Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/6pFJ0YTn0Ro2vn5zKkTtpvWZfak.roa
File:                     6pFJ0YTn0Ro2vn5zKkTtpvWZfak.roa (raw, json)
Hash identifier:          h6gmrplh/XlTgHlg5smYfAk7KrgoT6a27Urbr3RIX/8=
Subject key identifier:   EA:91:49:D1:84:E7:D1:1A:36:BE:7E:73:2A:44:ED:A6:F5:99:7D:A9
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       018CC64B4940487D7EA0AD493E5646A71BCE
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/6pFJ0YTn0Ro2vn5zKkTtpvWZfak.roa
Signing time:             Mon 01 Jan 2024 18:31:11 +0000
ROA not before:           Mon 01 Jan 2024 18:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.63.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:49:40:48:7d:7e:a0:ad:49:3e:56:46:a7:1b:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  1 18:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea9149d184e7d11a36be7e732a44eda6f5997da9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:38:d6:ec:c6:b8:1b:1a:df:98:69:52:aa:7a:
                    cf:99:2b:34:c3:1d:9f:b2:85:bb:5a:2d:8b:ae:3f:
                    1f:ad:33:4f:ab:6c:79:32:ee:97:b9:cd:0f:6e:e2:
                    49:3d:1a:3c:4b:56:d6:86:2d:b9:68:28:0c:a9:3e:
                    67:7c:a1:0c:57:03:cf:d4:ee:6e:20:f2:2d:11:b1:
                    a6:cb:6b:0c:a2:a0:86:b7:72:3c:22:66:2e:d0:38:
                    c3:40:78:a6:89:4f:5c:38:f4:e0:b2:99:34:e3:0f:
                    00:47:ee:d4:fc:f0:5a:f2:0c:b2:b9:7c:31:da:18:
                    27:33:6b:da:4d:be:03:ee:88:ec:e3:c6:f3:84:ee:
                    63:7b:0c:b5:4c:4b:47:3d:94:69:bf:ce:90:04:6a:
                    a8:3f:fe:21:86:c2:02:71:cc:c7:96:70:0a:b7:c0:
                    e3:44:69:bb:39:58:22:5c:71:9f:47:82:80:6a:e5:
                    76:72:94:6b:44:da:69:bf:74:14:7e:f7:d2:71:20:
                    03:16:8e:8d:a7:1b:91:9e:ba:fe:e1:c6:a0:89:1b:
                    24:cb:dd:59:1a:7f:e8:7e:cb:f9:dc:1f:dc:17:fb:
                    b5:81:bc:64:68:df:9b:45:2d:2f:44:0e:4b:28:64:
                    4a:f6:44:cc:2c:8c:07:ce:54:ed:0e:3a:26:72:74:
                    20:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:91:49:D1:84:E7:D1:1A:36:BE:7E:73:2A:44:ED:A6:F5:99:7D:A9
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/6pFJ0YTn0Ro2vn5zKkTtpvWZfak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.63.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a8:49:48:0d:44:d8:b6:04:1d:27:ef:10:f5:6b:9b:3e:ae:59:
         d1:ff:a7:cd:9b:b7:75:8e:b0:2f:ab:ad:b8:dc:9a:85:4c:34:
         3e:c2:f1:23:08:5b:d1:31:72:1a:7a:8d:99:00:71:d0:ce:25:
         66:eb:66:7a:f9:dc:59:05:79:27:58:6b:d2:0f:1f:bd:2a:17:
         da:1b:63:72:8a:96:44:01:72:8e:a0:ea:a6:f4:41:ba:5a:60:
         6d:5a:9c:bf:dd:1b:76:cb:94:40:d8:b6:83:54:58:75:19:ad:
         35:5f:dc:74:6f:4f:5d:35:79:46:0a:a5:75:48:f4:12:85:5d:
         d9:11:09:d5:29:d0:bf:18:17:57:34:89:5a:69:66:f0:f0:e1:
         91:18:b1:af:5c:fd:09:31:b9:4c:b1:99:e0:63:0b:2a:55:7c:
         29:2a:17:4e:9e:d3:2b:ce:71:d3:44:b5:62:e4:aa:43:c5:b3:
         82:2c:8a:67:52:ca:43:32:bb:77:c6:14:78:fd:c5:6c:78:af:
         c8:d0:33:84:bf:5d:92:95:80:54:32:8e:9a:2c:d1:65:45:05:
         96:e8:0e:0b:65:e4:67:05:ab:de:18:77:38:53:81:e2:2f:8e:
         d4:f6:b9:d8:2c:f0:55:4c:5a:87:0b:a9:38:3a:03:c8:11:b8:
         52:08:e2:e0
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGS0lASH1+oK1JPlZGpxvOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjQwMTAxMTgzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTkxNDlkMTg0ZTdkMTFhMzZiZTdlNzMyYTQ0ZWRhNmY1OTk3ZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizjW7Ma4GxrfmGlSqnrPmSs0wx2f
soW7Wi2Lrj8frTNPq2x5Mu6Xuc0PbuJJPRo8S1bWhi25aCgMqT5nfKEMVwPP1O5u
IPItEbGmy2sMoqCGt3I8ImYu0DjDQHimiU9cOPTgspk04w8AR+7U/PBa8gyyuXwx
2hgnM2vaTb4D7ojs48bzhO5jewy1TEtHPZRpv86QBGqoP/4hhsICcczHlnAKt8Dj
RGm7OVgiXHGfR4KAauV2cpRrRNppv3QUfvfScSADFo6NpxuRnrr+4cagiRsky91Z
Gn/ofsv53B/cF/u1gbxkaN+bRS0vRA5LKGRK9kTMLIwHzlTtDjomcnQg9wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFOqRSdGE59EaNr5+cypE7ab1mX2pMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvNnBGSjBZVG4wUm8ydm41ektrVHRwdldaZmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjT8wDQYJ
KoZIhvcNAQELBQADggEBAKhJSA1E2LYEHSfvEPVrmz6uWdH/p82bt3WOsC+rrbjc
moVMND7C8SMIW9Exchp6jZkAcdDOJWbrZnr53FkFeSdYa9IPH70qF9obY3KKlkQB
co6g6qb0QbpaYG1anL/dG3bLlEDYtoNUWHUZrTVf3HRvT101eUYKpXVI9BKFXdkR
CdUp0L8YF1c0iVppZvDw4ZEYsa9c/QkxuUyxmeBjCypVfCkqF06e0yvOcdNEtWLk
qkPFs4IsimdSykMyu3fGFHj9xWx4r8jQM4S/XZKVgFQyjpos0WVFBZboDgtl5GcF
q94YdzhTgeIvjtT2udgs8FVMWocLqTg6A8gRuFII4uA=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:07:32 2024 by rpki-client on console-ams.rpki-client.org