Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/XD4B82g56UEpTSfAO6GK_DcHVtY.roa
File:                     XD4B82g56UEpTSfAO6GK_DcHVtY.roa (raw, json)
Hash identifier:          wrnSByXk8QYqZZ91JN4XrMR5oHynWHyyc1rryMSoDv0=
Subject key identifier:   5C:3E:01:F3:68:39:E9:41:29:4D:27:C0:3B:A1:8A:FC:37:07:56:D6
Certificate issuer:       /CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
Certificate serial:       01916C8B6DED698E2DB86D7657E70010A5EA
Authority key identifier: C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/XD4B82g56UEpTSfAO6GK_DcHVtY.roa
Signing time:             Mon 19 Aug 2024 21:29:22 +0000
ROA not before:           Mon 19 Aug 2024 21:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30788
IP address blocks:        2a11:4040::/29 maxlen: 29
                          2a11:6540::/29 maxlen: 29
                          2a11:6580::/29 maxlen: 29
                          2a11:6d00::/29 maxlen: 29
                          2a11:84c0::/29 maxlen: 29
                          2a11:9f40::/29 maxlen: 29
                          2a11:a180::/29 maxlen: 29
                          2a12:2040::/29 maxlen: 29
                          2a12:2fc0::/29 maxlen: 29
                          2a12:38c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6c:8b:6d:ed:69:8e:2d:b8:6d:76:57:e7:00:10:a5:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
        Validity
            Not Before: Aug 19 21:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c3e01f36839e941294d27c03ba18afc370756d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:05:ed:ca:34:6c:3a:cf:c0:f5:e2:1e:eb:97:
                    c7:e7:5e:32:16:4c:f8:53:a5:c3:68:60:11:70:96:
                    13:ad:69:ae:81:c8:79:cf:54:15:73:e1:f4:59:42:
                    98:47:82:d6:2c:09:5e:ea:58:d9:05:84:c7:48:75:
                    a8:77:56:b9:28:2a:74:c0:d0:44:ed:dc:89:d5:b6:
                    39:0e:28:f9:e9:6f:57:5a:5f:d2:d1:59:9e:9c:40:
                    48:1a:59:c7:ba:c4:54:b5:87:46:e7:6a:11:16:7e:
                    fb:37:fe:78:f9:06:e3:b3:f5:fd:27:b9:e2:84:ad:
                    02:35:5f:4c:f8:89:dd:d3:2b:c3:2e:f9:75:68:36:
                    1e:3f:b8:d8:4e:e2:78:d0:74:fc:11:5e:2b:7d:8b:
                    b3:21:58:f7:99:85:e7:20:8d:8f:35:f7:5e:a4:e5:
                    bb:9f:44:35:14:cc:e9:98:6e:b0:d1:5c:88:b3:b2:
                    cc:7c:9c:24:49:c5:55:21:19:a6:7e:63:4e:5d:45:
                    13:bf:34:17:cf:70:20:03:04:3a:a6:77:f8:c7:56:
                    22:20:55:d1:1d:26:79:d5:b4:f0:af:8b:47:b1:66:
                    70:81:6b:d0:bc:fc:33:9c:d9:47:21:80:a6:bd:9f:
                    72:f0:81:28:d2:ad:26:a0:e1:6a:0d:e2:46:7e:6e:
                    7a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:3E:01:F3:68:39:E9:41:29:4D:27:C0:3B:A1:8A:FC:37:07:56:D6
            X509v3 Authority Key Identifier:
                keyid:C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/XD4B82g56UEpTSfAO6GK_DcHVtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4040::/29
                  2a11:6540::/29
                  2a11:6580::/29
                  2a11:6d00::/29
                  2a11:84c0::/29
                  2a11:9f40::/29
                  2a11:a180::/29
                  2a12:2040::/29
                  2a12:2fc0::/29
                  2a12:38c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:90:7e:4c:21:9c:61:f7:45:a2:06:bc:e6:61:28:f8:53:6d:
         ea:d8:6c:97:3b:d1:59:66:fb:ee:b3:27:9d:93:e5:6d:87:be:
         e1:b0:a1:27:af:6f:b6:bf:7f:33:c8:ef:9c:16:84:f3:a1:da:
         5a:3a:07:fc:cb:4f:25:0f:71:aa:61:d6:cc:a7:c7:bf:6e:7d:
         36:7b:a2:df:b8:75:71:85:a1:6f:6e:a1:6c:77:16:31:d0:59:
         80:8a:5b:76:b3:9f:de:05:ba:03:82:e1:4e:f5:93:e8:60:8a:
         42:01:cb:55:9f:9b:85:64:d6:e9:58:6d:1a:e4:ad:84:56:8a:
         ca:94:31:62:0f:14:6c:5c:3c:eb:85:f8:fb:56:a4:c4:c0:97:
         f8:1c:48:ed:ea:ed:b1:71:e7:0c:df:91:68:ed:90:f2:a3:5d:
         47:de:40:66:fd:c4:8a:92:4d:93:11:64:6b:65:b5:89:81:fd:
         fb:0d:65:7e:57:be:82:e5:97:bb:0b:cb:66:ea:cc:6b:fd:60:
         05:a1:32:0d:ed:83:aa:3b:2d:6d:4f:cd:3a:00:96:61:f3:5a:
         50:b5:ab:0f:8a:3e:14:7a:eb:55:54:78:69:40:4e:a0:da:5d:
         b7:28:7d:c1:c0:39:83:0c:7f:af:35:9d:82:5c:cc:15:e4:7a:
         f5:66:7a:1e
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZFsi23taY4tuG12V+cAEKXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYWJkY2M0OWY3ZDkwMzNiNTI5MDQ2NzlmM2M5Yjc4M2Q4
YzEzNTgwHhcNMjQwODE5MjEyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNlMDFmMzY4MzllOTQxMjk0ZDI3YzAzYmExOGFmYzM3MDc1NmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwXtyjRsOs/A9eIe65fH514yFkz4
U6XDaGARcJYTrWmugch5z1QVc+H0WUKYR4LWLAle6ljZBYTHSHWod1a5KCp0wNBE
7dyJ1bY5Dij56W9XWl/S0VmenEBIGlnHusRUtYdG52oRFn77N/54+Qbjs/X9J7ni
hK0CNV9M+Ind0yvDLvl1aDYeP7jYTuJ40HT8EV4rfYuzIVj3mYXnII2PNfdepOW7
n0Q1FMzpmG6w0VyIs7LMfJwkScVVIRmmfmNOXUUTvzQXz3AgAwQ6pnf4x1YiIFXR
HSZ51bTwr4tHsWZwgWvQvPwznNlHIYCmvZ9y8IEo0q0moOFqDeJGfm56owIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFFw+AfNoOelBKU0nwDuhivw3B1bWMB8GA1UdIwQY
MBaAFMOr3MSffZAztSkEZ588m3g9jBNYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAt
NGQ5MTI3ZmJhM2FkLzEvWEQ0QjgyZzU2VUVwVFNmQU82R0tfRGNIVnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAtNGQ5MTI3ZmJhM2Fk
LzEvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKhFAQAMF
AyoRZUADBQMqEWWAAwUDKhFtAAMFAyoRhMADBQMqEZ9AAwUDKhGhgAMFAyoSIEAD
BQMqEi/AAwUDKhI4wDANBgkqhkiG9w0BAQsFAAOCAQEAdZB+TCGcYfdFoga85mEo
+FNt6thslzvRWWb77rMnnZPlbYe+4bChJ69vtr9/M8jvnBaE86HaWjoH/MtPJQ9x
qmHWzKfHv259Nnui37h1cYWhb26hbHcWMdBZgIpbdrOf3gW6A4LhTvWT6GCKQgHL
VZ+bhWTW6VhtGuSthFaKypQxYg8UbFw864X4+1akxMCX+BxI7ertsXHnDN+RaO2Q
8qNdR95AZv3EipJNkxFka2W1iYH9+w1lfle+guWXuwvLZurMa/1gBaEyDe2Dqjst
bU/NOgCWYfNaULWrD4o+FHrrVVR4aUBOoNpdtyh9wcA5gwx/rzWdglzMFeR69WZ6
Hg==
-----END CERTIFICATE-----
Generated at Tue Nov 26 15:38:04 2024 by rpki-client on console-fra.rpki-client.org