Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pRVnA6MEs6h-dV1_gSMi5PtqZyQ.roa
File:                     pRVnA6MEs6h-dV1_gSMi5PtqZyQ.roa (raw, json)
Hash identifier:          jb/aNdP7CQLwEhYyguSEg9YQphignjEHyfV5HIJfrew=
Subject key identifier:   A5:15:67:03:A3:04:B3:A8:7E:75:5D:7F:81:23:22:E4:FB:6A:67:24
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD42DDEB34FCB11092BDB8790942A1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pRVnA6MEs6h-dV1_gSMi5PtqZyQ.roa
Signing time:             Tue 02 Jan 2024 10:34:32 +0000
ROA not before:           Tue 02 Jan 2024 10:34:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212270
IP address blocks:        2a0e:b107:1210::/44 maxlen: 48
                          2a0e:b107:f50::/44 maxlen: 48
                          2a0e:b107:1510::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:42:dd:eb:34:fc:b1:10:92:bd:b8:79:09:42:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5156703a304b3a87e755d7f812322e4fb6a6724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:93:7c:eb:24:29:d0:0c:f6:e5:53:63:36:41:
                    05:08:e3:73:59:2a:f3:fb:19:38:88:8e:d6:87:5f:
                    0c:45:27:ae:9b:10:2a:8f:aa:59:26:4b:66:90:33:
                    f0:9e:34:75:1f:61:18:f6:e2:76:c6:d8:2f:02:c7:
                    2d:8d:00:46:e5:7f:ae:19:2d:50:d1:05:c7:56:35:
                    fb:63:7e:22:0e:53:cc:7f:06:f4:3d:71:24:c2:ad:
                    37:1f:90:28:9c:70:57:b8:25:a5:6d:3b:b4:f1:75:
                    de:bd:18:e3:58:2e:4f:07:d5:7b:7b:47:10:ca:d9:
                    8b:93:aa:66:b1:2e:79:d1:9c:25:34:14:d6:bc:d0:
                    a3:0e:45:ca:33:6e:8e:39:4f:88:e6:d0:82:3e:be:
                    66:ca:d9:f1:de:d3:41:fb:dc:29:6f:5d:fd:97:79:
                    a6:14:a3:05:e2:80:e2:c0:4b:f8:35:e4:45:1c:71:
                    c2:bc:66:d6:13:eb:2a:c5:76:1d:cd:a0:02:77:d5:
                    86:af:56:96:ab:43:e9:49:12:d3:5c:e4:7c:f4:38:
                    2d:18:f9:46:dd:a6:c4:d8:bc:14:42:f5:78:7c:22:
                    8b:28:35:86:d5:ab:f8:42:84:d0:7b:8f:92:57:e7:
                    1c:29:0b:17:a6:4b:80:05:a5:ad:2e:4b:da:d4:76:
                    11:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:15:67:03:A3:04:B3:A8:7E:75:5D:7F:81:23:22:E4:FB:6A:67:24
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pRVnA6MEs6h-dV1_gSMi5PtqZyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:f50::/44
                  2a0e:b107:1210::/44
                  2a0e:b107:1510::/44

    Signature Algorithm: sha256WithRSAEncryption
         6d:97:34:83:a5:43:81:ec:4a:6e:55:9d:2d:5d:e0:ec:65:98:
         12:b7:db:28:5d:26:6b:ed:96:45:a7:a9:85:f4:b1:81:2a:41:
         f2:9b:a6:a8:aa:70:88:ba:2f:30:3f:07:bb:d6:fc:a7:d8:13:
         19:1d:05:35:53:1f:2c:2e:37:bc:f0:83:61:cc:bc:9f:b0:d4:
         06:bf:34:9f:31:b4:86:be:2f:3e:7a:9f:15:f7:f0:55:98:5a:
         78:7c:87:8b:27:dc:76:ff:51:aa:90:0d:1c:03:86:6d:b9:df:
         86:37:94:d1:dd:0a:4c:6a:1c:c3:91:f4:e8:90:57:fd:3a:37:
         8c:97:f0:26:99:03:71:96:5b:61:59:6e:82:c3:93:92:25:bf:
         d6:44:d2:30:10:b8:85:e4:cc:53:4b:60:41:bb:cf:7b:70:38:
         e1:e6:08:d0:66:b2:aa:d2:48:8a:5a:8f:c1:4f:8d:9a:41:48:
         54:ed:2a:a5:26:39:c5:20:62:f9:56:9b:b5:0d:7a:06:22:8e:
         82:03:eb:fa:80:ab:6d:56:52:a2:36:a8:49:d9:c1:5f:27:b5:
         3d:9d:ee:86:14:86:92:9a:d3:6c:4e:bc:53:a8:c6:25:52:59:
         a8:36:4b:0e:e8:35:9c:1e:6e:30:26:59:1c:15:e2:87:94:db:
         83:14:f7:24
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvULd6zT8sRCSvbh5CUKhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTE1NjcwM2EzMDRiM2E4N2U3NTVkN2Y4MTIzMjJlNGZiNmE2NzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpN86yQp0Az25VNjNkEFCONzWSrz
+xk4iI7Wh18MRSeumxAqj6pZJktmkDPwnjR1H2EY9uJ2xtgvAsctjQBG5X+uGS1Q
0QXHVjX7Y34iDlPMfwb0PXEkwq03H5AonHBXuCWlbTu08XXevRjjWC5PB9V7e0cQ
ytmLk6pmsS550ZwlNBTWvNCjDkXKM26OOU+I5tCCPr5mytnx3tNB+9wpb139l3mm
FKMF4oDiwEv4NeRFHHHCvGbWE+sqxXYdzaACd9WGr1aWq0PpSRLTXOR89DgtGPlG
3abE2LwUQvV4fCKLKDWG1av4QoTQe4+SV+ccKQsXpkuABaWtLkva1HYRDwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKUVZwOjBLOofnVdf4EjIuT7amckMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcFJWbkE2TUVzNmgtZFYxX2dTTWk1UHRxWnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKg6xBw9Q
AwcEKg6xBxIQAwcEKg6xBxUQMA0GCSqGSIb3DQEBCwUAA4IBAQBtlzSDpUOB7Epu
VZ0tXeDsZZgSt9soXSZr7ZZFp6mF9LGBKkHym6aoqnCIui8wPwe71vyn2BMZHQU1
Ux8sLje88INhzLyfsNQGvzSfMbSGvi8+ep8V9/BVmFp4fIeLJ9x2/1GqkA0cA4Zt
ud+GN5TR3QpMahzDkfTokFf9OjeMl/AmmQNxllthWW6Cw5OSJb/WRNIwELiF5MxT
S2BBu897cDjh5gjQZrKq0kiKWo/BT42aQUhU7SqlJjnFIGL5Vpu1DXoGIo6CA+v6
gKttVlKiNqhJ2cFfJ7U9ne6GFIaSmtNsTrxTqMYlUlmoNksO6DWcHm4wJlkcFeKH
lNuDFPck
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:07:58 2024 by rpki-client on console-ams.rpki-client.org