Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/H8pRttvwHWskAW7vGkSOo5l39dg.roa
File:                     H8pRttvwHWskAW7vGkSOo5l39dg.roa (raw, json)
Hash identifier:          aQsQsTREqZWWOnFAoU06OHJZkxdq8FxhxUkvpA2wd7A=
Subject key identifier:   1F:CA:51:B6:DB:F0:1D:6B:24:01:6E:EF:1A:44:8E:A3:99:77:F5:D8
Certificate issuer:       /CN=67ce179cbe13ddb14012985a067100ef98a55601
Certificate serial:       018CC7261CCF6E9748604BBB4F1CB8672967
Authority key identifier: 67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/H8pRttvwHWskAW7vGkSOo5l39dg.roa
Signing time:             Mon 01 Jan 2024 22:30:12 +0000
ROA not before:           Mon 01 Jan 2024 22:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212832
IP address blocks:        2a13:1c46::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:1c:cf:6e:97:48:60:4b:bb:4f:1c:b8:67:29:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ce179cbe13ddb14012985a067100ef98a55601
        Validity
            Not Before: Jan  1 22:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fca51b6dbf01d6b24016eef1a448ea39977f5d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:21:d8:30:df:fc:aa:88:80:a0:e3:94:68:3b:
                    c9:cb:e5:9f:80:1c:71:10:3a:46:42:46:95:38:ce:
                    eb:a7:dc:0d:20:25:6b:4a:19:21:ec:ca:b8:32:62:
                    5f:9f:e8:e1:ab:01:30:44:c8:1b:a4:9e:9f:3e:7d:
                    d0:23:e2:30:2a:d4:0c:c8:40:47:3b:c7:1e:dd:36:
                    fe:80:39:f7:c8:9a:da:54:53:7e:85:76:14:e8:b6:
                    2c:0e:9a:78:19:f9:9b:fa:0b:55:ec:60:ad:f6:dc:
                    19:4d:ed:3d:75:26:05:82:93:72:4b:5e:a4:1f:2d:
                    3d:f0:c4:3c:e3:51:4d:78:2d:71:6f:10:49:de:00:
                    0a:22:c1:c7:15:02:b4:8a:b4:a0:ff:2e:e4:62:3b:
                    dd:03:f0:03:62:16:9c:0c:be:d4:44:8d:ce:e0:63:
                    3d:6b:74:00:52:2b:4c:32:4a:b7:64:3c:e6:6a:4d:
                    30:a3:4c:72:44:5b:83:1d:4f:60:19:74:35:df:83:
                    3c:95:51:67:8f:c0:63:c4:cb:37:13:21:a9:8a:6d:
                    d6:4e:e1:20:6e:cc:cd:77:9c:e8:cc:9e:18:94:d9:
                    75:c6:c2:03:73:e3:15:b6:52:d0:ff:57:35:5a:ad:
                    8d:2f:49:de:65:cf:3a:77:e5:14:ac:a0:19:f0:39:
                    d1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:CA:51:B6:DB:F0:1D:6B:24:01:6E:EF:1A:44:8E:A3:99:77:F5:D8
            X509v3 Authority Key Identifier:
                keyid:67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/H8pRttvwHWskAW7vGkSOo5l39dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1c46::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:74:fe:85:f9:25:39:31:63:71:49:74:d4:e8:0f:ae:b8:ad:
         80:a1:74:c7:79:53:6b:6f:5b:14:b1:bf:4e:49:00:fe:79:f2:
         af:ac:6a:4a:95:2f:8c:a5:94:50:91:ce:91:fb:73:38:dc:a6:
         e3:72:d2:14:88:6b:7d:55:bb:d8:a0:8f:b8:01:12:5e:11:a0:
         e2:d4:9a:37:91:7f:51:15:45:f4:fd:94:19:be:74:b5:54:a2:
         b0:c5:1f:85:73:b4:90:b0:0d:c7:d1:da:b1:0e:20:92:2c:e3:
         8b:0a:c2:03:71:a3:9e:7d:d5:1c:6f:da:ff:ef:09:34:a7:56:
         83:87:cb:1e:4c:9e:9a:b8:95:1d:73:7a:31:2b:14:f5:b4:c5:
         0d:55:35:cd:f2:b8:4d:0b:f4:0e:6d:a2:37:a7:22:75:bf:9e:
         21:24:4d:33:6d:bb:24:ec:29:1d:66:64:cc:4a:64:60:8c:c5:
         cc:77:88:fc:b9:5d:8c:7a:ac:8e:c6:e9:dd:5a:ad:96:af:79:
         7a:15:04:a0:18:84:78:91:d7:ef:5d:46:f0:99:dd:9e:b8:b9:
         61:a1:77:f6:d6:eb:9a:c7:6b:49:7a:c7:5a:25:f6:03:d0:ff:
         90:77:20:07:d2:96:0b:2a:3f:2a:10:c0:2f:6f:4b:f8:67:db:
         93:23:83:07
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJhzPbpdIYEu7Txy4ZylnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2UxNzljYmUxM2RkYjE0MDEyOTg1YTA2NzEwMGVmOThh
NTU2MDEwHhcNMjQwMTAxMjIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmNhNTFiNmRiZjAxZDZiMjQwMTZlZWYxYTQ0OGVhMzk5NzdmNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiHYMN/8qoiAoOOUaDvJy+WfgBxx
EDpGQkaVOM7rp9wNICVrShkh7Mq4MmJfn+jhqwEwRMgbpJ6fPn3QI+IwKtQMyEBH
O8ce3Tb+gDn3yJraVFN+hXYU6LYsDpp4Gfmb+gtV7GCt9twZTe09dSYFgpNyS16k
Hy098MQ841FNeC1xbxBJ3gAKIsHHFQK0irSg/y7kYjvdA/ADYhacDL7URI3O4GM9
a3QAUitMMkq3ZDzmak0wo0xyRFuDHU9gGXQ134M8lVFnj8BjxMs3EyGpim3WTuEg
bszNd5zozJ4YlNl1xsIDc+MVtlLQ/1c1Wq2NL0neZc86d+UUrKAZ8DnRKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFB/KUbbb8B1rJAFu7xpEjqOZd/XYMB8GA1UdIwQY
MBaAFGfOF5y+E92xQBKYWgZxAO+YpVYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEt
NjJjMDFkYzY5Y2NhLzEvSDhwUnR0dndIV3NrQVc3dkdrU09vNWwzOWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEtNjJjMDFkYzY5Y2Nh
LzEvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhMcRjAN
BgkqhkiG9w0BAQsFAAOCAQEAfnT+hfklOTFjcUl01OgPrritgKF0x3lTa29bFLG/
TkkA/nnyr6xqSpUvjKWUUJHOkftzONym43LSFIhrfVW72KCPuAESXhGg4tSaN5F/
URVF9P2UGb50tVSisMUfhXO0kLANx9HasQ4gkizjiwrCA3Gjnn3VHG/a/+8JNKdW
g4fLHkyemriVHXN6MSsU9bTFDVU1zfK4TQv0Dm2iN6cidb+eISRNM227JOwpHWZk
zEpkYIzFzHeI/LldjHqsjsbp3Vqtlq95ehUEoBiEeJHX711G8Jndnri5YaF39tbr
msdrSXrHWiX2A9D/kHcgB9KWCyo/KhDAL29L+GfbkyODBw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:42:30 2024 by rpki-client on console-ams.rpki-client.org