Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/QmXN46-Hyc8UZilqfO_910Sr1JQ.roa
File:                     QmXN46-Hyc8UZilqfO_910Sr1JQ.roa (raw, json)
Hash identifier:          pmNF1AQ/4XP1VHxNl4h7eUSHW3I+v/v6M/Q5S6SPnpc=
Subject key identifier:   42:65:CD:E3:AF:87:C9:CF:14:66:29:6A:7C:EF:FD:D7:44:AB:D4:94
Certificate issuer:       /CN=2b6d7e5191f81ff0a19f102b1718ab4f9e0ea3a0
Certificate serial:       018CC34935439120A47B80709C13AD674DCA
Authority key identifier: 2B:6D:7E:51:91:F8:1F:F0:A1:9F:10:2B:17:18:AB:4F:9E:0E:A3:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/QmXN46-Hyc8UZilqfO_910Sr1JQ.roa
Signing time:             Mon 01 Jan 2024 04:30:04 +0000
ROA not before:           Mon 01 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21416
IP address blocks:        2a0e:eac0:1106::/48 maxlen: 48
                          2a0e:eac0:1001::/48 maxlen: 48
                          2a0e:eac0:1104::/48 maxlen: 48
                          2a0e:eac0:1107::/48 maxlen: 48
                          2a0e:eac0:1112::/48 maxlen: 48
                          2a0e:eac0:1002::/48 maxlen: 48
                          2a0e:eac0:1115::/48 maxlen: 48
                          2a0e:eac0:1105::/48 maxlen: 48
                          2a0e:eac0:1108::/48 maxlen: 48
                          2a0e:eac0:1000::/48 maxlen: 48
                          2a0e:eac0:1113::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:35:43:91:20:a4:7b:80:70:9c:13:ad:67:4d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b6d7e5191f81ff0a19f102b1718ab4f9e0ea3a0
        Validity
            Not Before: Jan  1 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4265cde3af87c9cf1466296a7ceffdd744abd494
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:57:92:35:02:f0:a3:d1:97:2e:28:26:2a:8a:
                    d4:a3:c1:35:3e:1f:e7:ed:99:a5:b9:a7:3e:25:ca:
                    98:c9:d0:84:20:51:38:8a:bb:d1:00:f4:59:e0:7e:
                    05:43:70:78:3b:16:8e:3e:d2:bf:83:41:73:7d:ff:
                    41:d7:6f:ef:06:b4:2b:df:9e:38:45:3f:e3:ce:5e:
                    9a:f5:29:31:34:6b:8d:b6:ff:9c:c7:3c:d0:f6:e3:
                    c4:25:08:9f:63:c5:0e:70:86:47:90:82:9b:7c:b5:
                    f1:c7:6a:39:63:03:28:3d:86:8d:45:77:c6:c6:00:
                    a8:59:ac:f8:67:9a:30:12:0e:15:43:d5:77:0b:95:
                    b8:03:04:e3:1c:79:84:a2:09:18:8e:8f:ae:7f:de:
                    88:91:be:df:9a:27:a2:da:e0:44:36:0b:ff:f5:ad:
                    f9:20:38:02:5c:a5:9a:40:d2:f6:aa:7c:91:ff:9b:
                    97:37:1c:12:76:22:88:e4:ce:68:aa:74:cf:95:a7:
                    d1:0a:89:b3:a4:d1:c1:b9:80:1a:77:10:70:32:8c:
                    52:08:3c:01:02:e8:19:cd:fc:00:bb:c6:63:65:12:
                    e0:ec:40:d8:6e:ae:c1:fe:42:45:5e:ed:da:cc:d5:
                    1b:59:5c:b2:2d:d2:f4:24:ac:a6:94:4b:a8:ac:93:
                    f6:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:65:CD:E3:AF:87:C9:CF:14:66:29:6A:7C:EF:FD:D7:44:AB:D4:94
            X509v3 Authority Key Identifier:
                keyid:2B:6D:7E:51:91:F8:1F:F0:A1:9F:10:2B:17:18:AB:4F:9E:0E:A3:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/QmXN46-Hyc8UZilqfO_910Sr1JQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:eac0:1000::-2a0e:eac0:1002:ffff:ffff:ffff:ffff:ffff
                  2a0e:eac0:1104::-2a0e:eac0:1108:ffff:ffff:ffff:ffff:ffff
                  2a0e:eac0:1112::/47
                  2a0e:eac0:1115::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:3e:03:f8:8a:6c:7f:73:f5:33:7b:39:be:c3:78:20:ad:83:
         d2:6d:32:e7:cc:84:90:3d:ed:7c:4a:d6:9d:13:cc:7e:04:f6:
         88:d4:7c:70:f7:f6:42:12:da:61:cf:64:84:9b:ad:c4:e3:75:
         e5:57:a5:bb:d7:c8:a3:e6:e4:3f:da:d6:be:2a:75:d7:1e:b4:
         9a:01:09:83:c3:2a:3e:90:4d:44:b5:c1:f0:23:ad:8c:a6:6a:
         e6:d2:28:d6:d6:ee:d0:c1:0d:72:78:ec:82:38:77:87:38:42:
         00:5f:ed:7b:9e:30:d2:cf:fc:14:07:8b:bd:65:7b:4b:9c:03:
         ae:9d:d6:0d:1d:dd:30:97:a0:25:05:e3:2a:85:d9:2a:b1:65:
         e4:01:88:af:d0:a3:67:21:8a:c6:a9:b2:be:72:09:6e:4b:e7:
         4b:b9:b5:6a:41:13:b1:b3:28:55:f0:a2:5c:e4:ba:05:f7:3a:
         f9:c5:93:2c:89:6f:52:15:78:98:d0:6f:26:b8:81:8a:3a:8b:
         d8:fd:ae:25:9a:d8:c0:58:3c:83:b0:a2:94:9a:28:40:a1:9e:
         55:b3:df:e8:24:54:6f:64:c7:03:93:f6:b0:2c:b1:c5:80:90:
         6d:ab:da:0c:b7:60:25:33:9f:dc:ca:ea:4b:7f:17:f7:3a:3b:
         85:c8:2d:9f
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzDSTVDkSCke4BwnBOtZ03KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNmQ3ZTUxOTFmODFmZjBhMTlmMTAyYjE3MThhYjRmOWUw
ZWEzYTAwHhcNMjQwMTAxMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY1Y2RlM2FmODdjOWNmMTQ2NjI5NmE3Y2VmZmRkNzQ0YWJkNDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgleSNQLwo9GXLigmKorUo8E1Ph/n
7Zmluac+JcqYydCEIFE4irvRAPRZ4H4FQ3B4OxaOPtK/g0Fzff9B12/vBrQr3544
RT/jzl6a9SkxNGuNtv+cxzzQ9uPEJQifY8UOcIZHkIKbfLXxx2o5YwMoPYaNRXfG
xgCoWaz4Z5owEg4VQ9V3C5W4AwTjHHmEogkYjo+uf96Ikb7fmiei2uBENgv/9a35
IDgCXKWaQNL2qnyR/5uXNxwSdiKI5M5oqnTPlafRComzpNHBuYAadxBwMoxSCDwB
AugZzfwAu8ZjZRLg7EDYbq7B/kJFXu3azNUbWVyyLdL0JKymlEuorJP2wwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFEJlzeOvh8nPFGYpanzv/ddEq9SUMB8GA1UdIwQY
MBaAFCttflGR+B/woZ8QKxcYq0+eDqOgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzIxLVVaSDRIX0NobnhBckZ4aXJUNTRPbzZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hYjMxNTYtYjA2MS00OWZjLWIxZjAt
MDBjYTMxMjZiM2ZlLzEvUW1YTjQ2LUh5YzhVWmlscWZPXzkxMFNyMUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hYjMxNTYtYjA2MS00OWZjLWIxZjAtMDBjYTMxMjZiM2Zl
LzEvSzIxLVVaSDRIX0NobnhBckZ4aXJUNTRPbzZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTA/BAIAAjA5MBEDBgQqDurA
EAMHACoO6sAQAjASAwcCKg7qwBEEAwcAKg7qwBEIAwcBKg7qwBESAwcAKg7qwBEV
MA0GCSqGSIb3DQEBCwUAA4IBAQAIPgP4imx/c/Uzezm+w3ggrYPSbTLnzISQPe18
StadE8x+BPaI1Hxw9/ZCEtphz2SEm63E43XlV6W718ij5uQ/2ta+KnXXHrSaAQmD
wyo+kE1EtcHwI62Mpmrm0ijW1u7QwQ1yeOyCOHeHOEIAX+17njDSz/wUB4u9ZXtL
nAOundYNHd0wl6AlBeMqhdkqsWXkAYiv0KNnIYrGqbK+cgluS+dLubVqQROxsyhV
8KJc5LoF9zr5xZMsiW9SFXiY0G8muIGKOovY/a4lmtjAWDyDsKKUmihAoZ5Vs9/o
JFRvZMcDk/awLLHFgJBtq9oMt2AlM5/cyupLfxf3OjuFyC2f
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:43:34 2024 by rpki-client on console-ams.rpki-client.org