Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2hJVu5JAVbDhm_RCPllyw5HkY4o.roa
File:                     2hJVu5JAVbDhm_RCPllyw5HkY4o.roa (raw, json)
Hash identifier:          5e5OYdtPrkHUIVZTAtKqlzWnBJ024I2wiNlit2+8Ucw=
Subject key identifier:   DA:12:55:BB:92:40:55:B0:E1:9B:F4:42:3E:59:72:C3:91:E4:63:8A
Certificate issuer:       /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial:       018CC34957B39DBA7CF245EC18354078EBD8
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2hJVu5JAVbDhm_RCPllyw5HkY4o.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59922
IP address blocks:        2a0a:8887:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:57:b3:9d:ba:7c:f2:45:ec:18:35:40:78:eb:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da1255bb924055b0e19bf4423e5972c391e4638a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1f:0f:b5:e4:fe:f1:9a:a8:e2:31:4b:64:37:
                    15:b3:c9:6c:95:75:23:f6:e2:1f:3e:62:6a:cf:80:
                    3f:91:3e:85:3a:37:56:a4:89:54:91:3b:62:d6:ff:
                    3d:d5:e2:41:56:a5:32:30:8b:6c:04:9c:bc:fe:ae:
                    0f:fd:2a:e8:97:d0:ee:74:57:0b:01:1e:07:3a:46:
                    b3:b8:3f:9d:a3:09:26:96:ba:53:90:82:c4:6b:c7:
                    f1:39:89:87:a0:98:09:1f:42:fd:37:d9:f8:3d:48:
                    f0:2c:ed:60:b3:e4:6f:d1:53:e4:6a:a3:9c:ef:c3:
                    d6:ab:1c:df:b8:0e:b5:53:92:56:f5:d5:c4:07:20:
                    ae:04:e6:d2:43:22:43:49:dd:b2:03:a5:ef:df:4e:
                    ce:f9:6c:cb:e1:6a:87:a1:74:e0:95:49:ab:08:55:
                    53:53:61:1b:52:8a:55:78:45:db:95:55:7d:80:f6:
                    e9:c5:fd:db:ac:eb:10:b6:6e:38:9f:51:d3:00:f5:
                    fb:bb:7d:b6:5d:7c:a4:bc:13:20:52:03:64:ef:27:
                    b5:96:24:fa:f5:2a:61:e5:66:36:2c:18:8b:3b:09:
                    fc:46:fa:da:bc:7b:c1:cd:e5:f6:66:41:e9:ef:3e:
                    c7:9e:c3:0f:5e:49:48:18:e2:07:72:d1:d5:62:d0:
                    b8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:12:55:BB:92:40:55:B0:E1:9B:F4:42:3E:59:72:C3:91:E4:63:8A
            X509v3 Authority Key Identifier:
                keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2hJVu5JAVbDhm_RCPllyw5HkY4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:8887:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:bf:0a:08:64:43:88:e8:3f:fe:2d:2e:12:d5:56:da:de:4a:
         39:6f:3e:29:3a:e4:d4:b2:1a:ec:88:fe:5b:04:d7:2b:d1:da:
         ec:24:cc:d6:63:ec:48:ab:da:c8:91:f5:bd:a2:34:2a:33:7a:
         15:6a:02:ae:11:be:45:fa:af:12:cf:15:6b:91:7e:51:92:ba:
         3d:00:a7:74:a1:1f:c0:86:47:f3:7f:a9:2c:53:54:c3:28:31:
         72:e9:cf:38:5c:36:f8:80:8b:41:11:6d:bb:f5:5b:d3:e0:60:
         90:12:20:39:3b:31:b5:1e:62:a2:0b:ed:4e:40:73:a3:5a:61:
         f7:46:5b:45:df:9a:dc:94:7b:f4:09:9a:32:13:73:e9:dd:b9:
         fe:81:60:69:25:22:b4:f6:64:4c:c4:19:32:17:97:07:55:35:
         b4:e1:78:10:e6:9e:b6:10:81:8c:5b:35:91:9b:b1:3b:77:d9:
         ce:80:b5:da:4a:b5:a4:55:d5:d6:95:fd:67:32:cc:99:77:38:
         81:a0:51:b0:a9:c3:ab:c7:16:b0:2e:43:da:ed:90:2a:15:0c:
         3f:b1:23:3c:1c:ab:41:cc:37:c3:86:19:63:36:03:fc:9f:0a:
         8f:22:32:70:bb:ac:52:52:5f:f8:4d:92:06:98:59:52:0d:e8:
         1d:b7:ba:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSVeznbp88kXsGDVAeOvYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTEyNTViYjkyNDA1NWIwZTE5YmY0NDIzZTU5NzJjMzkxZTQ2MzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiB8PteT+8Zqo4jFLZDcVs8lslXUj
9uIfPmJqz4A/kT6FOjdWpIlUkTti1v891eJBVqUyMItsBJy8/q4P/Srol9DudFcL
AR4HOkazuD+dowkmlrpTkILEa8fxOYmHoJgJH0L9N9n4PUjwLO1gs+Rv0VPkaqOc
78PWqxzfuA61U5JW9dXEByCuBObSQyJDSd2yA6Xv307O+WzL4WqHoXTglUmrCFVT
U2EbUopVeEXblVV9gPbpxf3brOsQtm44n1HTAPX7u322XXykvBMgUgNk7ye1liT6
9Sph5WY2LBiLOwn8RvravHvBzeX2ZkHp7z7HnsMPXklIGOIHctHVYtC4ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNoSVbuSQFWw4Zv0Qj5ZcsOR5GOKMB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEvMmhKVnU1SkFWYkRobV9SQ1BsbHl3NUhrWTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgqIhwAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAQvwoIZEOI6D/+LS4S1Vba3ko5bz4pOuTUshrs
iP5bBNcr0drsJMzWY+xIq9rIkfW9ojQqM3oVagKuEb5F+q8SzxVrkX5Rkro9AKd0
oR/Ahkfzf6ksU1TDKDFy6c84XDb4gItBEW279VvT4GCQEiA5OzG1HmKiC+1OQHOj
WmH3RltF35rclHv0CZoyE3Pp3bn+gWBpJSK09mRMxBkyF5cHVTW04XgQ5p62EIGM
WzWRm7E7d9nOgLXaSrWkVdXWlf1nMsyZdziBoFGwqcOrxxawLkPa7ZAqFQw/sSM8
HKtBzDfDhhljNgP8nwqPIjJwu6xSUl/4TZIGmFlSDegdt7rJ
-----END CERTIFICATE-----
Generated at Fri Nov 22 07:02:56 2024 by rpki-client on console-fra.rpki-client.org