Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/9fMgxOGE_4uZjp2k9mxbagX-C3E.roa
File:                     9fMgxOGE_4uZjp2k9mxbagX-C3E.roa (raw, json)
Hash identifier:          rf2Z48+dNdMWzsr438M6dOgs8g1uRZnsm+a16TXTrDA=
Subject key identifier:   F5:F3:20:C4:E1:84:FF:8B:99:8E:9D:A4:F6:6C:5B:6A:05:FE:0B:71
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       0192B9314774F2620E5532F92DFFF12D249B
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/9fMgxOGE_4uZjp2k9mxbagX-C3E.roa
Signing time:             Wed 23 Oct 2024 11:44:27 +0000
ROA not before:           Wed 23 Oct 2024 11:44:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48752
IP address blocks:        2a07:2486:e00::/44 maxlen: 44
                          2a07:2486:e20::/44 maxlen: 44
                          2a07:2486:e30::/44 maxlen: 44
                          2a07:2486:e40::/44 maxlen: 44
                          2a07:2486:ec0::/44 maxlen: 44
                          2a07:2486:ee0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b9:31:47:74:f2:62:0e:55:32:f9:2d:ff:f1:2d:24:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Oct 23 11:44:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5f320c4e184ff8b998e9da4f66c5b6a05fe0b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ce:ec:06:ab:a6:58:d5:af:47:e1:cc:45:3c:
                    8f:44:57:38:5e:11:f1:79:87:ae:f9:72:fa:35:a8:
                    b9:03:21:b2:25:6a:2d:be:15:3c:c0:77:d4:46:e6:
                    05:eb:b0:e1:5f:f7:c5:7b:4c:65:e7:34:4e:49:9b:
                    13:98:3b:3e:76:f0:a3:04:36:12:45:ff:a0:45:94:
                    fc:d6:aa:69:cc:72:c6:6c:64:02:4a:b8:24:1d:3e:
                    0b:d6:5d:ec:0f:be:5e:40:ac:06:b8:52:96:3a:f6:
                    44:32:f1:37:58:a6:fc:ce:cb:ff:8f:93:e6:00:c4:
                    ed:61:74:1b:bb:05:33:6a:5f:75:ec:34:8c:f7:da:
                    e1:aa:b6:c8:ac:79:ab:80:af:04:53:5c:e1:dc:53:
                    05:40:0a:48:5b:87:74:15:af:1b:03:d8:9e:51:70:
                    85:f3:b3:18:a7:0c:0f:68:08:ed:ea:9e:0e:38:94:
                    d8:17:03:89:64:21:19:a7:fb:1d:80:09:82:aa:50:
                    8c:fc:ce:72:13:6b:3a:7b:b4:44:f9:a7:e4:79:95:
                    ba:d5:40:14:92:08:9a:f5:62:57:b3:08:83:84:8a:
                    78:5b:bc:95:a5:c4:7e:b7:93:b5:22:92:d3:02:42:
                    ad:1b:c1:0a:35:59:a1:a7:7d:3e:ea:b9:53:20:b7:
                    00:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:F3:20:C4:E1:84:FF:8B:99:8E:9D:A4:F6:6C:5B:6A:05:FE:0B:71
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/9fMgxOGE_4uZjp2k9mxbagX-C3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:e00::/44
                  2a07:2486:e20::-2a07:2486:e4f:ffff:ffff:ffff:ffff:ffff
                  2a07:2486:ec0::/44
                  2a07:2486:ee0::/44

    Signature Algorithm: sha256WithRSAEncryption
         51:3d:6f:b8:c2:18:e3:af:a2:4b:bc:16:16:f8:32:93:ec:00:
         52:af:d3:14:e7:92:ea:0a:da:ae:ea:2f:01:eb:9c:b5:e3:a8:
         11:36:11:3d:73:ee:82:8c:d5:aa:5a:44:ef:a5:81:5e:5a:94:
         72:0c:49:c6:0c:75:97:3e:04:dd:c1:36:54:51:4a:74:c2:39:
         cf:d5:39:33:0c:bb:cf:c6:7c:15:0e:e1:c2:82:a6:46:53:19:
         7c:23:97:c6:46:6f:e3:ba:93:36:2d:e5:72:f3:0b:6f:6e:f9:
         3a:a6:58:6a:c1:a3:7f:22:f9:37:09:87:c3:ab:dd:56:a2:b2:
         a2:4b:be:1f:5c:04:f5:de:3c:43:58:12:74:6d:b5:54:8f:4f:
         3e:3e:04:0a:b9:3a:c0:32:83:81:8f:03:65:e2:a3:93:63:7d:
         23:c2:a7:44:66:7d:a5:80:d9:96:cf:61:08:da:8f:1d:e1:52:
         76:c0:6b:27:27:4d:2b:66:f3:f8:28:ad:0f:ba:1a:d3:7e:12:
         45:a6:fc:8f:9c:bb:6a:93:2a:13:2c:29:27:98:7d:66:02:f9:
         61:79:8e:06:5e:a3:e1:9c:45:45:3e:9b:21:79:8a:8f:3b:62:
         d6:1f:36:0e:16:a7:48:2c:a4:f9:15:8a:cf:5b:9d:d4:d6:86:
         c9:6d:cd:17
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZK5MUd08mIOVTL5Lf/xLSSbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQxMDIzMTE0NDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWYzMjBjNGUxODRmZjhiOTk4ZTlkYTRmNjZjNWI2YTA1ZmUwYjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc7sBqumWNWvR+HMRTyPRFc4XhHx
eYeu+XL6Nai5AyGyJWotvhU8wHfURuYF67DhX/fFe0xl5zROSZsTmDs+dvCjBDYS
Rf+gRZT81qppzHLGbGQCSrgkHT4L1l3sD75eQKwGuFKWOvZEMvE3WKb8zsv/j5Pm
AMTtYXQbuwUzal917DSM99rhqrbIrHmrgK8EU1zh3FMFQApIW4d0Fa8bA9ieUXCF
87MYpwwPaAjt6p4OOJTYFwOJZCEZp/sdgAmCqlCM/M5yE2s6e7RE+afkeZW61UAU
kgia9WJXswiDhIp4W7yVpcR+t5O1IpLTAkKtG8EKNVmhp30+6rlTILcATQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFPXzIMThhP+LmY6dpPZsW2oF/gtxMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvOWZNZ3hPR0VfNHVaanAyazlteGJhZ1gtQzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzA1BAIAAjAvAwcEKgckhg4A
MBIDBwUqBySGDiADBwQqBySGDkADBwQqBySGDsADBwQqBySGDuAwDQYJKoZIhvcN
AQELBQADggEBAFE9b7jCGOOvoku8Fhb4MpPsAFKv0xTnkuoK2q7qLwHrnLXjqBE2
ET1z7oKM1apaRO+lgV5alHIMScYMdZc+BN3BNlRRSnTCOc/VOTMMu8/GfBUO4cKC
pkZTGXwjl8ZGb+O6kzYt5XLzC29u+TqmWGrBo38i+TcJh8Or3VaisqJLvh9cBPXe
PENYEnRttVSPTz4+BAq5OsAyg4GPA2Xio5NjfSPCp0RmfaWA2ZbPYQjajx3hUnbA
aycnTStm8/gorQ+6GtN+EkWm/I+cu2qTKhMsKSeYfWYC+WF5jgZeo+GcRUU+myF5
io87YtYfNg4Wp0gspPkVis9bndTWhsltzRc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:10:59 2024 by rpki-client on console-fra.rpki-client.org