Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/s6IgUTP3ECu7MSKGKCp6DDWVXVg.roa
File:                     s6IgUTP3ECu7MSKGKCp6DDWVXVg.roa (raw, json)
Hash identifier:          l1/AoZw5GxpCBTtKp/KnfoWM2+Q1bZ6TEMewYkLTDLM=
Subject key identifier:   B3:A2:20:51:33:F7:10:2B:BB:31:22:86:28:2A:7A:0C:35:95:5D:58
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FDAC00A35D848095EF671E47AE24E
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/s6IgUTP3ECu7MSKGKCp6DDWVXVg.roa
Signing time:             Tue 02 Jan 2024 04:30:22 +0000
ROA not before:           Tue 02 Jan 2024 04:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203083
IP address blocks:        2a03:5840:290::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:da:c0:0a:35:d8:48:09:5e:f6:71:e4:7a:e2:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3a2205133f7102bbb312286282a7a0c35955d58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:cf:6e:a9:c0:6d:98:a1:1c:f9:d8:07:0e:5e:
                    ee:09:8f:b2:2f:2d:64:c8:4f:b4:e2:5d:dd:cf:ea:
                    7d:8e:7f:00:21:f1:6d:60:28:c0:73:37:91:ce:e2:
                    06:17:a0:8c:dd:0a:bf:bf:ed:f4:37:20:1c:da:e2:
                    88:90:f1:13:5c:99:b0:b1:7f:96:48:d1:5d:e3:b6:
                    8a:b2:e7:ba:b9:68:7a:a5:55:cc:71:f1:ec:0f:56:
                    38:64:14:8e:b8:ac:13:5f:71:4f:38:1a:6f:9f:f9:
                    89:54:f9:07:0b:7d:eb:20:a5:e8:c0:5f:3a:42:e8:
                    76:7d:47:16:4c:cb:55:28:08:2d:8f:6e:d6:b1:91:
                    7b:f2:67:6b:3d:c0:b9:ee:cb:0c:84:7e:6c:b3:75:
                    bd:4b:f9:04:19:43:d8:c0:34:39:9e:b1:1a:e3:86:
                    ce:49:ba:8b:38:27:02:b3:f9:56:fe:c8:bf:bf:b5:
                    b0:c2:46:0d:2f:a9:07:3f:38:13:92:4e:98:6b:02:
                    1d:75:e4:d4:fb:ae:f5:d6:7d:61:00:1b:89:eb:5a:
                    67:ff:42:d7:d8:61:95:5e:39:66:e5:53:6b:57:45:
                    30:b5:9b:ff:88:d0:4f:c1:fb:1e:89:41:b2:ce:c6:
                    b9:70:8d:bd:4d:3a:e2:84:16:a4:1f:55:c6:ff:6a:
                    6f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:A2:20:51:33:F7:10:2B:BB:31:22:86:28:2A:7A:0C:35:95:5D:58
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/s6IgUTP3ECu7MSKGKCp6DDWVXVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:290::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:45:18:d7:6a:5a:5f:b5:03:25:03:25:8a:f1:ee:bb:60:80:
         0b:eb:59:82:02:8a:2c:9d:e5:bd:49:ce:80:09:ea:f5:97:f1:
         69:e9:57:87:60:a4:dd:ac:1d:a8:96:4f:ee:63:df:3f:16:ec:
         5f:eb:c4:35:a3:ce:be:9c:19:71:73:b1:7e:0c:d2:c5:60:73:
         e4:18:af:33:93:d6:8b:22:11:49:27:e7:cb:6b:ed:05:a8:7d:
         51:a5:e9:e1:ed:22:fc:08:5f:d2:aa:e5:6b:c9:bf:18:19:29:
         a4:64:6a:6d:b2:b7:d8:43:c7:c3:f6:7d:ea:ef:84:1e:b7:87:
         9a:37:18:5c:f6:a1:1d:28:51:8d:8a:2b:37:89:87:27:ce:8f:
         7a:b2:c2:49:e0:a8:8e:5b:38:35:06:d0:25:bf:44:64:03:9e:
         dd:b1:52:4c:72:13:32:9e:a8:62:0c:4f:8d:9a:aa:8d:72:2f:
         18:bb:41:61:3a:0f:49:48:81:1f:ee:5a:6a:e0:8a:b5:63:79:
         db:9d:ee:00:b2:ec:c6:f5:64:a8:40:0e:eb:45:a1:4c:9a:50:
         d5:d5:69:d9:ee:cd:2e:d2:ec:e9:82:7c:31:4d:90:c1:02:38:
         a4:9a:ef:81:16:d8:d2:14:a0:a6:06:c1:0d:dc:3b:7d:1f:3e:
         d9:e3:32:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9rACjXYSAle9nHkeuJOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2EyMjA1MTMzZjcxMDJiYmIzMTIyODYyODJhN2EwYzM1OTU1ZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6c9uqcBtmKEc+dgHDl7uCY+yLy1k
yE+04l3dz+p9jn8AIfFtYCjAczeRzuIGF6CM3Qq/v+30NyAc2uKIkPETXJmwsX+W
SNFd47aKsue6uWh6pVXMcfHsD1Y4ZBSOuKwTX3FPOBpvn/mJVPkHC33rIKXowF86
Quh2fUcWTMtVKAgtj27WsZF78mdrPcC57ssMhH5ss3W9S/kEGUPYwDQ5nrEa44bO
SbqLOCcCs/lW/si/v7WwwkYNL6kHPzgTkk6YawIddeTU+6711n1hABuJ61pn/0LX
2GGVXjlm5VNrV0UwtZv/iNBPwfseiUGyzsa5cI29TTrihBakH1XG/2pvBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLOiIFEz9xAruzEihigqegw1lV1YMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvczZJZ1VUUDNFQ3U3TVNLR0tDcDZERFdWWFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgNYQAKQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBcRRjXalpftQMlAyWK8e67YIAL61mCAoosneW9
Sc6ACer1l/Fp6VeHYKTdrB2olk/uY98/Fuxf68Q1o86+nBlxc7F+DNLFYHPkGK8z
k9aLIhFJJ+fLa+0FqH1Rpenh7SL8CF/SquVryb8YGSmkZGptsrfYQ8fD9n3q74Qe
t4eaNxhc9qEdKFGNiis3iYcnzo96ssJJ4KiOWzg1BtAlv0RkA57dsVJMchMynqhi
DE+NmqqNci8Yu0FhOg9JSIEf7lpq4Iq1Y3nbne4AsuzG9WSoQA7rRaFMmlDV1WnZ
7s0u0uzpgnwxTZDBAjikmu+BFtjSFKCmBsEN3Dt9Hz7Z4zKy
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:12:36 2024 by rpki-client on console-fra.rpki-client.org