Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/zRrfnXc6bWz5iBqJOeOfEoNtFQA.roa
File:                     zRrfnXc6bWz5iBqJOeOfEoNtFQA.roa (raw, json)
Hash identifier:          BLbUeuc74gMsLsykdbSuL36fXNyFq75/b5gYxxtGNGM=
Subject key identifier:   CD:1A:DF:9D:77:3A:6D:6C:F9:88:1A:89:39:E3:9F:12:83:6D:15:00
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       0190D529683B15E9E5996D63F7E40FEE1763
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/zRrfnXc6bWz5iBqJOeOfEoNtFQA.roa
Signing time:             Sun 21 Jul 2024 11:59:38 +0000
ROA not before:           Sun 21 Jul 2024 11:59:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214916
IP address blocks:        2a07:2486:e000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d5:29:68:3b:15:e9:e5:99:6d:63:f7:e4:0f:ee:17:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Jul 21 11:59:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd1adf9d773a6d6cf9881a8939e39f12836d1500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:46:11:9a:e2:90:db:0b:b2:b2:ec:5d:c1:47:
                    f1:49:a4:8d:37:95:28:33:ba:2c:29:33:95:b0:e2:
                    c8:8a:98:ab:df:0d:01:64:d1:37:8f:48:4b:2b:ca:
                    9f:d0:53:50:a2:5a:91:41:73:83:3d:3c:bd:66:f4:
                    8b:ca:e0:73:0a:5e:6a:1c:9b:20:ca:14:b9:f3:14:
                    f5:1e:06:62:fc:b4:c4:0a:ef:a8:d2:7b:06:7c:08:
                    39:2c:1f:2f:3e:ac:28:b2:ea:98:41:4d:54:9c:3b:
                    fa:96:4e:cb:38:39:bf:d7:2c:98:0c:51:f4:e3:98:
                    59:40:93:5d:cd:c2:e7:37:fd:77:7d:af:f3:20:5c:
                    28:aa:6d:54:1f:c2:ae:db:b6:62:1b:b6:0d:a8:4c:
                    2d:b4:8f:41:07:53:ac:52:a1:3d:d8:76:f3:9d:4c:
                    14:3e:4c:05:b0:55:76:17:64:e6:40:ac:9b:6c:34:
                    51:46:12:60:c7:97:e3:c7:c4:0d:bb:7a:6c:31:f2:
                    60:c6:5c:fd:27:b1:d8:bd:0b:5a:f0:93:cf:80:a3:
                    3e:8f:50:e0:a5:10:49:5a:c2:4e:a8:1a:1a:c4:9d:
                    73:9e:75:99:e8:81:2d:93:60:86:e9:a6:28:f9:4a:
                    3d:be:66:1b:ef:e4:9e:75:e0:78:2c:4a:6e:49:4f:
                    c7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:1A:DF:9D:77:3A:6D:6C:F9:88:1A:89:39:E3:9F:12:83:6D:15:00
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/zRrfnXc6bWz5iBqJOeOfEoNtFQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:e000::/36

    Signature Algorithm: sha256WithRSAEncryption
         20:f4:49:22:17:53:80:de:61:27:ef:55:f0:3a:14:2f:46:e5:
         0c:3a:c3:ec:d7:20:c9:35:11:45:bb:e3:5d:b2:29:de:69:21:
         1c:5b:2b:db:cf:4f:0a:3e:d8:8b:7f:59:3f:c7:54:e8:1f:d8:
         02:b6:bb:7f:2b:a7:5d:ee:46:a7:9e:7d:48:82:9c:42:fc:4a:
         4d:cf:08:65:8d:55:63:65:b1:2e:f5:ec:15:62:e2:34:31:48:
         d2:df:3c:85:d5:eb:5a:05:8a:b2:d9:d8:ba:b5:6f:e2:48:e5:
         59:8a:08:6e:d2:74:31:49:4b:fb:cb:45:df:62:96:e8:1e:85:
         47:51:19:27:f9:45:71:92:00:f2:c5:99:59:7b:fa:35:45:3b:
         25:14:ab:f0:c0:1c:8b:1a:ec:c7:00:64:33:d1:a3:b5:d3:73:
         4d:75:42:f2:9e:f8:02:b8:34:d9:41:2f:e5:8e:c0:49:e3:e2:
         c3:7d:b1:93:86:93:d4:e9:fe:12:e1:40:16:de:91:f0:1e:80:
         9f:df:3b:70:bc:a1:e4:35:66:f9:00:26:d8:46:a2:1e:3d:a3:
         dd:51:19:82:a3:a3:07:79:a5:56:cc:75:34:11:6e:06:31:b1:
         1a:f5:6b:6a:54:07:7e:8e:b8:2c:c0:d0:7e:1f:c3:f8:99:f4:
         61:d6:df:84
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZDVKWg7FenlmW1j9+QP7hdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQwNzIxMTE1OTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDFhZGY5ZDc3M2E2ZDZjZjk4ODFhODkzOWUzOWYxMjgzNmQxNTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkYRmuKQ2wuysuxdwUfxSaSNN5Uo
M7osKTOVsOLIipir3w0BZNE3j0hLK8qf0FNQolqRQXODPTy9ZvSLyuBzCl5qHJsg
yhS58xT1HgZi/LTECu+o0nsGfAg5LB8vPqwosuqYQU1UnDv6lk7LODm/1yyYDFH0
45hZQJNdzcLnN/13fa/zIFwoqm1UH8Ku27ZiG7YNqEwttI9BB1OsUqE92HbznUwU
PkwFsFV2F2TmQKybbDRRRhJgx5fjx8QNu3psMfJgxlz9J7HYvQta8JPPgKM+j1Dg
pRBJWsJOqBoaxJ1znnWZ6IEtk2CG6aYo+Uo9vmYb7+SedeB4LEpuSU/HWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFM0a3513Om1s+YgaiTnjnxKDbRUAMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvelJyZm5YYzZiV3o1aUJxSk9lT2ZFb050RlFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgckhuAw
DQYJKoZIhvcNAQELBQADggEBACD0SSIXU4DeYSfvVfA6FC9G5Qw6w+zXIMk1EUW7
412yKd5pIRxbK9vPTwo+2It/WT/HVOgf2AK2u38rp13uRqeefUiCnEL8Sk3PCGWN
VWNlsS717BVi4jQxSNLfPIXV61oFirLZ2Lq1b+JI5VmKCG7SdDFJS/vLRd9iluge
hUdRGSf5RXGSAPLFmVl7+jVFOyUUq/DAHIsa7McAZDPRo7XTc011QvKe+AK4NNlB
L+WOwEnj4sN9sZOGk9Tp/hLhQBbekfAegJ/fO3C8oeQ1ZvkAJthGoh49o91RGYKj
owd5pVbMdTQRbgYxsRr1a2pUB36OuCzA0H4fw/iZ9GHW34Q=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:09:34 2024 by rpki-client on console-ams.rpki-client.org