Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lFqsk18R7Iuk4GJKwWIHSc_32Ng.roa
File:                     lFqsk18R7Iuk4GJKwWIHSc_32Ng.roa (raw, json)
Hash identifier:          l9EJqPLK3GPzdEqtTrcdDd+D57q4T4UewXnsu6BuPEo=
Subject key identifier:   94:5A:AC:93:5F:11:EC:8B:A4:E0:62:4A:C1:62:07:49:CF:F7:D8:D8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4BD3B9A3065BCD4A1E8D1B740A61
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lFqsk18R7Iuk4GJKwWIHSc_32Ng.roa
Signing time:             Tue 02 Jan 2024 10:34:35 +0000
ROA not before:           Tue 02 Jan 2024 10:34:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213086
IP address blocks:        2a0e:b107:670::/44 maxlen: 48
                          2a0e:b107:1f00::/44 maxlen: 48
                          2a0e:b107:1df0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:4b:d3:b9:a3:06:5b:cd:4a:1e:8d:1b:74:0a:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=945aac935f11ec8ba4e0624ac1620749cff7d8d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:83:f8:fd:2d:c1:a7:24:6e:ec:37:bf:a9:f5:
                    68:ad:f6:44:17:cc:81:00:f3:d0:39:3a:13:15:8f:
                    13:15:6f:52:7e:3e:01:2e:df:30:56:9d:85:d9:d1:
                    21:8e:80:a8:32:49:a0:c4:8e:07:c1:bd:e4:4c:12:
                    31:79:fa:47:64:96:16:15:96:44:9b:76:ca:c5:56:
                    11:c9:f2:14:41:df:57:7c:f4:80:f4:c0:19:26:83:
                    67:35:d0:7d:2a:6d:14:5a:df:07:15:d6:d3:b0:48:
                    c5:28:e0:1d:01:15:e1:10:33:37:02:d0:e3:0d:1f:
                    a4:fe:23:fb:35:d2:f2:33:dc:24:5d:b8:5b:cd:f3:
                    91:8f:fd:7b:30:b2:c1:72:d9:00:05:24:cb:0a:ac:
                    35:e0:4b:cf:a7:73:9f:f3:79:a5:88:10:b8:0a:b3:
                    b7:af:29:b2:5a:85:e6:cd:58:b6:ba:9c:4c:1d:54:
                    d0:f5:60:85:e3:29:de:77:21:b6:80:7f:41:4e:81:
                    97:b6:d3:89:9d:50:20:a7:fe:84:eb:18:ab:75:cb:
                    38:c6:f1:d0:45:a2:e1:8b:2a:bc:00:52:f0:7f:7b:
                    1d:9d:5e:d0:ef:11:32:a2:1d:a7:85:15:40:9d:e7:
                    64:80:0e:2d:4e:f6:64:07:f5:2d:15:74:62:d0:f5:
                    8c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:5A:AC:93:5F:11:EC:8B:A4:E0:62:4A:C1:62:07:49:CF:F7:D8:D8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lFqsk18R7Iuk4GJKwWIHSc_32Ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:670::/44
                  2a0e:b107:1df0::/44
                  2a0e:b107:1f00::/44

    Signature Algorithm: sha256WithRSAEncryption
         ad:ad:81:ff:3b:b5:12:c3:47:50:0a:6a:2f:ec:1d:e7:00:ae:
         7f:f4:2d:4f:68:2c:e2:df:f8:c8:df:21:67:07:19:0b:5a:33:
         2a:21:b1:fc:3a:97:de:de:e4:f4:f2:19:5b:eb:cd:a8:10:2c:
         2c:1e:8f:1b:f1:64:02:34:dc:a5:a4:88:70:50:20:f5:ba:6e:
         43:dc:94:22:7a:26:d1:4a:9e:61:d3:05:90:03:f3:57:7d:39:
         6f:88:62:e1:68:b5:9d:69:38:72:65:95:65:ac:5e:e5:10:f6:
         3e:5b:c1:74:24:d6:12:77:86:11:03:de:09:ac:9c:74:fb:6e:
         95:02:b8:6c:a8:1b:8d:80:8d:99:80:48:ce:af:45:7f:ac:42:
         6d:8a:0e:47:9f:52:41:9c:25:70:b0:43:31:51:d7:64:d1:da:
         b3:cd:75:fe:19:f5:7b:00:d7:d0:c7:95:b0:11:9a:8d:28:8d:
         d5:f7:cf:cc:ce:06:f4:07:69:2b:e0:20:92:f9:7e:5e:e1:a9:
         d3:a5:02:d5:a6:36:eb:6d:c0:a4:c5:a7:01:8e:a6:94:37:6a:
         8e:dc:40:73:b3:9a:b1:87:0b:3c:76:55:a2:56:5d:03:0f:de:
         88:73:b6:2e:df:2b:a2:1f:b1:71:05:40:a1:7c:72:56:c3:4f:
         16:d0:4a:14
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvUvTuaMGW81KHo0bdAphMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDVhYWM5MzVmMTFlYzhiYTRlMDYyNGFjMTYyMDc0OWNmZjdkOGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYP4/S3BpyRu7De/qfVorfZEF8yB
APPQOToTFY8TFW9Sfj4BLt8wVp2F2dEhjoCoMkmgxI4Hwb3kTBIxefpHZJYWFZZE
m3bKxVYRyfIUQd9XfPSA9MAZJoNnNdB9Km0UWt8HFdbTsEjFKOAdARXhEDM3AtDj
DR+k/iP7NdLyM9wkXbhbzfORj/17MLLBctkABSTLCqw14EvPp3Of83mliBC4CrO3
rymyWoXmzVi2upxMHVTQ9WCF4ynedyG2gH9BToGXttOJnVAgp/6E6xirdcs4xvHQ
RaLhiyq8AFLwf3sdnV7Q7xEyoh2nhRVAnedkgA4tTvZkB/UtFXRi0PWM+QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJRarJNfEeyLpOBiSsFiB0nP99jYMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbEZxc2sxOFI3SXVrNEdKS3dXSUhTY18zMk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKg6xBwZw
AwcEKg6xBx3wAwcEKg6xBx8AMA0GCSqGSIb3DQEBCwUAA4IBAQCtrYH/O7USw0dQ
Cmov7B3nAK5/9C1PaCzi3/jI3yFnBxkLWjMqIbH8Opfe3uT08hlb682oECwsHo8b
8WQCNNylpIhwUCD1um5D3JQieibRSp5h0wWQA/NXfTlviGLhaLWdaThyZZVlrF7l
EPY+W8F0JNYSd4YRA94JrJx0+26VArhsqBuNgI2ZgEjOr0V/rEJtig5Hn1JBnCVw
sEMxUddk0dqzzXX+GfV7ANfQx5WwEZqNKI3V98/Mzgb0B2kr4CCS+X5e4anTpQLV
pjbrbcCkxacBjqaUN2qO3EBzs5qxhws8dlWiVl0DD96Ic7Yu3yuiH7FxBUChfHJW
w08W0EoU
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:05:06 2024 by rpki-client on console-ams.rpki-client.org