Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/Jk3Oi2w57jd9sVdzA_ECByInxdA.roa
File:                     Jk3Oi2w57jd9sVdzA_ECByInxdA.roa (raw, json)
Hash identifier:          WceOPKX8btegh7uanX/p+QU3a96nlF+X+g67lLCWaGY=
Subject key identifier:   26:4D:CE:8B:6C:39:EE:37:7D:B1:57:73:03:F1:02:07:22:27:C5:D0
Certificate issuer:       /CN=40f75d327761b90c0899638f430eb614c87c3106
Certificate serial:       018CC349657709DE606805D5A9C6FAA6C22C
Authority key identifier: 40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/Jk3Oi2w57jd9sVdzA_ECByInxdA.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2001:678:2cc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:65:77:09:de:60:68:05:d5:a9:c6:fa:a6:c2:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40f75d327761b90c0899638f430eb614c87c3106
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=264dce8b6c39ee377db1577303f102072227c5d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b6:b6:79:fc:63:52:2d:43:30:4b:66:a1:8e:
                    b1:ca:e9:1e:49:09:8a:56:26:ad:e6:e6:a8:40:b6:
                    9e:b4:8c:ca:95:27:92:29:09:be:a4:fd:ba:82:cf:
                    e3:32:c2:31:f8:74:e6:fe:ae:94:91:db:e6:b4:4b:
                    78:57:c8:45:af:11:98:75:a8:fd:2c:45:71:8f:e0:
                    e9:b4:6f:02:e4:1f:44:e4:59:4f:8b:10:77:15:c2:
                    1a:34:69:23:ea:83:0e:10:f8:49:b6:f7:5d:51:d4:
                    96:26:9d:e5:27:cd:cf:32:0d:73:21:e4:f6:a2:20:
                    5c:6f:68:d9:38:bc:d2:af:3e:9f:06:3e:36:25:43:
                    3b:1b:d9:4a:10:a4:6a:5b:20:7b:8a:0d:37:39:da:
                    dd:e7:d7:09:55:54:74:ad:b4:4a:28:18:a2:c0:63:
                    09:de:24:7a:1e:44:75:9e:db:f1:d5:95:31:e9:d6:
                    1c:a2:37:7f:d4:79:2f:6d:d7:42:0b:da:a7:10:8c:
                    39:d6:17:b7:07:66:1d:94:e9:95:9d:e7:b2:4f:f1:
                    48:3d:3f:8c:6c:33:0a:36:fa:9f:87:e3:51:b7:a2:
                    62:ca:f9:b6:2a:49:b7:c4:39:d7:2b:35:e9:5f:e6:
                    0c:a4:aa:89:13:9e:0d:fb:f6:6f:3b:43:2c:df:50:
                    a4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:4D:CE:8B:6C:39:EE:37:7D:B1:57:73:03:F1:02:07:22:27:C5:D0
            X509v3 Authority Key Identifier:
                keyid:40:F7:5D:32:77:61:B9:0C:08:99:63:8F:43:0E:B6:14:C8:7C:31:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QPddMndhuQwImWOPQw62FMh8MQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/Jk3Oi2w57jd9sVdzA_ECByInxdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6e5f4c-2eae-48a0-8550-29ac45e2ecff/1/QPddMndhuQwImWOPQw62FMh8MQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:2cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:89:2c:da:26:dd:5c:32:47:4f:ea:29:37:77:31:52:f9:fb:
         d9:57:6c:a5:3d:7e:5d:99:c9:9f:f7:16:7d:c9:9d:73:0c:d9:
         76:01:16:fe:59:f2:38:26:39:d0:ab:10:86:8a:00:3d:4b:13:
         b6:8b:45:af:31:a3:02:2b:c0:8e:22:86:21:fe:3a:56:20:40:
         9f:ad:95:33:89:57:49:6e:f3:9b:31:54:11:d2:fa:7d:7d:cf:
         12:51:1d:44:5e:58:0a:05:c2:85:bd:c9:70:b7:19:7d:d3:e2:
         3e:9f:b8:76:8c:68:cb:cf:0a:43:39:67:a6:a9:56:06:c8:2e:
         38:29:e1:63:a0:2f:18:a8:2e:12:f8:14:2b:5d:63:31:07:b3:
         9f:cd:b8:13:93:62:9e:96:1b:da:23:4e:4a:67:f2:29:98:07:
         db:7c:f6:39:0c:b6:ce:57:fe:c2:1a:1a:fe:37:bd:0d:5e:65:
         8b:ae:20:0d:bb:cf:38:ff:61:db:ca:39:d8:76:5b:5f:d7:ad:
         f7:9b:e3:4a:dc:11:cb:20:24:a4:9c:f2:b9:37:c9:df:a8:c1:
         1c:38:8f:84:69:db:1e:5a:df:bf:24:11:78:3d:02:81:3b:d7:
         e1:9e:c6:c9:47:f3:ba:5d:43:4a:69:e5:fc:b8:1e:90:22:47:
         39:b2:2c:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSWV3Cd5gaAXVqcb6psIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZjc1ZDMyNzc2MWI5MGMwODk5NjM4ZjQzMGViNjE0Yzg3
YzMxMDYwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjRkY2U4YjZjMzllZTM3N2RiMTU3NzMwM2YxMDIwNzIyMjdjNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ba2efxjUi1DMEtmoY6xyukeSQmK
Viat5uaoQLaetIzKlSeSKQm+pP26gs/jMsIx+HTm/q6UkdvmtEt4V8hFrxGYdaj9
LEVxj+DptG8C5B9E5FlPixB3FcIaNGkj6oMOEPhJtvddUdSWJp3lJ83PMg1zIeT2
oiBcb2jZOLzSrz6fBj42JUM7G9lKEKRqWyB7ig03Odrd59cJVVR0rbRKKBiiwGMJ
3iR6HkR1ntvx1ZUx6dYcojd/1HkvbddCC9qnEIw51he3B2YdlOmVneeyT/FIPT+M
bDMKNvqfh+NRt6Jiyvm2Kkm3xDnXKzXpX+YMpKqJE54N+/ZvO0Ms31Ck/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCZNzotsOe43fbFXcwPxAgciJ8XQMB8GA1UdIwQY
MBaAFED3XTJ3YbkMCJljj0MOthTIfDEGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAt
MjlhYzQ1ZTJlY2ZmLzEvSmszT2kydzU3amQ5c1ZkekFfRUNCeUlueGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS82ZTVmNGMtMmVhZS00OGEwLTg1NTAtMjlhYzQ1ZTJlY2Zm
LzEvUVBkZE1uZGh1UXdJbVdPUFF3NjJGTWg4TVFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeALM
MA0GCSqGSIb3DQEBCwUAA4IBAQBYiSzaJt1cMkdP6ik3dzFS+fvZV2ylPX5dmcmf
9xZ9yZ1zDNl2ARb+WfI4JjnQqxCGigA9SxO2i0WvMaMCK8COIoYh/jpWIECfrZUz
iVdJbvObMVQR0vp9fc8SUR1EXlgKBcKFvclwtxl90+I+n7h2jGjLzwpDOWemqVYG
yC44KeFjoC8YqC4S+BQrXWMxB7OfzbgTk2KelhvaI05KZ/IpmAfbfPY5DLbOV/7C
Ghr+N70NXmWLriANu884/2HbyjnYdltf1633m+NK3BHLICSknPK5N8nfqMEcOI+E
adseWt+/JBF4PQKBO9fhnsbJR/O6XUNKaeX8uB6QIkc5sixs
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:15:59 2024 by rpki-client on console-ams.rpki-client.org