Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/501ebf-5ffd-4cda-a66d-062d70e3aa23/1/qAjqdcrzxY2iEEdfrbshgbr4g0A.roa
File:                     qAjqdcrzxY2iEEdfrbshgbr4g0A.roa (raw, json)
Hash identifier:          jfLoUl8esb2uSKw9XcFiXoNTgHT8AvUHJcp7crjVvc8=
Subject key identifier:   A8:08:EA:75:CA:F3:C5:8D:A2:10:47:5F:AD:BB:21:81:BA:F8:83:40
Certificate issuer:       /CN=4fb6576ecda25246df70d7a72e1cfffad888ea3b
Certificate serial:       018D6BB1C921D39F8D14CD233CED94F12791
Authority key identifier: 4F:B6:57:6E:CD:A2:52:46:DF:70:D7:A7:2E:1C:FF:FA:D8:88:EA:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7ZXbs2iUkbfcNenLhz_-tiI6js.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/501ebf-5ffd-4cda-a66d-062d70e3aa23/1/qAjqdcrzxY2iEEdfrbshgbr4g0A.roa
Signing time:             Fri 02 Feb 2024 21:20:29 +0000
ROA not before:           Fri 02 Feb 2024 21:20:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49752
IP address blocks:        2001:67c:dcc::/48 maxlen: 48
                          2001:67c:dd0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/501ebf-5ffd-4cda-a66d-062d70e3aa23/1/T7ZXbs2iUkbfcNenLhz_-tiI6js.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/501ebf-5ffd-4cda-a66d-062d70e3aa23/1/T7ZXbs2iUkbfcNenLhz_-tiI6js.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7ZXbs2iUkbfcNenLhz_-tiI6js.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6b:b1:c9:21:d3:9f:8d:14:cd:23:3c:ed:94:f1:27:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb6576ecda25246df70d7a72e1cfffad888ea3b
        Validity
            Not Before: Feb  2 21:20:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a808ea75caf3c58da210475fadbb2181baf88340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e3:b1:ca:e6:d6:b1:cc:b6:31:83:85:0a:eb:
                    18:26:6d:8f:f9:2d:b8:bc:ef:56:71:2b:c4:22:99:
                    4c:d8:c5:b1:71:61:76:75:fd:19:44:18:9c:4a:0b:
                    27:4d:3c:c3:b5:1a:0e:a9:17:e7:a5:70:ab:51:2f:
                    2f:c8:b0:25:3a:be:69:68:27:3e:ee:e0:85:9e:7c:
                    01:ef:2a:17:51:c4:93:da:04:4e:7d:92:5c:ea:bd:
                    04:be:2f:15:d2:41:73:66:93:fb:32:91:33:30:21:
                    cd:78:ae:0f:2e:d9:04:69:18:49:fd:17:a2:48:32:
                    fd:9a:6f:5d:f2:3d:09:a3:25:52:b5:c1:ef:c0:5e:
                    4b:fe:09:a1:29:aa:e8:0c:f0:d0:a4:e5:fe:0b:61:
                    7e:ca:e5:ef:bd:20:14:1f:b7:ce:90:d8:59:21:4d:
                    8b:35:55:c1:36:53:39:c9:4a:bc:00:7d:98:36:39:
                    8b:69:1b:e5:9b:39:00:71:20:4b:e3:43:be:cf:d3:
                    9f:b5:b8:11:07:0e:fd:35:93:a7:1e:56:65:77:87:
                    5b:22:fc:c6:ad:ef:ee:8e:e7:bd:d0:51:18:8c:f8:
                    2c:34:1c:d1:d0:80:08:75:32:ec:55:8c:c6:7c:ea:
                    a3:e9:25:5b:c0:47:0b:05:1a:2e:bb:75:c4:87:6a:
                    34:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:08:EA:75:CA:F3:C5:8D:A2:10:47:5F:AD:BB:21:81:BA:F8:83:40
            X509v3 Authority Key Identifier:
                keyid:4F:B6:57:6E:CD:A2:52:46:DF:70:D7:A7:2E:1C:FF:FA:D8:88:EA:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7ZXbs2iUkbfcNenLhz_-tiI6js.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/501ebf-5ffd-4cda-a66d-062d70e3aa23/1/qAjqdcrzxY2iEEdfrbshgbr4g0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/501ebf-5ffd-4cda-a66d-062d70e3aa23/1/T7ZXbs2iUkbfcNenLhz_-tiI6js.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:dcc::/48
                  2001:67c:dd0::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:00:2f:e4:52:fe:91:c2:e7:f3:ec:eb:b6:b7:20:cb:2e:2e:
         a2:9a:cb:12:5a:56:2a:8b:4c:ad:dd:31:25:8c:e6:00:46:97:
         93:ba:ef:49:8d:b2:3b:a3:ac:5c:ae:68:ed:cd:45:51:05:7e:
         21:ad:18:ef:a5:15:99:41:63:8d:3a:e2:d2:0d:b8:ad:58:fb:
         7a:7d:d3:60:7f:dc:91:a3:40:e9:95:e8:47:70:fc:09:77:a7:
         f4:61:02:fe:eb:76:30:81:86:b4:ea:e6:63:30:25:6d:95:7d:
         cd:cf:78:5d:45:61:63:4b:a1:5c:93:f7:1f:59:2e:14:eb:c4:
         6e:7f:8f:9f:e5:8f:3a:13:f8:35:f0:62:fe:31:b4:67:d0:b3:
         43:23:48:d1:d2:a7:cc:42:61:fb:fe:91:96:d9:38:08:b0:a1:
         e2:46:d0:f6:b4:ef:25:b2:95:88:f2:df:c7:0e:6e:d5:f2:85:
         aa:d1:05:f8:d2:a3:ec:2f:91:53:75:ea:fd:a5:41:a6:99:8b:
         2d:34:7a:6b:82:be:0a:5c:a9:15:5d:35:dd:ac:5c:44:0a:b0:
         a7:48:12:8b:d6:47:ea:b4:6a:e6:91:1b:27:22:a0:d5:f2:68:
         97:d9:7a:d4:dc:ec:be:17:8b:db:0e:83:43:56:4f:7e:a5:aa:
         ba:07:4f:eb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1rsckh05+NFM0jPO2U8SeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjY1NzZlY2RhMjUyNDZkZjcwZDdhNzJlMWNmZmZhZDg4
OGVhM2IwHhcNMjQwMjAyMjEyMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODA4ZWE3NWNhZjNjNThkYTIxMDQ3NWZhZGJiMjE4MWJhZjg4MzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieOxyubWscy2MYOFCusYJm2P+S24
vO9WcSvEIplM2MWxcWF2df0ZRBicSgsnTTzDtRoOqRfnpXCrUS8vyLAlOr5paCc+
7uCFnnwB7yoXUcST2gROfZJc6r0Evi8V0kFzZpP7MpEzMCHNeK4PLtkEaRhJ/Rei
SDL9mm9d8j0JoyVStcHvwF5L/gmhKaroDPDQpOX+C2F+yuXvvSAUH7fOkNhZIU2L
NVXBNlM5yUq8AH2YNjmLaRvlmzkAcSBL40O+z9OftbgRBw79NZOnHlZld4dbIvzG
re/ujue90FEYjPgsNBzR0IAIdTLsVYzGfOqj6SVbwEcLBRouu3XEh2o0/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKgI6nXK88WNohBHX627IYG6+INAMB8GA1UdIwQY
MBaAFE+2V27NolJG33DXpy4c//rYiOo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdaWGJzMmlVa2JmY05lbkxoel8tdGlJNmpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi81MDFlYmYtNWZmZC00Y2RhLWE2NmQt
MDYyZDcwZTNhYTIzLzEvcUFqcWRjcnp4WTJpRUVkZnJic2hnYnI0ZzBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi81MDFlYmYtNWZmZC00Y2RhLWE2NmQtMDYyZDcwZTNhYTIz
LzEvVDdaWGJzMmlVa2JmY05lbkxoel8tdGlJNmpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGfA3M
AwcAIAEGfA3QMA0GCSqGSIb3DQEBCwUAA4IBAQBlAC/kUv6Rwufz7Ou2tyDLLi6i
mssSWlYqi0yt3TEljOYARpeTuu9JjbI7o6xcrmjtzUVRBX4hrRjvpRWZQWONOuLS
DbitWPt6fdNgf9yRo0DplehHcPwJd6f0YQL+63YwgYa06uZjMCVtlX3Nz3hdRWFj
S6Fck/cfWS4U68Ruf4+f5Y86E/g18GL+MbRn0LNDI0jR0qfMQmH7/pGW2TgIsKHi
RtD2tO8lspWI8t/HDm7V8oWq0QX40qPsL5FTder9pUGmmYstNHprgr4KXKkVXTXd
rFxECrCnSBKL1kfqtGrmkRsnIqDV8miX2XrU3Oy+F4vbDoNDVk9+paq6B0/r
-----END CERTIFICATE-----
Generated at Sat Nov 23 07:49:36 2024 by rpki-client on console-ams.rpki-client.org