Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nl3YgxAPVo8SwY--C7WBW35Dr2o.roa
File:                     nl3YgxAPVo8SwY--C7WBW35Dr2o.roa (raw, json)
Hash identifier:          j6ipVNRTcJIQCsTsJ6W5fggIfNCThkldezkkFEHWVuY=
Subject key identifier:   9E:5D:D8:83:10:0F:56:8F:12:C1:8F:BE:0B:B5:81:5B:7E:43:AF:6A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCC88805B9050A4B6D50D47A62DFC3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nl3YgxAPVo8SwY--C7WBW35Dr2o.roa
Signing time:             Tue 02 Jan 2024 10:34:01 +0000
ROA not before:           Tue 02 Jan 2024 10:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39526
IP address blocks:        2a10:2f01:380::/42 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c8:88:05:b9:05:0a:4b:6d:50:d4:7a:62:df:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e5dd883100f568f12c18fbe0bb5815b7e43af6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:99:b8:d8:1e:1c:1c:38:9a:e6:40:70:e0:25:
                    7b:5f:be:35:bc:6a:80:df:0f:b5:95:3c:56:00:af:
                    6d:e1:a8:5b:da:ba:9f:58:51:69:39:92:39:4a:66:
                    52:4a:11:3c:e1:08:d2:bb:b8:5d:9b:cc:c7:78:f9:
                    ef:58:2a:a1:42:80:ea:10:82:8b:91:6e:c2:86:1b:
                    2e:88:41:cc:73:0f:76:f5:22:18:0b:34:c7:d6:bc:
                    91:50:84:94:71:11:35:c9:4e:e6:ff:83:d9:93:29:
                    61:ed:60:e1:c6:72:ec:84:60:16:d4:ee:cb:4f:b8:
                    44:2b:8b:e1:e9:dd:53:6b:6e:1d:e8:ef:41:68:bf:
                    cb:7f:6f:ff:2a:4a:33:35:ef:c5:2e:54:f8:d4:1b:
                    72:37:25:33:5d:b5:74:ca:93:84:9c:f7:5c:fb:94:
                    35:71:83:f0:81:47:ba:93:94:94:2f:30:d5:05:8e:
                    ff:c3:ad:19:9e:99:22:b4:68:8a:b6:d9:23:77:2b:
                    28:12:18:72:52:6a:18:12:a2:b9:bb:38:15:06:5c:
                    7f:8a:7c:25:38:84:8e:d3:61:f7:7d:d6:07:19:a7:
                    09:e3:7e:6f:b8:94:01:fc:31:57:24:55:c8:6b:9a:
                    99:1b:31:f7:61:34:ea:46:53:eb:ca:c8:76:09:92:
                    6a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:5D:D8:83:10:0F:56:8F:12:C1:8F:BE:0B:B5:81:5B:7E:43:AF:6A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nl3YgxAPVo8SwY--C7WBW35Dr2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f01:380::/42

    Signature Algorithm: sha256WithRSAEncryption
         1e:a1:ed:bf:e7:4e:0d:26:98:fa:f3:4a:93:b6:5c:0b:5b:01:
         32:b0:3d:65:ca:23:ad:db:0c:56:cc:81:44:78:7b:fa:e8:84:
         ad:9b:13:28:3c:51:42:70:b1:55:d9:de:1f:b3:67:fe:81:a6:
         35:ef:b9:a2:45:ca:31:f6:3e:ea:0b:e0:6c:46:e4:d1:8c:d8:
         bc:6a:2d:4d:39:62:38:e0:1f:c1:67:27:c7:f8:c5:1b:64:c7:
         40:84:a9:6d:28:a3:71:ac:7f:54:8f:f7:82:fe:f3:34:cd:c7:
         8e:f5:a4:19:24:7c:74:47:db:5c:4f:9f:9f:fe:6c:3c:20:2a:
         ee:e2:0c:90:ba:54:18:98:14:8f:e2:ec:a3:4c:36:78:04:eb:
         83:fb:36:77:72:ef:3c:ac:ca:58:22:d8:e1:a2:eb:df:bd:78:
         e1:73:6a:c4:e9:32:58:63:e7:55:cc:27:5a:66:05:7a:df:7c:
         2a:0e:27:4a:ed:a5:38:2a:7e:ad:73:04:8a:2c:a9:b6:e1:50:
         2d:3b:6d:5b:62:d4:6d:83:50:3f:1c:f5:1d:ad:86:b2:29:19:
         e4:1b:82:42:26:73:8b:a3:0a:c9:67:5c:35:07:a7:1e:0b:29:
         21:fe:c0:d3:bb:1d:b6:8d:5d:40:3d:2e:b7:fa:13:7a:97:a2:
         fa:26:72:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvMiIBbkFCkttUNR6Yt/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTVkZDg4MzEwMGY1NjhmMTJjMThmYmUwYmI1ODE1YjdlNDNhZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZm42B4cHDia5kBw4CV7X741vGqA
3w+1lTxWAK9t4ahb2rqfWFFpOZI5SmZSShE84QjSu7hdm8zHePnvWCqhQoDqEIKL
kW7ChhsuiEHMcw929SIYCzTH1ryRUISUcRE1yU7m/4PZkylh7WDhxnLshGAW1O7L
T7hEK4vh6d1Ta24d6O9BaL/Lf2//KkozNe/FLlT41BtyNyUzXbV0ypOEnPdc+5Q1
cYPwgUe6k5SULzDVBY7/w60ZnpkitGiKttkjdysoEhhyUmoYEqK5uzgVBlx/inwl
OISO02H3fdYHGacJ435vuJQB/DFXJFXIa5qZGzH3YTTqRlPrysh2CZJqowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ5d2IMQD1aPEsGPvgu1gVt+Q69qMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbmwzWWd4QVBWbzhTd1ktLUM3V0JXMzVEcjJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKhAvAQOA
MA0GCSqGSIb3DQEBCwUAA4IBAQAeoe2/504NJpj680qTtlwLWwEysD1lyiOt2wxW
zIFEeHv66IStmxMoPFFCcLFV2d4fs2f+gaY177miRcox9j7qC+BsRuTRjNi8ai1N
OWI44B/BZyfH+MUbZMdAhKltKKNxrH9Uj/eC/vM0zceO9aQZJHx0R9tcT5+f/mw8
ICru4gyQulQYmBSP4uyjTDZ4BOuD+zZ3cu88rMpYItjhouvfvXjhc2rE6TJYY+dV
zCdaZgV633wqDidK7aU4Kn6tcwSKLKm24VAtO21bYtRtg1A/HPUdrYayKRnkG4JC
JnOLowrJZ1w1B6ceCykh/sDTux22jV1APS63+hN6l6L6JnJc
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:24:31 2024 by rpki-client on console-fra.rpki-client.org