Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rrFVwtdxatsjrxWAWDJKnKP9Xqw.roa
File:                     rrFVwtdxatsjrxWAWDJKnKP9Xqw.roa (raw, json)
Hash identifier:          nW4AjF0evaH9kSc0R7TlDFEP8p4LS+qCOYis/exJttY=
Subject key identifier:   AE:B1:55:C2:D7:71:6A:DB:23:AF:15:80:58:32:4A:9C:A3:FD:5E:AC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCDF8FBAF283C9695E70D41E141909
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rrFVwtdxatsjrxWAWDJKnKP9Xqw.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142130
IP address blocks:        2a0e:b107:1200::/48 maxlen: 48
                          2a0e:b107:1202::/48 maxlen: 48
                          2a0e:b107:120f::/48 maxlen: 48
                          2a0e:b107:1204::/48 maxlen: 48
                          2a0e:b107:1201::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:df:8f:ba:f2:83:c9:69:5e:70:d4:1e:14:19:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aeb155c2d7716adb23af158058324a9ca3fd5eac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b8:9e:34:e8:94:6b:e3:3e:ad:95:67:bd:5c:
                    51:6c:89:f5:2c:b9:6f:cd:74:45:b1:b0:82:b2:10:
                    48:37:a1:9d:36:4a:98:26:b6:80:4e:9c:d7:f9:e6:
                    27:20:3f:52:ea:90:50:95:63:fe:e9:b6:d4:b5:8e:
                    22:9e:33:e3:f5:7a:90:ed:a2:23:6b:25:93:76:5f:
                    0a:03:c8:62:9c:20:ee:a2:0c:c7:2e:bb:bb:e4:b6:
                    aa:d9:9f:d3:63:e2:35:e3:76:d3:07:4e:83:80:38:
                    56:18:21:1f:f4:41:f7:81:76:89:a2:80:db:ad:20:
                    d4:c1:6c:f4:69:d0:7b:1e:70:cc:ae:a5:d7:20:5f:
                    55:03:46:0f:27:3d:24:e0:84:18:05:ed:df:18:3e:
                    12:0d:0e:b2:ac:1a:f4:24:76:7d:df:f6:b7:08:67:
                    51:ea:4d:db:31:b3:5d:55:a6:59:45:74:f2:ca:61:
                    61:44:cb:1b:7d:6d:6b:82:11:b9:91:cc:3e:2d:7e:
                    c8:8a:8a:2d:9f:7c:c7:61:45:45:1a:3e:a2:1a:c6:
                    15:e2:29:ea:41:4f:8d:2a:be:5c:b9:5e:b8:e0:8a:
                    81:13:45:2c:f7:f2:c0:99:c0:08:98:ed:c0:cd:ec:
                    0d:8a:ee:ec:86:15:8a:67:a0:5e:ad:39:5c:58:de:
                    3a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B1:55:C2:D7:71:6A:DB:23:AF:15:80:58:32:4A:9C:A3:FD:5E:AC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rrFVwtdxatsjrxWAWDJKnKP9Xqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1200::-2a0e:b107:1202:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:1204::/48
                  2a0e:b107:120f::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:fa:ab:20:3b:c2:c1:26:25:a1:51:eb:42:06:24:5b:79:bd:
         ea:c5:c4:8b:6b:52:4c:b6:65:63:b0:00:3c:54:3f:d8:c7:81:
         f8:f8:9e:ab:84:01:1b:79:87:c4:3c:c8:81:b8:ac:cd:ce:bc:
         39:cb:2b:4e:2e:3b:29:24:ee:97:b9:d8:30:c4:39:34:ed:90:
         66:d6:3d:84:24:75:ab:f5:af:3b:b1:c9:f7:bb:af:4d:f6:88:
         fc:3c:ab:78:a4:ba:c1:df:cc:ae:9a:82:ce:44:3e:12:40:8f:
         f0:56:cb:89:27:0a:94:cb:58:61:0b:ad:b4:de:2d:3a:6b:15:
         21:04:1f:32:58:5a:df:f5:91:5c:de:26:9b:0b:c7:c4:01:53:
         2d:a0:14:0d:3b:0f:fb:e6:53:0c:ca:2b:55:0e:9e:a4:ee:33:
         5f:d8:1d:7d:61:55:ed:2d:b9:2a:95:1a:27:de:f2:16:a5:f9:
         b0:01:d5:6f:79:c2:b7:d5:d2:ff:7e:d7:ca:25:c4:7d:9c:58:
         5e:e8:4d:0a:3f:c6:d4:47:80:16:2e:76:e3:6b:04:1b:2f:35:
         4a:1d:8a:df:a2:d7:de:3a:3a:4d:d4:6a:07:d0:85:e4:80:63:
         8b:71:b6:06:09:38:f0:29:b8:0e:6c:1d:08:82:5c:de:dc:83:
         a0:17:4f:1d
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYzJvN+PuvKDyWlecNQeFBkJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWIxNTVjMmQ3NzE2YWRiMjNhZjE1ODA1ODMyNGE5Y2EzZmQ1ZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLieNOiUa+M+rZVnvVxRbIn1LLlv
zXRFsbCCshBIN6GdNkqYJraATpzX+eYnID9S6pBQlWP+6bbUtY4injPj9XqQ7aIj
ayWTdl8KA8hinCDuogzHLru75Laq2Z/TY+I143bTB06DgDhWGCEf9EH3gXaJooDb
rSDUwWz0adB7HnDMrqXXIF9VA0YPJz0k4IQYBe3fGD4SDQ6yrBr0JHZ93/a3CGdR
6k3bMbNdVaZZRXTyymFhRMsbfW1rghG5kcw+LX7Iiootn3zHYUVFGj6iGsYV4inq
QU+NKr5cuV644IqBE0Us9/LAmcAImO3AzewNiu7shhWKZ6BerTlcWN46FwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFK6xVcLXcWrbI68VgFgySpyj/V6sMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcnJGVnd0ZHhhdHNqcnhXQVdESktuS1A5WHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAAjAlMBEDBgEqDrEH
EgMHACoOsQcSAgMHACoOsQcSBAMHACoOsQcSDzANBgkqhkiG9w0BAQsFAAOCAQEA
sPqrIDvCwSYloVHrQgYkW3m96sXEi2tSTLZlY7AAPFQ/2MeB+Pieq4QBG3mHxDzI
gbiszc68OcsrTi47KSTul7nYMMQ5NO2QZtY9hCR1q/WvO7HJ97uvTfaI/DyreKS6
wd/MrpqCzkQ+EkCP8FbLiScKlMtYYQuttN4tOmsVIQQfMlha3/WRXN4mmwvHxAFT
LaAUDTsP++ZTDMorVQ6epO4zX9gdfWFV7S25KpUaJ97yFqX5sAHVb3nCt9XS/37X
yiXEfZxYXuhNCj/G1EeAFi5242sEGy81Sh2K36LX3jo6TdRqB9CF5IBji3G2Bgk4
8Cm4DmwdCIJc3tyDoBdPHQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:07:58 2024 by rpki-client on console-ams.rpki-client.org