Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xwa1mRdLuNxSXNiqQEBQP-iH0KI.roa
File:                     xwa1mRdLuNxSXNiqQEBQP-iH0KI.roa (raw, json)
Hash identifier:          tP4NVLYugBSaeVcV4ono2LFuwUR/pdi3aQX19EWq1Ls=
Subject key identifier:   C7:06:B5:99:17:4B:B8:DC:52:5C:D8:AA:40:40:50:3F:E8:87:D0:A2
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018FB58599FC73DD9B7C37E8C467B5D17679
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xwa1mRdLuNxSXNiqQEBQP-iH0KI.roa
Signing time:             Sun 26 May 2024 15:29:42 +0000
ROA not before:           Sun 26 May 2024 15:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0e:aa02::/40 maxlen: 40
                          2a0e:aa06:502::/48 maxlen: 48
                          2a0e:aa06:503::/48 maxlen: 48
                          2a0e:aa06:52a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b5:85:99:fc:73:dd:9b:7c:37:e8:c4:67:b5:d1:76:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: May 26 15:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c706b599174bb8dc525cd8aa4040503fe887d0a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0a:93:7f:04:02:3e:eb:25:a5:0c:68:d6:c3:
                    72:57:50:e0:31:12:f0:08:19:a8:93:08:e5:70:c7:
                    1c:d2:e4:a0:79:f2:84:a7:71:7d:17:bc:77:af:fd:
                    54:53:5a:d0:fa:57:ba:a6:d4:ff:78:e1:7d:cf:57:
                    83:cf:18:3f:50:bc:56:7e:aa:42:0c:80:86:e6:17:
                    d3:9b:5e:ec:e5:b3:9d:9a:b8:0c:da:05:73:05:3d:
                    20:31:02:01:e6:16:ef:8d:10:0c:5a:5c:bc:c3:0a:
                    68:95:c3:e9:6c:91:b6:48:b8:dc:cc:f7:b1:54:d2:
                    31:bc:66:cb:3f:af:e4:e7:6c:6f:83:0f:9d:e3:84:
                    ad:e9:27:94:cd:06:e3:59:63:ec:25:50:87:4c:39:
                    77:dc:f6:0d:b4:da:6d:86:dc:20:ed:81:24:ee:0a:
                    5c:f8:09:62:51:74:05:48:8e:e6:52:60:a8:6c:f0:
                    9b:0c:9f:7d:86:bd:53:b3:18:fb:20:9a:03:6d:be:
                    68:36:52:5d:03:5a:fe:5a:d2:5a:4a:94:99:88:68:
                    66:69:05:bf:81:bf:37:32:55:f7:6f:17:3a:fe:38:
                    54:19:d6:5e:27:65:80:f1:6b:b2:84:23:62:9e:79:
                    1a:18:3e:41:5b:23:ce:47:23:10:e7:3f:2b:47:0f:
                    1d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:06:B5:99:17:4B:B8:DC:52:5C:D8:AA:40:40:50:3F:E8:87:D0:A2
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/xwa1mRdLuNxSXNiqQEBQP-iH0KI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa02::/40
                  2a0e:aa06:502::/47
                  2a0e:aa06:52a::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:56:f4:09:fb:c3:6a:5e:af:9a:01:5a:35:dc:fb:e0:45:99:
         6b:d1:ec:62:90:a7:06:c8:74:92:3b:ad:c4:f2:b6:f5:f4:67:
         e7:51:d3:7f:29:1e:0a:8e:46:40:1b:85:dc:17:43:30:c9:ee:
         eb:bf:58:80:92:43:01:43:a2:cf:b8:c7:9f:05:1a:4e:32:86:
         38:6b:6f:c8:2a:81:78:f0:ef:97:a8:08:fe:48:85:5c:ca:f5:
         77:f0:a1:97:df:a5:4c:17:8a:b0:81:97:66:66:7a:8b:6d:67:
         cf:0f:34:db:70:5a:6b:19:6d:75:a7:8b:45:93:9f:f1:0c:f1:
         e3:dc:e5:0c:6c:eb:e6:8c:d7:02:89:11:1b:35:c6:c2:6e:a7:
         85:84:d5:ac:49:1f:42:1e:9f:76:a1:c3:33:d6:f6:57:fb:98:
         38:4c:c4:1b:4a:1c:bc:89:55:5a:ea:91:86:aa:81:d7:c2:fb:
         a5:df:1f:7e:17:a5:7b:87:32:59:3c:c3:00:5d:18:d9:69:fd:
         5c:01:68:88:bc:10:74:06:d2:f4:e2:c4:4c:0b:aa:24:b3:91:
         8a:6a:c2:84:46:79:6e:64:2a:28:2a:cd:71:60:55:9d:37:bf:
         d1:d8:8e:fa:71:55:22:5a:c6:76:a2:7f:06:6c:5d:52:97:c0:
         4f:18:e8:ab
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY+1hZn8c92bfDfoxGe10XZ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNTI2MTUyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzA2YjU5OTE3NGJiOGRjNTI1Y2Q4YWE0MDQwNTAzZmU4ODdkMGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wqTfwQCPuslpQxo1sNyV1DgMRLw
CBmokwjlcMcc0uSgefKEp3F9F7x3r/1UU1rQ+le6ptT/eOF9z1eDzxg/ULxWfqpC
DICG5hfTm17s5bOdmrgM2gVzBT0gMQIB5hbvjRAMWly8wwpolcPpbJG2SLjczPex
VNIxvGbLP6/k52xvgw+d44St6SeUzQbjWWPsJVCHTDl33PYNtNpthtwg7YEk7gpc
+AliUXQFSI7mUmCobPCbDJ99hr1Tsxj7IJoDbb5oNlJdA1r+WtJaSpSZiGhmaQW/
gb83MlX3bxc6/jhUGdZeJ2WA8WuyhCNinnkaGD5BWyPORyMQ5z8rRw8dOQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFMcGtZkXS7jcUlzYqkBAUD/oh9CiMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEveHdhMW1SZEx1TnhTWE5pcVFFQlFQLWlIMEtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwYAKg6qAgAD
BwEqDqoGBQIDBwAqDqoGBSowDQYJKoZIhvcNAQELBQADggEBAIZW9An7w2per5oB
WjXc++BFmWvR7GKQpwbIdJI7rcTytvX0Z+dR038pHgqORkAbhdwXQzDJ7uu/WICS
QwFDos+4x58FGk4yhjhrb8gqgXjw75eoCP5IhVzK9XfwoZffpUwXirCBl2Zmeott
Z88PNNtwWmsZbXWni0WTn/EM8ePc5Qxs6+aM1wKJERs1xsJup4WE1axJH0Ien3ah
wzPW9lf7mDhMxBtKHLyJVVrqkYaqgdfC+6XfH34XpXuHMlk8wwBdGNlp/VwBaIi8
EHQG0vTixEwLqiSzkYpqwoRGeW5kKigqzXFgVZ03v9HYjvpxVSJaxnaifwZsXVKX
wE8Y6Ks=
-----END CERTIFICATE-----
Generated at Sun Nov 24 22:27:44 2024 by rpki-client on console-fra.rpki-client.org