Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/4bd70c-094a-43d0-adda-04fbd681896a/1/6Cn-7iARET44vV1rmBYX6TZt99U.roa
File:                     6Cn-7iARET44vV1rmBYX6TZt99U.roa (raw, json)
Hash identifier:          1sfGyDwFCSHR7jmUMngNSftS11joE4Vw/SE5ILaNL3g=
Subject key identifier:   E8:29:FE:EE:20:11:11:3E:38:BD:5D:6B:98:16:17:E9:36:6D:F7:D5
Certificate issuer:       /CN=f1b9aecaa37dedc0f2c04f51bc963fcd2e4aaccc
Certificate serial:       019199D02C7F00F2BE30075CA03711B94DB2
Authority key identifier: F1:B9:AE:CA:A3:7D:ED:C0:F2:C0:4F:51:BC:96:3F:CD:2E:4A:AC:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8bmuyqN97cDywE9RvJY_zS5KrMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/4bd70c-094a-43d0-adda-04fbd681896a/1/6Cn-7iARET44vV1rmBYX6TZt99U.roa
Signing time:             Wed 28 Aug 2024 16:27:22 +0000
ROA not before:           Wed 28 Aug 2024 16:27:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        2a14:11c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/4bd70c-094a-43d0-adda-04fbd681896a/1/8bmuyqN97cDywE9RvJY_zS5KrMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/4bd70c-094a-43d0-adda-04fbd681896a/1/8bmuyqN97cDywE9RvJY_zS5KrMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8bmuyqN97cDywE9RvJY_zS5KrMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:99:d0:2c:7f:00:f2:be:30:07:5c:a0:37:11:b9:4d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1b9aecaa37dedc0f2c04f51bc963fcd2e4aaccc
        Validity
            Not Before: Aug 28 16:27:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e829feee2011113e38bd5d6b981617e9366df7d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c0:07:b1:1c:1e:fb:e2:a1:61:b7:26:fd:14:
                    a4:e4:12:8a:fe:a6:e7:01:ae:a3:c9:14:21:62:41:
                    b8:6b:75:b3:ef:c0:64:a3:a9:96:4c:a6:c7:77:1d:
                    d0:c5:db:35:e5:07:d0:91:0f:ee:7f:6a:64:7c:06:
                    ca:52:c4:57:47:7a:04:c2:44:68:f6:24:31:94:d6:
                    b6:80:97:76:c4:89:f9:88:d7:0f:4a:d3:b3:3f:e6:
                    87:05:7d:e2:58:77:7d:a6:4b:c1:92:81:b0:6b:9c:
                    6e:21:46:0c:59:12:9f:f9:ce:e3:30:7d:b6:3d:80:
                    12:59:44:3b:e8:77:38:4b:c4:e0:0c:f2:c8:10:41:
                    26:4c:0f:35:87:6e:ee:ba:6a:19:c0:a9:33:40:32:
                    17:ef:97:8c:b9:8f:2b:eb:ba:05:e5:e5:27:22:ee:
                    ce:26:1f:7d:f9:f4:0b:9c:cb:13:e5:d1:f8:c5:30:
                    82:3e:56:57:76:d4:ee:b4:35:f7:67:31:93:90:b1:
                    41:c9:dc:0a:9b:92:92:7d:60:db:fe:ac:ea:a2:20:
                    b2:c8:b1:0b:0e:d2:0c:99:03:ca:21:f1:e0:74:52:
                    4e:35:f6:ed:d1:c9:fd:4e:33:25:fc:ec:e5:d1:c1:
                    3a:54:e3:a1:84:55:4d:2d:cf:d5:38:b4:aa:dc:d9:
                    94:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:29:FE:EE:20:11:11:3E:38:BD:5D:6B:98:16:17:E9:36:6D:F7:D5
            X509v3 Authority Key Identifier:
                keyid:F1:B9:AE:CA:A3:7D:ED:C0:F2:C0:4F:51:BC:96:3F:CD:2E:4A:AC:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bmuyqN97cDywE9RvJY_zS5KrMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/4bd70c-094a-43d0-adda-04fbd681896a/1/6Cn-7iARET44vV1rmBYX6TZt99U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/4bd70c-094a-43d0-adda-04fbd681896a/1/8bmuyqN97cDywE9RvJY_zS5KrMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:11c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:08:08:ba:d6:54:3c:42:5b:cc:38:46:be:08:03:50:c0:fe:
         8c:a9:7a:e5:7d:86:97:a1:e1:7c:2e:97:94:bf:72:41:f2:d0:
         72:cd:d4:f3:1f:45:db:69:e1:2b:dc:ef:44:a2:19:0f:eb:fd:
         40:00:bf:d8:38:27:7d:0a:6e:a9:c6:da:3f:ee:d6:fe:da:0f:
         63:9c:69:d2:cc:7a:0c:5a:2d:69:d2:c9:b6:b3:dc:24:5d:87:
         2a:d0:60:ba:15:40:3e:59:c9:eb:0c:23:53:d3:b9:fd:9e:c6:
         39:24:1c:ad:84:86:d3:14:df:76:53:f3:eb:fb:2d:bf:8c:9b:
         e6:1f:b6:5b:83:10:19:f9:83:88:fc:e6:47:8e:c6:88:fc:25:
         d9:49:13:ba:a5:81:a4:42:8d:42:19:fe:5a:e4:99:63:7e:4b:
         55:71:a0:18:c2:96:0c:a2:1a:13:d9:a2:e7:a3:aa:56:9e:31:
         4c:fb:55:22:4d:13:cf:3e:69:3b:42:dc:eb:a7:dc:57:b7:13:
         87:f1:91:55:3c:74:3b:c1:e6:4b:d5:3b:6b:06:71:44:9e:79:
         96:92:3f:2d:fd:01:45:89:9d:d1:df:52:cc:0d:3e:be:ba:86:
         4e:3f:33:eb:c4:f4:d6:12:fe:de:2c:e5:9f:ea:57:9d:c4:cb:
         06:e9:68:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZGZ0Cx/APK+MAdcoDcRuU2yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjlhZWNhYTM3ZGVkYzBmMmMwNGY1MWJjOTYzZmNkMmU0
YWFjY2MwHhcNMjQwODI4MTYyNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODI5ZmVlZTIwMTExMTNlMzhiZDVkNmI5ODE2MTdlOTM2NmRmN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsAHsRwe++KhYbcm/RSk5BKK/qbn
Aa6jyRQhYkG4a3Wz78Bko6mWTKbHdx3Qxds15QfQkQ/uf2pkfAbKUsRXR3oEwkRo
9iQxlNa2gJd2xIn5iNcPStOzP+aHBX3iWHd9pkvBkoGwa5xuIUYMWRKf+c7jMH22
PYASWUQ76Hc4S8TgDPLIEEEmTA81h27uumoZwKkzQDIX75eMuY8r67oF5eUnIu7O
Jh99+fQLnMsT5dH4xTCCPlZXdtTutDX3ZzGTkLFBydwKm5KSfWDb/qzqoiCyyLEL
DtIMmQPKIfHgdFJONfbt0cn9TjMl/Ozl0cE6VOOhhFVNLc/VOLSq3NmUFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOgp/u4gERE+OL1da5gWF+k2bffVMB8GA1UdIwQY
MBaAFPG5rsqjfe3A8sBPUbyWP80uSqzMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJtdXlxTjk3Y0R5d0U5UnZKWV96UzVLck13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC80YmQ3MGMtMDk0YS00M2QwLWFkZGEt
MDRmYmQ2ODE4OTZhLzEvNkNuLTdpQVJFVDQ0dlYxcm1CWVg2VFp0OTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC80YmQ3MGMtMDk0YS00M2QwLWFkZGEtMDRmYmQ2ODE4OTZh
LzEvOGJtdXlxTjk3Y0R5d0U5UnZKWV96UzVLck13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQRwDAN
BgkqhkiG9w0BAQsFAAOCAQEAZggIutZUPEJbzDhGvggDUMD+jKl65X2Gl6HhfC6X
lL9yQfLQcs3U8x9F22nhK9zvRKIZD+v9QAC/2DgnfQpuqcbaP+7W/toPY5xp0sx6
DFotadLJtrPcJF2HKtBguhVAPlnJ6wwjU9O5/Z7GOSQcrYSG0xTfdlPz6/stv4yb
5h+2W4MQGfmDiPzmR47GiPwl2UkTuqWBpEKNQhn+WuSZY35LVXGgGMKWDKIaE9mi
56OqVp4xTPtVIk0Tzz5pO0Lc66fcV7cTh/GRVTx0O8HmS9U7awZxRJ55lpI/Lf0B
RYmd0d9SzA0+vrqGTj8z68T01hL+3izln+pXncTLBuloEQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:27:16 2024 by rpki-client on console-ams.rpki-client.org