Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/yxctpn59utzR83tICEC94HMV8J4.roa
File:                     yxctpn59utzR83tICEC94HMV8J4.roa (raw, json)
Hash identifier:          4gXd1AfAOzvV1bmDXuLD1C7C8U8i8Y1urU++51+btog=
Subject key identifier:   CB:17:2D:A6:7E:7D:BA:DC:D1:F3:7B:48:08:40:BD:E0:73:15:F0:9E
Certificate issuer:       /CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Certificate serial:       018CC79537CAA9759E56312758BDD2C4382A
Authority key identifier: 4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/yxctpn59utzR83tICEC94HMV8J4.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203629
IP address blocks:        2a13:3306::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:37:ca:a9:75:9e:56:31:27:58:bd:d2:c4:38:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb172da67e7dbadcd1f37b480840bde07315f09e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6d:07:e0:09:65:a0:23:f2:0d:18:2d:bd:60:
                    96:08:ac:62:42:57:d4:e1:7c:77:5f:11:4d:24:30:
                    a7:1a:b3:20:19:b1:8c:a6:89:be:d2:d5:15:df:47:
                    dd:0f:9a:37:5b:2d:dc:1c:bd:d5:d7:eb:9d:cd:17:
                    5a:94:15:35:b5:08:bb:56:26:c1:ce:b9:6b:66:74:
                    2b:1a:0f:1e:9e:84:b0:9b:c7:d6:75:ee:56:30:f4:
                    6f:ac:19:5b:37:de:da:7b:48:7a:eb:30:94:84:91:
                    31:33:e6:2c:cb:51:5f:5f:aa:a9:26:b6:09:cf:3a:
                    0f:08:48:c4:82:75:07:1a:92:4c:28:6a:47:a3:e0:
                    83:e8:80:58:1a:c6:e1:95:17:28:32:3d:a8:34:4e:
                    4b:d0:e5:a7:90:21:55:c2:1a:ea:ad:58:3f:6d:94:
                    7a:6c:a4:95:a3:e1:9f:88:72:53:0b:0c:9e:7e:5d:
                    de:5e:e0:41:b9:c0:d9:2b:67:0b:a5:75:af:d4:bb:
                    46:89:3a:ae:10:12:db:f1:38:96:54:d1:88:7f:99:
                    0b:73:d1:e1:79:9c:78:ee:22:2b:cf:87:c8:20:51:
                    43:02:bc:4c:96:5b:39:f7:16:aa:6d:e4:d0:a1:68:
                    f3:cb:4b:62:3a:47:ab:4c:f3:27:97:e4:90:58:ab:
                    00:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:17:2D:A6:7E:7D:BA:DC:D1:F3:7B:48:08:40:BD:E0:73:15:F0:9E
            X509v3 Authority Key Identifier:
                keyid:4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/yxctpn59utzR83tICEC94HMV8J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3306::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:66:99:35:08:71:84:37:21:c7:7a:eb:dd:b2:25:63:44:71:
         2b:3c:6d:42:8e:d1:7d:29:bf:6b:e9:81:dc:68:22:31:60:ab:
         02:fd:2c:ed:a4:a6:eb:be:50:24:f5:7f:65:cd:5e:0c:39:3a:
         8a:92:c8:1d:3b:65:cb:44:ba:60:80:7c:ef:49:6a:7a:e0:4d:
         35:0b:b4:48:9b:35:5e:db:b4:2b:d6:c0:81:27:15:c0:84:69:
         aa:6b:35:72:f6:fd:75:39:9e:29:e0:55:a5:7f:01:51:6a:24:
         94:dc:4a:de:e5:f8:7c:f9:fc:05:fa:9b:57:20:d0:3c:55:d6:
         cb:ea:7b:2b:37:aa:3b:09:54:92:af:a7:d8:b0:83:89:ca:00:
         de:e5:dd:c5:2b:81:d7:b2:24:49:42:90:f4:6f:63:8b:04:7c:
         11:8d:8a:f0:58:ea:15:ee:31:32:79:ab:3e:58:74:cc:0d:16:
         7e:7b:f6:d0:f2:5c:14:80:f3:c5:cf:34:c6:72:01:24:63:69:
         03:a0:f1:b5:63:7f:fe:21:bc:09:15:7f:24:e5:21:4d:65:82:
         7e:bf:8d:e8:ad:60:85:64:9f:15:37:1c:7d:97:c5:de:35:cc:
         e8:f1:0e:ec:31:10:cc:77:21:d3:6f:fc:30:0d:26:ca:4b:24:
         00:7a:b2:0f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlTfKqXWeVjEnWL3SxDgqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTFiYmJlNTQwMDc5ZDJiN2YyNzBiOTJjZWFmM2IyYTgx
NmU4ZmEwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjE3MmRhNjdlN2RiYWRjZDFmMzdiNDgwODQwYmRlMDczMTVmMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApW0H4AlloCPyDRgtvWCWCKxiQlfU
4Xx3XxFNJDCnGrMgGbGMpom+0tUV30fdD5o3Wy3cHL3V1+udzRdalBU1tQi7VibB
zrlrZnQrGg8enoSwm8fWde5WMPRvrBlbN97ae0h66zCUhJExM+Ysy1FfX6qpJrYJ
zzoPCEjEgnUHGpJMKGpHo+CD6IBYGsbhlRcoMj2oNE5L0OWnkCFVwhrqrVg/bZR6
bKSVo+GfiHJTCwyefl3eXuBBucDZK2cLpXWv1LtGiTquEBLb8TiWVNGIf5kLc9Hh
eZx47iIrz4fIIFFDArxMlls59xaqbeTQoWjzy0tiOkerTPMnl+SQWKsAdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMsXLaZ+fbrc0fN7SAhAveBzFfCeMB8GA1UdIwQY
MBaAFEvhu75UAHnSt/JwuSzq87KoFuj6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMt
MWVmMWNlZTY2MWNhLzEveXhjdHBuNTl1dHpSODN0SUNFQzk0SE1WOEo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMtMWVmMWNlZTY2MWNh
LzEvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhMzBjAN
BgkqhkiG9w0BAQsFAAOCAQEAV2aZNQhxhDchx3rr3bIlY0RxKzxtQo7RfSm/a+mB
3GgiMWCrAv0s7aSm675QJPV/Zc1eDDk6ipLIHTtly0S6YIB870lqeuBNNQu0SJs1
Xtu0K9bAgScVwIRpqms1cvb9dTmeKeBVpX8BUWoklNxK3uX4fPn8BfqbVyDQPFXW
y+p7KzeqOwlUkq+n2LCDicoA3uXdxSuB17IkSUKQ9G9jiwR8EY2K8FjqFe4xMnmr
Plh0zA0Wfnv20PJcFIDzxc80xnIBJGNpA6DxtWN//iG8CRV/JOUhTWWCfr+N6K1g
hWSfFTccfZfF3jXM6PEO7DEQzHch02/8MA0mykskAHqyDw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:23:10 2024 by rpki-client on console-fra.rpki-client.org