Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4pgftFbwFRfzCh5j5B1YN8qPKB4.roa
File:                     4pgftFbwFRfzCh5j5B1YN8qPKB4.roa (raw, json)
Hash identifier:          AcolQjdZHpyLp17jT2MVg4lR8eW91PNOf3zqsEi0SW0=
Subject key identifier:   E2:98:1F:B4:56:F0:15:17:F3:0A:1E:63:E4:1D:58:37:CA:8F:28:1E
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D2A1B1BE1E6810E2CD94C377FB6F8
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4pgftFbwFRfzCh5j5B1YN8qPKB4.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198304
IP address blocks:        2a0e:aa07:e0b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2a:1b:1b:e1:e6:81:0e:2c:d9:4c:37:7f:b6:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2981fb456f01517f30a1e63e41d5837ca8f281e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:17:ca:28:68:4a:e6:46:96:e0:4a:53:db:71:
                    b0:92:cd:30:94:fa:81:bc:ae:9b:26:38:28:df:c9:
                    b6:1f:96:1f:89:ef:f1:ec:99:e8:bc:03:0c:55:15:
                    3b:c0:03:de:e6:06:84:b8:f8:fa:2d:d7:91:68:92:
                    68:9d:6a:5f:86:6f:ff:32:a8:bf:02:2b:d9:aa:fb:
                    ab:fe:67:a9:53:08:8b:59:53:45:93:64:e5:59:ac:
                    44:c9:a3:a3:a9:91:6c:d2:0e:19:fd:da:b7:4c:93:
                    21:40:ae:5c:a0:63:aa:ee:a4:bf:76:43:82:86:db:
                    3f:18:e7:51:0f:5b:e1:9a:89:e3:43:cd:42:11:62:
                    3a:ea:08:33:06:83:a5:79:23:49:82:b8:25:39:48:
                    14:e0:7d:6d:8d:8c:2e:63:68:8e:15:47:9c:c6:a5:
                    a3:ab:2d:aa:cc:08:8c:1a:d6:44:50:8a:d8:7a:9b:
                    0e:c1:df:ec:89:a4:04:d7:0c:62:11:f2:07:98:a0:
                    71:ce:c2:66:01:af:e4:b9:85:38:3f:71:11:2c:c9:
                    1f:f1:1c:17:85:44:74:6d:bf:b5:1a:47:5a:be:78:
                    c6:ca:d6:c6:8b:49:f7:46:4a:12:f6:43:20:86:a2:
                    4a:40:3e:81:26:c3:d1:e5:01:f6:9e:7f:6d:a9:b6:
                    a5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:98:1F:B4:56:F0:15:17:F3:0A:1E:63:E4:1D:58:37:CA:8F:28:1E
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/4pgftFbwFRfzCh5j5B1YN8qPKB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e0b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         72:10:02:e2:ad:de:d7:43:a5:e4:fa:f1:98:20:e4:84:36:d4:
         26:b7:8b:f9:bc:21:0f:59:2a:1c:05:3a:9c:f0:fe:6a:99:92:
         ee:e8:c1:6b:46:c3:cc:41:d5:35:76:1b:b2:25:9f:b4:f5:af:
         74:f8:df:3a:42:54:90:da:3d:88:11:bc:4c:fa:64:ad:a5:5c:
         66:39:01:50:b0:36:2f:b7:f9:35:bd:c4:11:92:35:54:1e:60:
         95:aa:ff:0a:bc:26:44:58:88:2d:04:e4:2f:03:82:7c:cf:9c:
         b7:18:c0:df:07:be:95:ce:38:41:ea:7b:4d:68:8a:2e:ec:26:
         b1:e7:77:a8:f7:17:0d:31:fc:2b:56:32:7b:b2:45:68:58:56:
         d1:5f:c2:d6:50:82:e7:10:d2:b5:6a:ca:d1:65:0a:da:51:0d:
         e8:e7:1c:0e:f9:de:3b:49:d0:c7:2d:0b:34:b1:7b:24:f2:48:
         e5:f8:46:a4:aa:41:c5:c1:65:58:6b:59:e2:f6:5c:a8:4b:82:
         d2:1a:72:1d:d3:bd:54:92:64:9c:0c:69:16:7c:b2:8c:1f:c8:
         8b:ca:b4:99:f0:41:bf:d6:12:f5:51:90:c9:a4:df:ad:99:4b:
         99:41:48:dd:c2:41:c9:a2:73:72:21:cf:52:8f:c3:8a:85:34:
         f7:fa:03:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSobG+HmgQ4s2Uw3f7b4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjk4MWZiNDU2ZjAxNTE3ZjMwYTFlNjNlNDFkNTgzN2NhOGYyODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixfKKGhK5kaW4EpT23Gwks0wlPqB
vK6bJjgo38m2H5Yfie/x7JnovAMMVRU7wAPe5gaEuPj6LdeRaJJonWpfhm//Mqi/
AivZqvur/mepUwiLWVNFk2TlWaxEyaOjqZFs0g4Z/dq3TJMhQK5coGOq7qS/dkOC
hts/GOdRD1vhmonjQ81CEWI66ggzBoOleSNJgrglOUgU4H1tjYwuY2iOFUecxqWj
qy2qzAiMGtZEUIrYepsOwd/siaQE1wxiEfIHmKBxzsJmAa/kuYU4P3ERLMkf8RwX
hUR0bb+1GkdavnjGytbGi0n3RkoS9kMghqJKQD6BJsPR5QH2nn9tqbalHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOKYH7RW8BUX8woeY+QdWDfKjygeMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvNHBnZnRGYndGUmZ6Q2g1ajVCMVlOOHFQS0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Cw
MA0GCSqGSIb3DQEBCwUAA4IBAQByEALird7XQ6Xk+vGYIOSENtQmt4v5vCEPWSoc
BTqc8P5qmZLu6MFrRsPMQdU1dhuyJZ+09a90+N86QlSQ2j2IEbxM+mStpVxmOQFQ
sDYvt/k1vcQRkjVUHmCVqv8KvCZEWIgtBOQvA4J8z5y3GMDfB76VzjhB6ntNaIou
7Cax53eo9xcNMfwrVjJ7skVoWFbRX8LWUILnENK1asrRZQraUQ3o5xwO+d47SdDH
LQs0sXsk8kjl+EakqkHFwWVYa1ni9lyoS4LSGnId071UkmScDGkWfLKMH8iLyrSZ
8EG/1hL1UZDJpN+tmUuZQUjdwkHJonNyIc9Sj8OKhTT3+gO6
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:53:14 2024 by rpki-client on console-ams.rpki-client.org