Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/98xg38KnVtaM7OUuVosQmLjN5ek.roa
File:                     98xg38KnVtaM7OUuVosQmLjN5ek.roa (raw, json)
Hash identifier:          p3AuDhPVhAspCzY6R1pePpIxKS3LA82BNiJlNRbVeXo=
Subject key identifier:   F7:CC:60:DF:C2:A7:56:D6:8C:EC:E5:2E:56:8B:10:98:B8:CD:E5:E9
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018F78D88119B74AF9FAA78A02D49A32796C
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/98xg38KnVtaM7OUuVosQmLjN5ek.roa
Signing time:             Tue 14 May 2024 20:43:25 +0000
ROA not before:           Tue 14 May 2024 20:43:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214911
IP address blocks:        2a0e:aa07:e1b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:78:d8:81:19:b7:4a:f9:fa:a7:8a:02:d4:9a:32:79:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: May 14 20:43:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7cc60dfc2a756d68cece52e568b1098b8cde5e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:04:05:0f:8f:a1:26:fa:1e:33:1a:4b:14:ff:
                    a2:bf:11:06:a2:81:1c:81:18:dc:f2:b9:6f:cb:d4:
                    8a:f0:dc:99:27:b2:ae:c6:18:61:cb:01:ed:c3:33:
                    d2:6f:4c:4d:7f:1e:08:d0:8e:64:d5:2c:f1:6a:32:
                    64:b5:d8:0a:20:cb:d6:3a:34:42:57:8f:90:3d:a8:
                    cd:2c:0d:cb:e1:31:2c:cf:ec:ac:fc:fd:f6:26:ea:
                    a8:36:02:34:a4:0a:40:d4:19:a1:15:41:6f:60:3f:
                    79:f3:a5:2f:4b:86:2a:43:41:a5:3d:56:b6:41:50:
                    c3:41:6a:ea:fb:a1:3a:19:96:ee:34:c4:76:1e:6e:
                    6f:75:13:6c:e7:cd:57:08:7a:7b:9d:87:2c:4e:de:
                    8a:8a:5b:e4:e2:1c:63:16:b9:5e:bb:7a:cb:b0:90:
                    43:14:d9:75:9c:a4:dd:30:0c:20:53:af:ce:26:1b:
                    34:db:33:51:b3:09:64:85:71:5c:02:9b:de:49:cd:
                    df:68:48:31:5e:8f:cc:d6:7e:19:89:9f:c3:a6:4b:
                    8d:92:cd:46:a1:26:bb:b3:5e:45:9b:96:14:6b:0c:
                    c1:06:ef:57:a8:a0:e8:a3:fa:dc:20:e8:2a:df:c6:
                    c7:a8:3c:88:3d:f0:54:24:e2:9a:9a:c8:dc:0b:cd:
                    33:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:CC:60:DF:C2:A7:56:D6:8C:EC:E5:2E:56:8B:10:98:B8:CD:E5:E9
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/98xg38KnVtaM7OUuVosQmLjN5ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e1b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8c:6c:81:8c:b7:a0:78:a6:f6:f2:c9:4f:75:83:01:4f:4d:28:
         40:50:23:e3:21:8d:2a:1e:b7:0f:51:cc:d2:89:e8:ad:6a:cf:
         21:d7:f8:c3:4c:ac:5b:5d:76:7d:89:9d:13:fe:a1:a5:36:ea:
         7f:21:36:7a:2d:50:ca:91:ea:e4:89:5b:95:71:de:9a:f8:54:
         9e:8c:ce:32:0b:59:01:3e:5c:b8:02:f8:61:17:d0:9e:20:c4:
         94:16:89:e2:0a:71:2c:02:9d:85:a7:33:4d:76:34:6f:99:ab:
         18:0d:82:67:0a:3f:02:cd:b6:c0:d0:16:5e:fa:a3:6b:04:e5:
         52:2c:68:f2:33:26:c6:37:e5:4a:8d:18:68:3e:b0:ec:c1:aa:
         3a:96:14:ae:f5:2a:dc:cf:69:7d:57:2a:db:0c:d1:5f:5b:da:
         0d:ab:e4:16:76:b9:9c:8a:c1:b9:fb:7e:eb:09:cd:7b:55:1d:
         36:9b:1d:a1:a8:30:9f:f8:05:58:96:72:89:51:d5:c0:36:31:
         93:d7:23:d3:ef:87:8c:b1:ce:27:53:d6:d3:13:ef:46:6b:ae:
         90:77:53:1d:db:73:f3:0c:60:31:58:d7:4e:6a:4a:57:92:e7:
         1e:bf:20:e5:2f:e1:8b:0e:eb:5d:2d:9f:68:47:7d:5b:cf:cf:
         4d:7c:50:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY942IEZt0r5+qeKAtSaMnlsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNTE0MjA0MzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2NjNjBkZmMyYTc1NmQ2OGNlY2U1MmU1NjhiMTA5OGI4Y2RlNWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogQFD4+hJvoeMxpLFP+ivxEGooEc
gRjc8rlvy9SK8NyZJ7KuxhhhywHtwzPSb0xNfx4I0I5k1SzxajJktdgKIMvWOjRC
V4+QPajNLA3L4TEsz+ys/P32JuqoNgI0pApA1BmhFUFvYD9586UvS4YqQ0GlPVa2
QVDDQWrq+6E6GZbuNMR2Hm5vdRNs581XCHp7nYcsTt6Kilvk4hxjFrleu3rLsJBD
FNl1nKTdMAwgU6/OJhs02zNRswlkhXFcApveSc3faEgxXo/M1n4ZiZ/DpkuNks1G
oSa7s15Fm5YUawzBBu9XqKDoo/rcIOgq38bHqDyIPfBUJOKamsjcC80zJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPfMYN/Cp1bWjOzlLlaLEJi4zeXpMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvOTh4ZzM4S25WdGFNN09VdVZvc1FtTGpONWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Gw
MA0GCSqGSIb3DQEBCwUAA4IBAQCMbIGMt6B4pvbyyU91gwFPTShAUCPjIY0qHrcP
UczSieitas8h1/jDTKxbXXZ9iZ0T/qGlNup/ITZ6LVDKkerkiVuVcd6a+FSejM4y
C1kBPly4AvhhF9CeIMSUFoniCnEsAp2FpzNNdjRvmasYDYJnCj8CzbbA0BZe+qNr
BOVSLGjyMybGN+VKjRhoPrDswao6lhSu9Srcz2l9VyrbDNFfW9oNq+QWdrmcisG5
+37rCc17VR02mx2hqDCf+AVYlnKJUdXANjGT1yPT74eMsc4nU9bTE+9Ga66Qd1Md
23PzDGAxWNdOakpXkucevyDlL+GLDutdLZ9oR31bz89NfFBK
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:34:58 2024 by rpki-client on console-ams.rpki-client.org