Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/1-qFtdFsBwAoBKYxEd0ZhBY_IWbE.roa
File:                     1-qFtdFsBwAoBKYxEd0ZhBY_IWbE.roa (raw, json)
Hash identifier:          Rlz2PKCDq3oaWtU3rzKqxM1ZQL5ii0pbdkw87+D3Hx4=
Subject key identifier:   FA:A1:6D:74:5B:01:C0:0A:01:29:8C:44:77:46:61:05:8F:C8:59:B1
Certificate issuer:       /CN=f8203a0c04b81fe1766fa41bd31b73b588188ac7
Certificate serial:       018CCA2A36ADCE47E3D935994EB995E74C58
Authority key identifier: F8:20:3A:0C:04:B8:1F:E1:76:6F:A4:1B:D3:1B:73:B5:88:18:8A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-CA6DAS4H-F2b6Qb0xtztYgYisc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/1-qFtdFsBwAoBKYxEd0ZhBY_IWbE.roa
Signing time:             Tue 02 Jan 2024 12:33:33 +0000
ROA not before:           Tue 02 Jan 2024 12:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57621
IP address blocks:        2a05:100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/1-CA6DAS4H-F2b6Qb0xtztYgYisc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/1-CA6DAS4H-F2b6Qb0xtztYgYisc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-CA6DAS4H-F2b6Qb0xtztYgYisc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:36:ad:ce:47:e3:d9:35:99:4e:b9:95:e7:4c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8203a0c04b81fe1766fa41bd31b73b588188ac7
        Validity
            Not Before: Jan  2 12:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faa16d745b01c00a01298c44774661058fc859b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:71:fe:ed:c2:7c:95:e9:f3:8e:25:43:49:8a:
                    43:9d:6a:fd:05:a1:7c:62:37:1c:23:ea:e0:bb:b8:
                    3b:b1:fa:b6:f1:9e:e3:84:0c:e7:fe:28:8b:8d:a1:
                    20:15:6b:d0:63:2e:03:ef:f3:3d:24:f2:c4:eb:e7:
                    d5:ea:a4:d1:9b:25:86:60:c0:7d:22:6d:5b:fe:8b:
                    d2:f9:29:8e:a9:14:c8:f6:b1:41:ff:06:a8:c5:b4:
                    1e:bb:a2:38:f0:fe:2d:f8:7d:92:6a:5f:98:c6:1d:
                    74:69:bf:b2:81:92:17:a9:05:92:42:1a:3b:52:2a:
                    49:52:0f:66:3d:36:84:14:eb:eb:ab:e8:0b:d7:b0:
                    73:11:3d:38:67:42:bf:dc:e8:3d:f3:e0:8c:2c:12:
                    1c:a4:0d:67:eb:43:2b:22:8f:8e:6d:2c:c2:41:39:
                    c4:7b:34:b9:71:d7:39:81:04:d1:e1:6a:1a:72:df:
                    c9:7e:1e:f7:7d:22:34:34:62:e2:29:52:99:13:d6:
                    32:e0:b9:75:fd:60:1b:7a:c5:0c:89:e4:6b:f1:2e:
                    d3:99:fc:7d:2e:d5:9c:bb:82:96:85:ed:08:f1:59:
                    8e:e3:b5:31:9b:05:b9:a4:bd:15:0e:24:7b:e0:38:
                    07:58:ae:4f:06:e8:4b:af:a3:fd:45:e7:fe:7a:21:
                    a6:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:A1:6D:74:5B:01:C0:0A:01:29:8C:44:77:46:61:05:8F:C8:59:B1
            X509v3 Authority Key Identifier:
                keyid:F8:20:3A:0C:04:B8:1F:E1:76:6F:A4:1B:D3:1B:73:B5:88:18:8A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-CA6DAS4H-F2b6Qb0xtztYgYisc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/1-qFtdFsBwAoBKYxEd0ZhBY_IWbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e14ca3-da8e-4b58-863a-3389620c1bd7/1/1-CA6DAS4H-F2b6Qb0xtztYgYisc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:100::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:04:f0:3c:d4:ea:c7:76:bd:67:4a:80:3f:55:61:a4:25:79:
         1b:57:08:b8:1f:81:2c:fd:c9:b0:6d:c9:ae:e3:9b:b8:4f:f4:
         8e:d4:b5:aa:fc:f5:34:e7:8e:15:d6:8c:5f:4d:98:5f:32:17:
         fe:1e:03:55:59:14:9d:8c:95:7e:45:a3:64:27:a2:c9:cb:02:
         e8:8a:89:b6:94:8e:d8:81:f9:b9:59:f2:d5:80:94:61:b3:4f:
         43:bf:f1:f3:91:0e:87:11:1e:4e:ac:cc:25:7e:d9:3c:92:c2:
         a1:71:15:1d:a2:c1:07:9f:dd:24:70:ff:e2:df:c8:ab:6e:63:
         fb:cc:6d:46:c0:f2:c1:a9:a2:c5:77:df:13:fc:c8:19:1c:10:
         81:bd:99:25:63:e9:3b:10:3f:ae:af:20:6a:be:a6:8d:b2:ae:
         2a:f9:f2:8b:64:b7:83:ab:1d:41:59:1b:6c:f3:f5:43:07:94:
         31:98:f5:da:25:89:6e:f5:57:83:7a:90:bb:87:87:68:c4:92:
         80:f4:48:70:f6:90:45:0f:ca:7d:a5:61:71:ed:18:e0:73:91:
         fc:de:ae:3f:a2:78:00:6a:cc:33:76:4b:d4:32:ab:bb:b1:97:
         d7:2b:c1:02:93:a0:b6:9f:e4:69:06:41:d5:bd:9a:e2:8c:d4:
         e4:25:00:05
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzKKjatzkfj2TWZTrmV50xYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjAzYTBjMDRiODFmZTE3NjZmYTQxYmQzMWI3M2I1ODgx
ODhhYzcwHhcNMjQwMTAyMTIzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWExNmQ3NDViMDFjMDBhMDEyOThjNDQ3NzQ2NjEwNThmYzg1OWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonH+7cJ8lenzjiVDSYpDnWr9BaF8
YjccI+rgu7g7sfq28Z7jhAzn/iiLjaEgFWvQYy4D7/M9JPLE6+fV6qTRmyWGYMB9
Im1b/ovS+SmOqRTI9rFB/waoxbQeu6I48P4t+H2Sal+Yxh10ab+ygZIXqQWSQho7
UipJUg9mPTaEFOvrq+gL17BzET04Z0K/3Og98+CMLBIcpA1n60MrIo+ObSzCQTnE
ezS5cdc5gQTR4Woact/Jfh73fSI0NGLiKVKZE9Yy4Ll1/WAbesUMieRr8S7Tmfx9
LtWcu4KWhe0I8VmO47UxmwW5pL0VDiR74DgHWK5PBuhLr6P9Ref+eiGmFQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPqhbXRbAcAKASmMRHdGYQWPyFmxMB8GA1UdIwQY
MBaAFPggOgwEuB/hdm+kG9Mbc7WIGIrHMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DQTZEQVM0SC1GMmI2UWIweHR6dFlnWWlzYy5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIvZTE0Y2EzLWRhOGUtNGI1OC04NjNh
LTMzODk2MjBjMWJkNy8xLzEtcUZ0ZEZzQndBb0JLWXhFZDBaaEJZX0lXYkUucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxULzViL2UxNGNhMy1kYThlLTRiNTgtODYzYS0zMzg5NjIwYzFi
ZDcvMS8xLUNBNkRBUzRILUYyYjZRYjB4dHp0WWdZaXNjLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgUB
ADANBgkqhkiG9w0BAQsFAAOCAQEApQTwPNTqx3a9Z0qAP1VhpCV5G1cIuB+BLP3J
sG3JruObuE/0jtS1qvz1NOeOFdaMX02YXzIX/h4DVVkUnYyVfkWjZCeiycsC6IqJ
tpSO2IH5uVny1YCUYbNPQ7/x85EOhxEeTqzMJX7ZPJLCoXEVHaLBB5/dJHD/4t/I
q25j+8xtRsDywamixXffE/zIGRwQgb2ZJWPpOxA/rq8gar6mjbKuKvnyi2S3g6sd
QVkbbPP1QweUMZj12iWJbvVXg3qQu4eHaMSSgPRIcPaQRQ/KfaVhce0Y4HOR/N6u
P6J4AGrMM3ZL1DKru7GX1yvBApOgtp/kaQZB1b2a4ozU5CUABQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:40:55 2024 by rpki-client on console-ams.rpki-client.org