Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/QmVtKZxOo1TE8m8xA-vqexfIYVY.roa
File:                     QmVtKZxOo1TE8m8xA-vqexfIYVY.roa (raw, json)
Hash identifier:          FPYDFq0SZXw+eOAjegbyLJfIgDNFouu/LDqQnIE8y/k=
Subject key identifier:   42:65:6D:29:9C:4E:A3:54:C4:F2:6F:31:03:EB:EA:7B:17:C8:61:56
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       018E49321EC0107CBBC6AA3CFB1E2370F985
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/QmVtKZxOo1TE8m8xA-vqexfIYVY.roa
Signing time:             Sat 16 Mar 2024 21:36:45 +0000
ROA not before:           Sat 16 Mar 2024 21:36:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12676
IP address blocks:        2a0d:2146:8660::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:49:32:1e:c0:10:7c:bb:c6:aa:3c:fb:1e:23:70:f9:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Mar 16 21:36:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42656d299c4ea354c4f26f3103ebea7b17c86156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ad:cd:d7:51:2b:32:2a:d0:7a:44:9c:23:0d:
                    86:96:61:7f:aa:8e:5d:a6:e7:41:40:52:8b:53:16:
                    43:fd:2d:a5:d8:67:25:b3:2d:64:0f:fb:42:ed:1e:
                    f6:31:9b:1c:a5:f5:37:ed:e5:61:fe:44:de:4b:88:
                    ae:56:83:2f:50:7f:17:80:99:5b:d9:2d:c2:b7:40:
                    47:37:4b:a7:07:ae:ee:65:9c:21:0e:fd:2a:5f:20:
                    29:50:86:69:b9:5e:99:47:eb:16:ff:95:a1:ad:e1:
                    ad:c5:f2:ab:c3:eb:ae:a5:10:44:a2:44:1b:30:cc:
                    16:bd:ee:7d:03:61:10:a4:a6:23:c9:b8:f6:0e:27:
                    fc:85:df:28:cb:13:96:07:ec:39:18:e9:d8:1d:76:
                    a9:85:fa:0a:0b:da:a8:bc:e4:06:07:a8:79:d7:66:
                    98:ed:0a:a5:45:5f:1a:ca:62:2c:02:df:67:1c:a8:
                    38:6e:44:87:f8:94:c3:3a:94:33:3b:62:0b:46:0d:
                    4e:7a:48:16:d4:cf:3d:c1:d4:21:0f:4f:93:c0:c9:
                    76:a9:8c:27:84:b7:2f:3d:f5:69:cb:13:bd:ef:c7:
                    b4:17:c8:d4:26:d9:fe:4c:ac:d9:dc:f0:d9:6e:8a:
                    2e:14:f1:fb:12:d5:f8:97:bb:09:4a:b2:10:4d:b6:
                    be:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:65:6D:29:9C:4E:A3:54:C4:F2:6F:31:03:EB:EA:7B:17:C8:61:56
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/QmVtKZxOo1TE8m8xA-vqexfIYVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2146:8660::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:fb:67:4a:36:2a:39:76:ac:bd:ce:c4:c4:c9:7b:1f:09:71:
         3e:e4:93:3a:a8:1d:02:66:ec:ac:c7:b9:ab:e9:b7:15:04:70:
         dd:f3:10:92:9b:10:3f:dd:ae:02:f7:42:59:ff:ba:ee:72:29:
         0a:2e:7e:fd:c2:11:b4:8b:bb:1c:f0:5a:ed:15:c1:9d:f2:8e:
         08:98:ba:ce:ae:1e:f6:16:10:e2:8c:8e:e5:d2:89:48:78:d6:
         6c:d9:2b:29:60:b0:a7:67:76:ea:eb:df:40:d0:a7:c4:92:93:
         f5:e6:6d:25:1a:b0:5f:64:cb:bc:e3:73:03:d0:6c:e5:a6:a8:
         9a:85:0b:64:f5:6d:ee:f6:2e:28:7a:1d:75:e6:9a:04:4e:27:
         a7:02:c4:76:b1:88:de:c5:27:31:99:2c:f6:d2:46:1e:31:50:
         14:6e:47:fc:69:09:d6:86:00:27:1e:e6:7f:a6:dc:a0:e5:fc:
         21:6b:28:49:ca:60:93:a2:5c:fb:31:a9:ff:ef:f7:ef:9e:55:
         5a:0d:c6:b2:ed:7a:89:70:db:76:04:d6:38:c1:10:c6:88:ba:
         39:5e:7b:9f:c9:37:f4:83:58:2a:a6:f9:01:b5:04:a0:62:23:
         f4:ad:23:92:25:2d:29:69:3d:4c:5d:35:d4:7d:3c:48:d9:bb:
         cd:41:80:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5JMh7AEHy7xqo8+x4jcPmFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjQwMzE2MjEzNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY1NmQyOTljNGVhMzU0YzRmMjZmMzEwM2ViZWE3YjE3Yzg2MTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq63N11ErMirQekScIw2GlmF/qo5d
pudBQFKLUxZD/S2l2Gclsy1kD/tC7R72MZscpfU37eVh/kTeS4iuVoMvUH8XgJlb
2S3Ct0BHN0unB67uZZwhDv0qXyApUIZpuV6ZR+sW/5WhreGtxfKrw+uupRBEokQb
MMwWve59A2EQpKYjybj2Dif8hd8oyxOWB+w5GOnYHXaphfoKC9qovOQGB6h512aY
7QqlRV8aymIsAt9nHKg4bkSH+JTDOpQzO2ILRg1OekgW1M89wdQhD0+TwMl2qYwn
hLcvPfVpyxO978e0F8jUJtn+TKzZ3PDZboouFPH7EtX4l7sJSrIQTba+LQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEJlbSmcTqNUxPJvMQPr6nsXyGFWMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvUW1WdEtaeE9vMVRFOG04eEEtdnFleGZJWVZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0hRoZg
MA0GCSqGSIb3DQEBCwUAA4IBAQAE+2dKNio5dqy9zsTEyXsfCXE+5JM6qB0CZuys
x7mr6bcVBHDd8xCSmxA/3a4C90JZ/7rucikKLn79whG0i7sc8FrtFcGd8o4ImLrO
rh72FhDijI7l0olIeNZs2SspYLCnZ3bq699A0KfEkpP15m0lGrBfZMu843MD0Gzl
pqiahQtk9W3u9i4oeh115poETienAsR2sYjexScxmSz20kYeMVAUbkf8aQnWhgAn
HuZ/ptyg5fwhayhJymCTolz7Man/7/fvnlVaDcay7XqJcNt2BNY4wRDGiLo5Xnuf
yTf0g1gqpvkBtQSgYiP0rSOSJS0paT1MXTXUfTxI2bvNQYCR
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:13:38 2024 by rpki-client on console-fra.rpki-client.org