Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/SAHSU7dHtPctwfukXuR8cvHzm6g.roa
File:                     SAHSU7dHtPctwfukXuR8cvHzm6g.roa (raw, json)
Hash identifier:          338YlmSsLLT4gEK6ChSis1L8kmVhrsXEPietKDOfm54=
Subject key identifier:   48:01:D2:53:B7:47:B4:F7:2D:C1:FB:A4:5E:E4:7C:72:F1:F3:9B:A8
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D31EEB37A718E0D6D9B5FBB0DDC9B
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/SAHSU7dHtPctwfukXuR8cvHzm6g.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206843
IP address blocks:        2a0e:aa07:e00e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:31:ee:b3:7a:71:8e:0d:6d:9b:5f:bb:0d:dc:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4801d253b747b4f72dc1fba45ee47c72f1f39ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:14:9a:61:43:d2:8e:07:92:ef:04:60:0a:e0:
                    f2:d0:e9:f6:d0:63:eb:ea:7c:c0:05:0a:84:ac:96:
                    d6:04:81:fd:e0:76:d5:a4:c4:bd:34:cd:54:d0:7a:
                    0c:d8:b7:df:54:e9:dc:5a:58:6d:72:60:79:42:8a:
                    48:60:86:88:a9:c6:83:15:b3:d1:82:2c:1c:9e:70:
                    d9:24:24:73:44:62:e5:23:0c:59:9d:5e:73:df:e5:
                    ac:2c:af:1f:36:ee:b9:d6:35:d7:56:53:31:e7:84:
                    e2:c7:0c:79:81:53:5d:6d:28:10:01:1b:23:1c:1c:
                    21:71:20:f8:42:8b:79:d3:7b:ae:d5:83:a5:0f:59:
                    c4:74:74:44:ce:10:7a:bc:cd:d5:3f:ef:84:df:dd:
                    a9:f3:0d:7f:ec:e1:19:14:15:e7:0e:2a:70:2b:9a:
                    70:bb:e9:dc:75:1a:37:34:c6:af:fd:d8:10:c2:86:
                    65:87:77:50:3e:1b:ee:63:bd:0e:4f:3a:16:ad:80:
                    9c:a7:e9:87:89:02:af:c5:3c:a5:7d:18:4a:da:65:
                    7c:4d:fe:f0:6d:57:f9:1e:ec:54:f7:15:7f:cb:14:
                    3b:31:8b:e9:0c:b1:34:6f:f6:d4:5c:93:07:8d:ff:
                    aa:9a:93:32:02:11:55:b3:35:6d:52:62:96:f9:fe:
                    13:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:01:D2:53:B7:47:B4:F7:2D:C1:FB:A4:5E:E4:7C:72:F1:F3:9B:A8
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/SAHSU7dHtPctwfukXuR8cvHzm6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e00e::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:9c:ff:36:2e:b2:5b:0e:26:c2:e3:f5:d1:91:bb:30:31:5a:
         43:18:fd:b5:23:cd:ab:3c:eb:03:c6:ef:79:e4:86:7e:5a:8b:
         e0:2d:85:4e:72:72:23:0f:0d:7e:a2:af:96:41:62:3c:05:7d:
         e2:b3:a4:db:8c:b3:0d:b2:db:ca:a8:54:1a:3b:6c:03:68:92:
         6a:bf:c5:da:b2:2c:db:ea:8f:ab:ae:24:cf:3b:2c:71:ff:cb:
         2c:bd:29:2e:c1:15:36:8b:cd:14:c4:7c:ca:c2:84:bb:40:7c:
         2a:07:8e:9b:d2:7b:63:2c:76:fa:7d:77:d9:75:e2:87:83:75:
         15:cc:76:b4:17:3a:be:f1:43:c7:f1:aa:0b:0e:85:7c:41:ae:
         37:d7:0d:51:00:bf:aa:a5:e3:fe:3f:d7:66:8c:a3:81:5c:dc:
         b7:40:ae:db:e7:39:6f:53:97:a2:3b:c4:85:d6:69:90:ef:ef:
         d7:1a:8a:98:12:b6:cc:6d:af:62:11:dd:6c:a7:a2:bb:18:84:
         a0:a1:2a:9a:2f:43:d1:a0:57:c0:8b:05:01:5a:8c:8c:ad:97:
         d9:be:ef:5d:f8:72:dc:ac:8e:8e:e7:40:e4:38:98:45:61:cd:
         1f:1d:a4:9f:3d:a5:a0:46:4e:d4:9f:43:31:d2:29:df:5a:06:
         a4:0d:b8:4e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTHus3pxjg1tm1+7DdybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODAxZDI1M2I3NDdiNGY3MmRjMWZiYTQ1ZWU0N2M3MmYxZjM5YmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhSaYUPSjgeS7wRgCuDy0On20GPr
6nzABQqErJbWBIH94HbVpMS9NM1U0HoM2LffVOncWlhtcmB5QopIYIaIqcaDFbPR
giwcnnDZJCRzRGLlIwxZnV5z3+WsLK8fNu651jXXVlMx54Tixwx5gVNdbSgQARsj
HBwhcSD4Qot503uu1YOlD1nEdHREzhB6vM3VP++E392p8w1/7OEZFBXnDipwK5pw
u+ncdRo3NMav/dgQwoZlh3dQPhvuY70OTzoWrYCcp+mHiQKvxTylfRhK2mV8Tf7w
bVf5HuxU9xV/yxQ7MYvpDLE0b/bUXJMHjf+qmpMyAhFVszVtUmKW+f4TrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEgB0lO3R7T3LcH7pF7kfHLx85uoMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvU0FIU1U3ZEh0UGN0d2Z1a1h1Ujhjdkh6bTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+AO
MA0GCSqGSIb3DQEBCwUAA4IBAQCHnP82LrJbDibC4/XRkbswMVpDGP21I82rPOsD
xu955IZ+WovgLYVOcnIjDw1+oq+WQWI8BX3is6TbjLMNstvKqFQaO2wDaJJqv8Xa
sizb6o+rriTPOyxx/8ssvSkuwRU2i80UxHzKwoS7QHwqB46b0ntjLHb6fXfZdeKH
g3UVzHa0Fzq+8UPH8aoLDoV8Qa431w1RAL+qpeP+P9dmjKOBXNy3QK7b5zlvU5ei
O8SF1mmQ7+/XGoqYErbMba9iEd1sp6K7GISgoSqaL0PRoFfAiwUBWoyMrZfZvu9d
+HLcrI6O50DkOJhFYc0fHaSfPaWgRk7Un0Mx0infWgakDbhO
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:34:58 2024 by rpki-client on console-ams.rpki-client.org