Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/1e9d04-d94f-4f13-be3c-10f34f558363/1/Lj8FrQTEyskp5C0NaHAX89WitBY.roa
File:                     Lj8FrQTEyskp5C0NaHAX89WitBY.roa (raw, json)
Hash identifier:          0VvKQF3305WcNMSW50KiCBKErdX6PqYUjnlj691RARg=
Subject key identifier:   2E:3F:05:AD:04:C4:CA:C9:29:E4:2D:0D:68:70:17:F3:D5:A2:B4:16
Certificate issuer:       /CN=91dd0e48d9011adf376665ad4d62cf31ce63058c
Certificate serial:       018CC26D2AE6EA6DC3C400691A5622E2F5F0
Authority key identifier: 91:DD:0E:48:D9:01:1A:DF:37:66:65:AD:4D:62:CF:31:CE:63:05:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kd0OSNkBGt83ZmWtTWLPMc5jBYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/1e9d04-d94f-4f13-be3c-10f34f558363/1/Lj8FrQTEyskp5C0NaHAX89WitBY.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208046
IP address blocks:        2001:67c:9b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/1e9d04-d94f-4f13-be3c-10f34f558363/1/kd0OSNkBGt83ZmWtTWLPMc5jBYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/1e9d04-d94f-4f13-be3c-10f34f558363/1/kd0OSNkBGt83ZmWtTWLPMc5jBYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kd0OSNkBGt83ZmWtTWLPMc5jBYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2a:e6:ea:6d:c3:c4:00:69:1a:56:22:e2:f5:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91dd0e48d9011adf376665ad4d62cf31ce63058c
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e3f05ad04c4cac929e42d0d687017f3d5a2b416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c6:23:c5:63:75:be:74:80:13:c2:7a:3a:f2:
                    8a:ce:5f:dd:9c:ef:aa:d9:af:95:4b:be:df:16:c9:
                    a8:eb:15:b0:6b:5c:01:65:ee:61:0c:48:b5:6a:7c:
                    a9:08:e8:5e:69:93:6c:54:cc:6b:a4:29:7f:49:8a:
                    d9:7e:bd:3c:a8:15:7a:7c:fe:e8:4f:e1:4b:27:6b:
                    69:57:78:30:35:68:a6:ac:55:1b:bc:7d:72:9f:52:
                    c9:86:7f:bc:66:c7:32:96:3d:7d:6c:73:2c:be:a5:
                    53:c1:6f:e1:26:3a:2a:af:38:1a:70:8b:80:7f:87:
                    ce:12:d8:7b:86:a1:93:da:c9:12:07:d4:ff:b1:f9:
                    72:ee:27:98:c9:a3:f6:7c:59:01:9f:e7:3e:cb:af:
                    9a:c8:d7:bf:8e:ba:75:fd:1c:e4:2a:8b:5c:b8:d5:
                    bf:88:d0:12:64:da:7c:b8:1c:66:aa:66:a3:41:5b:
                    53:8c:d0:fb:3c:89:27:96:68:7d:6e:ed:7f:0b:31:
                    90:0a:f7:83:68:09:70:5f:68:15:37:34:f7:41:b7:
                    f5:08:6d:db:49:dd:e2:7b:55:7f:02:e5:35:f9:b9:
                    b6:bd:b9:87:e2:71:12:bb:2d:ea:e9:12:67:e0:5d:
                    10:0d:01:c3:f7:11:9c:8d:03:c4:64:d8:c3:8a:6e:
                    a1:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:3F:05:AD:04:C4:CA:C9:29:E4:2D:0D:68:70:17:F3:D5:A2:B4:16
            X509v3 Authority Key Identifier:
                keyid:91:DD:0E:48:D9:01:1A:DF:37:66:65:AD:4D:62:CF:31:CE:63:05:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kd0OSNkBGt83ZmWtTWLPMc5jBYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/1e9d04-d94f-4f13-be3c-10f34f558363/1/Lj8FrQTEyskp5C0NaHAX89WitBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/1e9d04-d94f-4f13-be3c-10f34f558363/1/kd0OSNkBGt83ZmWtTWLPMc5jBYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:9b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:0f:10:56:45:22:08:3a:41:f0:de:87:ac:b1:bc:e9:7a:87:
         d2:84:8c:0b:b4:50:0c:ab:1b:50:68:81:79:21:58:37:bf:51:
         c1:45:9f:fc:91:91:03:8b:20:50:61:8c:51:ff:88:1a:30:bc:
         86:79:66:83:19:81:cb:2f:79:10:4e:ff:6b:5b:de:ca:63:f3:
         c0:c6:f7:15:f5:b3:10:99:0d:e9:9e:63:25:4d:c8:d4:93:75:
         72:f8:72:aa:d6:99:9a:fb:3d:53:91:77:b9:3b:44:20:3a:ec:
         13:60:f4:c4:07:13:6e:49:dc:6d:c3:8c:8a:f2:dc:dd:1a:25:
         81:2c:d9:ec:ff:1b:05:9f:a2:a9:21:e0:2e:c7:f8:ed:5c:fa:
         ae:6a:98:43:32:79:33:0f:08:b2:30:9b:d2:dd:e3:44:c0:46:
         fa:c3:20:8f:17:85:a7:71:13:8d:e7:3e:89:38:65:e7:19:ae:
         38:f1:b7:12:97:a8:55:b8:99:85:c6:2a:45:2c:89:7b:09:c5:
         cd:f6:34:b9:49:7b:11:c0:f3:96:fd:d1:1c:60:28:3a:a7:fe:
         1f:98:82:52:f6:f2:9c:cf:88:a7:2a:83:98:ef:ae:19:f9:4b:
         e5:16:79:d3:68:8d:dc:95:02:ff:61:f2:8d:0d:fe:ef:63:6c:
         c3:50:07:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSrm6m3DxABpGlYi4vXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZGQwZTQ4ZDkwMTFhZGYzNzY2NjVhZDRkNjJjZjMxY2U2
MzA1OGMwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTNmMDVhZDA0YzRjYWM5MjllNDJkMGQ2ODcwMTdmM2Q1YTJiNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicYjxWN1vnSAE8J6OvKKzl/dnO+q
2a+VS77fFsmo6xWwa1wBZe5hDEi1anypCOheaZNsVMxrpCl/SYrZfr08qBV6fP7o
T+FLJ2tpV3gwNWimrFUbvH1yn1LJhn+8Zscylj19bHMsvqVTwW/hJjoqrzgacIuA
f4fOEth7hqGT2skSB9T/sfly7ieYyaP2fFkBn+c+y6+ayNe/jrp1/RzkKotcuNW/
iNASZNp8uBxmqmajQVtTjND7PIknlmh9bu1/CzGQCveDaAlwX2gVNzT3Qbf1CG3b
Sd3ie1V/AuU1+bm2vbmH4nESuy3q6RJn4F0QDQHD9xGcjQPEZNjDim6hFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC4/Ba0ExMrJKeQtDWhwF/PVorQWMB8GA1UdIwQY
MBaAFJHdDkjZARrfN2ZlrU1izzHOYwWMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2QwT1NOa0JHdDgzWm1XdFRXTFBNYzVqQll3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8xZTlkMDQtZDk0Zi00ZjEzLWJlM2Mt
MTBmMzRmNTU4MzYzLzEvTGo4RnJRVEV5c2twNUMwTmFIQVg4OVdpdEJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8xZTlkMDQtZDk0Zi00ZjEzLWJlM2MtMTBmMzRmNTU4MzYz
LzEva2QwT1NOa0JHdDgzWm1XdFRXTFBNYzVqQll3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAmw
MA0GCSqGSIb3DQEBCwUAA4IBAQAEDxBWRSIIOkHw3oessbzpeofShIwLtFAMqxtQ
aIF5IVg3v1HBRZ/8kZEDiyBQYYxR/4gaMLyGeWaDGYHLL3kQTv9rW97KY/PAxvcV
9bMQmQ3pnmMlTcjUk3Vy+HKq1pma+z1TkXe5O0QgOuwTYPTEBxNuSdxtw4yK8tzd
GiWBLNns/xsFn6KpIeAux/jtXPquaphDMnkzDwiyMJvS3eNEwEb6wyCPF4WncRON
5z6JOGXnGa448bcSl6hVuJmFxipFLIl7CcXN9jS5SXsRwPOW/dEcYCg6p/4fmIJS
9vKcz4inKoOY764Z+UvlFnnTaI3clQL/YfKNDf7vY2zDUAdA
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:25:20 2024 by rpki-client on console-ams.rpki-client.org