Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/CB41sOkpNDCcpoYVbTjI0Hl6Cug.roa
File:                     CB41sOkpNDCcpoYVbTjI0Hl6Cug.roa (raw, json)
Hash identifier:          6BiCh5CzND467RshahM/SfPsX1fWbLKGCFumUEjJmGI=
Subject key identifier:   08:1E:35:B0:E9:29:34:30:9C:A6:86:15:6D:38:C8:D0:79:7A:0A:E8
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018F9B7EBA607A27D0E759DCA2E6599097D8
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/CB41sOkpNDCcpoYVbTjI0Hl6Cug.roa
Signing time:             Tue 21 May 2024 14:12:04 +0000
ROA not before:           Tue 21 May 2024 14:12:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214855
IP address blocks:        2a03:5840:119::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9b:7e:ba:60:7a:27:d0:e7:59:dc:a2:e6:59:90:97:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: May 21 14:12:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=081e35b0e92934309ca686156d38c8d0797a0ae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:eb:9e:a5:b4:2b:75:d3:bd:cd:66:85:d1:b7:
                    8b:de:1d:26:25:e3:10:45:c1:cb:e7:3c:fc:29:de:
                    00:38:48:da:40:b7:34:63:e4:ca:21:69:7d:2e:41:
                    c7:4f:b1:21:e2:69:fe:6f:f7:33:02:72:84:f2:6e:
                    ca:b9:70:be:53:05:37:0c:cd:13:94:53:d9:05:01:
                    05:93:c2:34:a8:11:70:c5:34:23:1c:9d:53:4e:7c:
                    53:d2:51:7b:4b:83:48:a8:53:f6:b8:97:e9:bb:9b:
                    b0:38:10:2c:e4:5e:d7:eb:47:32:0a:74:69:b9:db:
                    4b:d8:10:5b:fd:f6:39:a9:b3:91:cc:8a:db:ea:e6:
                    f7:a4:56:be:4c:97:91:f5:ee:0a:fc:c9:6a:25:d3:
                    c5:22:e4:76:21:09:1c:dc:d3:01:02:df:e1:87:81:
                    3b:ff:64:08:ee:69:0c:42:86:51:b3:37:ce:db:19:
                    65:43:d4:5d:ee:ce:23:2f:ae:1a:32:f7:96:d4:b8:
                    e7:eb:2c:d0:78:3d:05:bf:39:40:92:ca:2a:fe:3e:
                    61:79:53:b8:d1:15:8d:ec:be:69:91:63:ee:e6:84:
                    c3:7d:89:1d:da:2e:14:f3:7c:2f:b9:e9:c5:b6:c3:
                    7b:4f:5a:cf:bb:dc:ce:96:ac:7f:22:35:28:74:22:
                    73:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:1E:35:B0:E9:29:34:30:9C:A6:86:15:6D:38:C8:D0:79:7A:0A:E8
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/CB41sOkpNDCcpoYVbTjI0Hl6Cug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:119::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:b5:71:59:0b:f6:8c:a1:20:fe:1b:0d:3c:4d:7d:e9:e8:b1:
         fb:08:83:4d:00:b7:a7:ca:4e:86:91:54:e2:bf:6a:46:ff:72:
         2a:5c:f0:b0:c2:bb:77:e8:46:07:5e:8d:9b:ac:e2:27:05:6f:
         52:9d:03:06:0b:4c:e6:0e:7c:87:ea:de:9c:bd:02:d3:9c:fb:
         fd:cd:83:76:9e:40:6c:67:10:52:76:dd:bd:13:d5:93:4b:ea:
         fa:cc:e8:05:94:fe:08:5f:31:43:ea:70:7e:52:86:54:67:2e:
         9e:17:57:b1:7c:55:74:f4:5d:fd:ad:61:1c:39:d9:0a:a7:bc:
         f4:2d:0d:19:ff:ce:66:6e:83:ba:be:e3:5c:69:82:7c:26:36:
         67:b4:25:d6:e4:74:dc:97:78:44:fd:3f:2b:b9:8a:2c:45:cd:
         dc:09:64:2d:c8:8a:bc:60:14:70:7b:13:22:c6:e8:8f:64:af:
         0c:74:bc:bd:de:5b:47:ab:27:9a:b0:12:eb:09:21:38:3b:b9:
         94:02:0b:98:d8:d7:f2:65:f4:2e:2e:2a:b1:1b:b7:db:ec:b5:
         50:a2:95:f9:77:37:b1:d7:ee:48:08:1a:7e:e7:4d:c2:47:20:
         4c:62:79:bb:96:62:e8:f5:cf:eb:fb:49:5f:1d:4b:8e:e1:3d:
         32:28:e3:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+bfrpgeifQ51ncouZZkJfYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwNTIxMTQxMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODFlMzViMGU5MjkzNDMwOWNhNjg2MTU2ZDM4YzhkMDc5N2EwYWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeuepbQrddO9zWaF0beL3h0mJeMQ
RcHL5zz8Kd4AOEjaQLc0Y+TKIWl9LkHHT7Eh4mn+b/czAnKE8m7KuXC+UwU3DM0T
lFPZBQEFk8I0qBFwxTQjHJ1TTnxT0lF7S4NIqFP2uJfpu5uwOBAs5F7X60cyCnRp
udtL2BBb/fY5qbORzIrb6ub3pFa+TJeR9e4K/MlqJdPFIuR2IQkc3NMBAt/hh4E7
/2QI7mkMQoZRszfO2xllQ9Rd7s4jL64aMveW1Ljn6yzQeD0FvzlAksoq/j5heVO4
0RWN7L5pkWPu5oTDfYkd2i4U83wvuenFtsN7T1rPu9zOlqx/IjUodCJzxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAgeNbDpKTQwnKaGFW04yNB5egroMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvQ0I0MXNPa3BORENjcG9ZVmJUakkwSGw2Q3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEZ
MA0GCSqGSIb3DQEBCwUAA4IBAQBttXFZC/aMoSD+Gw08TX3p6LH7CINNALenyk6G
kVTiv2pG/3IqXPCwwrt36EYHXo2brOInBW9SnQMGC0zmDnyH6t6cvQLTnPv9zYN2
nkBsZxBSdt29E9WTS+r6zOgFlP4IXzFD6nB+UoZUZy6eF1exfFV09F39rWEcOdkK
p7z0LQ0Z/85mboO6vuNcaYJ8JjZntCXW5HTcl3hE/T8ruYosRc3cCWQtyIq8YBRw
exMixuiPZK8MdLy93ltHqyeasBLrCSE4O7mUAguY2NfyZfQuLiqxG7fb7LVQopX5
dzex1+5ICBp+503CRyBMYnm7lmLo9c/r+0lfHUuO4T0yKOMB
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:11:42 2024 by rpki-client on console-ams.rpki-client.org