Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/J1kFIiq0kqfgKh2Y8cf9Ru_vR1M.roa
File:                     J1kFIiq0kqfgKh2Y8cf9Ru_vR1M.roa (raw, json)
Hash identifier:          s8/4S6frVwd48pOV9mz4LYTZ3oP05UkLdfAmbnCM66Q=
Subject key identifier:   27:59:05:22:2A:B4:92:A7:E0:2A:1D:98:F1:C7:FD:46:EF:EF:47:53
Certificate issuer:       /CN=006b06b5d0ff1000e10c4276eea0880af209d7a2
Certificate serial:       018CC2DB1F1373CD754A8CA7FE17619FEC0C
Authority key identifier: 00:6B:06:B5:D0:FF:10:00:E1:0C:42:76:EE:A0:88:0A:F2:09:D7:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/J1kFIiq0kqfgKh2Y8cf9Ru_vR1M.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a04:1f42::/32 maxlen: 48
                          2a04:1f41::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1f:13:73:cd:75:4a:8c:a7:fe:17:61:9f:ec:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=006b06b5d0ff1000e10c4276eea0880af209d7a2
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=275905222ab492a7e02a1d98f1c7fd46efef4753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:5d:7b:c4:77:90:a5:59:bb:15:96:ae:db:31:
                    cd:58:db:02:e8:49:93:2e:30:98:39:8b:0c:78:27:
                    9a:df:e9:e0:a8:c9:58:1d:fd:06:e9:c5:db:e7:3b:
                    07:53:67:d8:f4:25:8d:56:51:dc:e8:8f:9e:a7:f6:
                    c8:e7:9a:86:10:c3:5f:25:53:fd:c6:57:d8:bc:62:
                    68:c4:cd:2e:16:11:fb:2a:0d:08:6d:f5:62:58:31:
                    2b:54:c1:a7:e5:0a:0f:ff:e8:a7:35:e7:10:3c:5c:
                    ca:ee:a4:12:3d:a7:b0:76:27:0f:8e:20:51:1b:59:
                    70:2e:5d:41:de:de:c3:88:5e:f1:ba:57:5d:8e:d3:
                    e0:48:2c:ab:72:23:96:4d:da:d9:70:3d:34:e2:b0:
                    6a:5e:3c:4c:08:37:64:96:33:19:51:ad:25:9d:af:
                    ff:a8:15:59:d5:ac:cb:1a:12:27:e7:18:6d:0e:6d:
                    81:c6:21:60:f3:73:cb:22:7d:9d:f5:a4:ef:7e:b1:
                    bb:54:08:ab:cb:02:5d:89:10:96:f4:14:02:c4:53:
                    d4:63:3f:bc:f5:29:0c:3c:b4:45:9b:65:ea:32:e2:
                    6a:ab:2f:ad:41:b1:2a:8d:c9:36:0f:b6:10:73:ea:
                    82:a0:1d:0a:a9:73:98:12:2e:fb:e2:1d:c3:6b:92:
                    94:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:59:05:22:2A:B4:92:A7:E0:2A:1D:98:F1:C7:FD:46:EF:EF:47:53
            X509v3 Authority Key Identifier:
                keyid:00:6B:06:B5:D0:FF:10:00:E1:0C:42:76:EE:A0:88:0A:F2:09:D7:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/J1kFIiq0kqfgKh2Y8cf9Ru_vR1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:1f41::-2a04:1f42:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         7c:d8:1e:d9:29:db:a2:ad:6d:d7:5f:9f:2d:24:05:b6:bc:f0:
         cf:c7:fc:54:2f:43:3c:71:06:03:cb:df:da:73:31:63:4c:5b:
         3e:ae:4f:d1:27:d2:28:cc:13:d3:af:5f:de:30:fd:c1:de:2b:
         36:a6:2d:ca:58:ea:22:32:25:2a:8c:d2:f3:b5:bf:ba:b1:ab:
         95:a1:21:78:50:4c:37:ed:11:83:8f:f1:6e:4d:42:59:35:d1:
         bb:b5:12:c1:f5:cf:27:06:53:42:a4:b1:06:0e:78:65:69:29:
         3b:40:33:c7:ae:84:dc:d1:3d:d3:e8:0e:2d:8e:d8:10:5d:77:
         b9:aa:77:3f:00:c1:be:60:fc:3f:64:ea:df:e0:72:0b:dd:54:
         4d:26:c5:65:81:ee:4a:8b:c1:3b:4f:3d:b8:cd:53:b5:c0:12:
         f9:99:5d:68:e7:ff:a8:04:f4:3d:8f:15:b6:94:82:5a:f5:b4:
         7c:7e:3c:eb:ef:27:5c:d7:bf:3e:cf:89:03:25:7f:08:b8:da:
         11:83:0e:3e:3a:8e:9c:79:b8:20:49:19:04:c3:b9:d8:3a:cd:
         38:2a:c1:5c:fb:9b:61:15:ef:a2:66:45:e0:51:2a:d5:9d:5d:
         cb:40:d8:f2:a0:4e:d8:0c:d8:53:d8:19:c8:b4:27:b2:41:82:
         d2:e0:35:2a
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzC2x8Tc811Soyn/hdhn+wMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNmIwNmI1ZDBmZjEwMDBlMTBjNDI3NmVlYTA4ODBhZjIw
OWQ3YTIwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzU5MDUyMjJhYjQ5MmE3ZTAyYTFkOThmMWM3ZmQ0NmVmZWY0NzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAil17xHeQpVm7FZau2zHNWNsC6EmT
LjCYOYsMeCea3+ngqMlYHf0G6cXb5zsHU2fY9CWNVlHc6I+ep/bI55qGEMNfJVP9
xlfYvGJoxM0uFhH7Kg0IbfViWDErVMGn5QoP/+inNecQPFzK7qQSPaewdicPjiBR
G1lwLl1B3t7DiF7xulddjtPgSCyrciOWTdrZcD004rBqXjxMCDdkljMZUa0lna//
qBVZ1azLGhIn5xhtDm2BxiFg83PLIn2d9aTvfrG7VAirywJdiRCW9BQCxFPUYz+8
9SkMPLRFm2XqMuJqqy+tQbEqjck2D7YQc+qCoB0KqXOYEi774h3Da5KUUQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFCdZBSIqtJKn4CodmPHH/Ubv70dTMB8GA1UdIwQY
MBaAFABrBrXQ/xAA4QxCdu6giAryCdeiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUdzR3RkRF9FQURoREVKMjdxQ0lDdklKMTZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80NzM3YzktZTI2My00NGU3LThmZWQt
NTdjOTU1YzljODVkLzEvSjFrRklpcTBrcWZnS2gyWThjZjlSdV92UjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80NzM3YzktZTI2My00NGU3LThmZWQtNTdjOTU1YzljODVk
LzEvQUdzR3RkRF9FQURoREVKMjdxQ0lDdklKMTZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqBB9B
AwUAKgQfQjANBgkqhkiG9w0BAQsFAAOCAQEAfNge2Snboq1t11+fLSQFtrzwz8f8
VC9DPHEGA8vf2nMxY0xbPq5P0SfSKMwT069f3jD9wd4rNqYtyljqIjIlKozS87W/
urGrlaEheFBMN+0Rg4/xbk1CWTXRu7USwfXPJwZTQqSxBg54ZWkpO0Azx66E3NE9
0+gOLY7YEF13uap3PwDBvmD8P2Tq3+ByC91UTSbFZYHuSovBO089uM1TtcAS+Zld
aOf/qAT0PY8VtpSCWvW0fH486+8nXNe/Ps+JAyV/CLjaEYMOPjqOnHm4IEkZBMO5
2DrNOCrBXPubYRXvomZF4FEq1Z1dy0DY8qBO2AzYU9gZyLQnskGC0uA1Kg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:34:15 2024 by rpki-client on console-fra.rpki-client.org