2a0e:97c0:1b2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:3c:cf:92:0d:9d:87:ed:c7:d9:fd:df:63:ca:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f5025ce3d1854f74a3e711c5190661e2e7a2355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:cb:f9:ab:07:d3:ee:63:5f:f0:60:7c:6d:b7:
                    80:9c:b0:d8:4b:7e:f7:36:b4:3e:8c:e8:ad:0b:56:
                    e3:6f:ed:fc:e3:f1:3b:3f:b5:b9:49:be:99:8b:0a:
                    35:e7:df:4f:6b:9d:35:90:54:2e:c7:ed:e2:fd:11:
                    69:37:6f:7d:b9:34:d8:ee:d1:09:63:66:51:75:77:
                    3f:87:27:5b:1e:df:66:8e:6b:e0:9c:74:36:cd:8a:
                    97:6d:e8:67:86:bf:e4:17:dc:09:b2:84:ae:5b:bb:
                    4d:38:36:72:85:9a:49:97:eb:e9:8d:dd:9d:dd:86:
                    27:eb:78:42:80:67:db:a4:c2:ec:4d:f3:7f:51:9a:
                    83:29:84:7c:c5:28:4a:06:17:19:28:e1:fd:80:db:
                    c1:0f:30:ac:66:3f:b2:f3:d5:19:f4:3c:b3:79:ed:
                    e6:a8:c1:6a:7e:94:ac:96:4a:9c:a7:eb:84:10:80:
                    9d:58:35:0b:05:19:ad:5a:1f:dc:69:51:be:77:af:
                    54:04:34:b7:1d:8f:e0:7c:6f:63:91:fa:a7:ce:a7:
                    25:73:da:a0:84:02:6a:d4:11:97:ac:4e:10:69:7b:
                    1b:ec:0d:23:fa:10:ed:4e:42:83:71:38:c5:e3:72:
                    9e:b3:ce:4b:a0:5c:d1:5c:97:e4:cc:77:67:bc:a9:
                    f5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:50:25:CE:3D:18:54:F7:4A:3E:71:1C:51:90:66:1E:2E:7A:23:55
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/j1Alzj0YVPdKPnEcUZBmHi56I1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:1b0::/48
                  2a0e:97c0:1b2::/48
                  2a0e:97c0:1ba::-2a0e:97c0:1bd:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:861::-2a0e:b107:862:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:86c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:76:94:9a:dc:55:3d:05:44:84:fe:88:f8:a9:ae:2c:c8:1e:
         f7:b3:40:97:97:ac:35:7a:1c:21:b9:0b:8f:4e:55:8d:e9:94:
         68:e1:b7:1a:0d:52:b3:30:2a:dc:7b:f5:a7:26:b1:47:fa:04:
         75:79:30:52:63:19:a7:27:5b:52:00:17:93:f2:3f:4a:a8:01:
         69:2f:c6:e7:df:28:16:0b:41:a5:e0:f4:9f:09:b5:14:ca:25:
         eb:04:06:1e:a6:87:f4:97:a9:f7:36:eb:9f:fe:cf:14:02:a1:
         ce:4f:24:a5:70:3f:5f:d7:23:c7:c0:36:0a:c4:04:1b:ba:32:
         ee:0e:62:73:61:ff:cc:ed:70:6a:bd:4d:42:95:02:01:d7:5d:
         33:fd:3f:6a:f8:b8:e8:5c:4b:22:1b:1d:ff:e2:21:36:d4:6f:
         0f:1e:48:60:2f:df:15:2e:0c:9d:5c:88:f4:88:fc:c8:be:c2:
         e3:65:3e:57:df:ab:e2:cb:5a:48:db:73:5d:58:a3:b7:a1:08:
         a2:c8:6f:55:11:47:8f:d8:96:f1:1c:b8:02:33:e4:e6:7f:38:
         70:9a:9b:f5:53:da:43:a3:16:4c:84:4b:05:ab:68:07:ee:69:
         ba:5d:a6:6c:4a:23:00:ab:09:06:e9:fe:44:eb:8d:3c:63:07:
         f9:08:1c:6b
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYzJvTzPkg2dh+3H2f3fY8r3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjUwMjVjZTNkMTg1NGY3NGEzZTcxMWM1MTkwNjYxZTJlN2EyMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5sv5qwfT7mNf8GB8bbeAnLDYS373
NrQ+jOitC1bjb+384/E7P7W5Sb6Ziwo1599Pa501kFQux+3i/RFpN299uTTY7tEJ
Y2ZRdXc/hydbHt9mjmvgnHQ2zYqXbehnhr/kF9wJsoSuW7tNODZyhZpJl+vpjd2d
3YYn63hCgGfbpMLsTfN/UZqDKYR8xShKBhcZKOH9gNvBDzCsZj+y89UZ9Dyzee3m
qMFqfpSslkqcp+uEEICdWDULBRmtWh/caVG+d69UBDS3HY/gfG9jkfqnzqclc9qg
hAJq1BGXrE4QaXsb7A0j+hDtTkKDcTjF43Kes85LoFzRXJfkzHdnvKn1XQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFI9QJc49GFT3Sj5xHFGQZh4ueiNVMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvajFBbHpqMFlWUGRLUG5FY1VaQm1IaTU2STFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzBJBAIAAjBDAwcAKg6XwAGw
AwcAKg6XwAGyMBIDBwEqDpfAAboDBwEqDpfAAbwwEgMHACoOsQcIYQMHACoOsQcI
YgMHACoOsQcIbDANBgkqhkiG9w0BAQsFAAOCAQEALHaUmtxVPQVEhP6I+KmuLMge
97NAl5esNXocIbkLj05VjemUaOG3Gg1SszAq3Hv1pyaxR/oEdXkwUmMZpydbUgAX
k/I/SqgBaS/G598oFgtBpeD0nwm1FMol6wQGHqaH9Jep9zbrn/7PFAKhzk8kpXA/
X9cjx8A2CsQEG7oy7g5ic2H/zO1war1NQpUCAdddM/0/avi46FxLIhsd/+IhNtRv
Dx5IYC/fFS4MnVyI9Ij8yL7C42U+V9+r4staSNtzXVijt6EIoshvVRFHj9iW8Ry4
AjPk5n84cJqb9VPaQ6MWTIRLBatoB+5pul2mbEojAKsJBun+ROuNPGMH+Qgcaw==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:07:58 2024 by rpki-client on console-ams.rpki-client.org