Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/WQemVUwa8HxrW5goF2k6y4OORDE.roa
File:                     WQemVUwa8HxrW5goF2k6y4OORDE.roa (raw, json)
Hash identifier:          JaGpjVOSEFKYfQwsF5fhGTwZmOeoiBghT/00dEDg6xw=
Subject key identifier:   59:07:A6:55:4C:1A:F0:7C:6B:5B:98:28:17:69:3A:CB:83:8E:44:31
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018CC348F193BD182C6DC6D35EDBC96E4448
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/WQemVUwa8HxrW5goF2k6y4OORDE.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35471
IP address blocks:        2a02:d80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f1:93:bd:18:2c:6d:c6:d3:5e:db:c9:6e:44:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5907a6554c1af07c6b5b982817693acb838e4431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:0a:3f:95:f9:a1:d9:eb:c7:e7:de:4b:a3:92:
                    c2:31:86:32:6e:e3:73:b8:29:88:d1:df:d9:84:9f:
                    04:c4:f3:d0:28:fb:cb:02:15:4a:5d:2f:82:14:09:
                    bd:d0:55:f6:af:ba:c3:29:63:33:b0:e9:04:7a:ce:
                    5d:a4:c3:ad:a0:25:13:44:69:74:b2:57:4a:92:35:
                    eb:2f:e4:10:b7:36:f7:e6:c3:17:46:32:96:04:1c:
                    97:07:ef:d4:8b:a0:90:31:93:82:d2:1b:7d:5e:9d:
                    90:e3:35:f5:e8:62:08:27:08:ba:e8:a6:35:f0:9f:
                    37:2f:26:61:e6:14:7a:db:bb:3c:de:72:6f:bd:1a:
                    15:40:fa:9b:29:3d:69:46:83:ad:61:97:44:4c:b4:
                    8c:c2:20:d2:ee:07:b9:b1:a0:7c:fd:c8:34:5f:80:
                    fe:12:f3:b3:ef:ea:75:4a:9e:25:a5:b4:da:17:22:
                    08:fb:9b:d4:36:3c:88:07:6b:11:9a:a2:9e:f2:fe:
                    43:a8:aa:95:b2:39:8f:e7:0c:a7:5a:80:e3:88:02:
                    db:85:ca:3a:a7:57:dd:71:94:34:24:5b:7d:3a:c4:
                    06:84:e8:7e:4f:b0:3d:24:40:53:ee:f5:05:ce:cb:
                    77:3b:f5:47:4c:89:ee:73:71:2f:a5:ee:0d:93:ab:
                    6a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:07:A6:55:4C:1A:F0:7C:6B:5B:98:28:17:69:3A:CB:83:8E:44:31
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/WQemVUwa8HxrW5goF2k6y4OORDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:67:a1:61:6f:0d:5e:e0:7a:4e:a8:1d:79:c0:03:67:53:fb:
         0b:c3:c3:3b:7f:a5:1a:2a:46:35:a8:cc:9a:f7:30:9a:1b:f2:
         44:8d:a4:00:f7:ea:19:e8:31:1a:c0:d6:d0:34:85:9b:58:f5:
         99:13:75:6c:91:d4:b7:48:64:f5:00:73:8b:45:78:f5:a5:58:
         35:ab:94:5e:f2:b4:57:44:e3:57:df:a2:1c:e9:df:af:c0:37:
         c6:73:c3:48:6f:20:33:b7:d0:25:a7:7e:c9:c4:08:e1:e3:ee:
         13:29:77:90:e5:db:a2:7d:dc:70:d4:9b:70:b5:5f:83:cf:d8:
         0b:bf:c9:41:b8:b8:38:f5:32:2a:6a:0e:ac:8d:94:0f:ff:8a:
         ff:b4:63:ad:62:7c:d3:6e:8e:27:d0:76:70:15:6f:5b:14:70:
         e0:05:81:66:34:81:23:c3:f7:15:fe:33:39:e5:21:03:27:71:
         90:b1:0d:e3:58:b7:90:d3:a7:86:84:bb:40:4d:48:64:67:3a:
         ad:31:84:f5:a0:d2:fc:27:78:47:5c:7b:cf:24:ae:35:72:db:
         f9:91:05:92:fb:92:bd:db:75:be:11:6c:39:e8:54:13:ed:18:
         4f:b9:8e:75:8a:a4:f0:b8:11:b5:51:87:0a:76:16:5f:f9:24:
         5a:00:fc:73
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSPGTvRgsbcbTXtvJbkRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTA3YTY1NTRjMWFmMDdjNmI1Yjk4MjgxNzY5M2FjYjgzOGU0NDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigo/lfmh2evH595Lo5LCMYYybuNz
uCmI0d/ZhJ8ExPPQKPvLAhVKXS+CFAm90FX2r7rDKWMzsOkEes5dpMOtoCUTRGl0
sldKkjXrL+QQtzb35sMXRjKWBByXB+/Ui6CQMZOC0ht9Xp2Q4zX16GIIJwi66KY1
8J83LyZh5hR627s83nJvvRoVQPqbKT1pRoOtYZdETLSMwiDS7ge5saB8/cg0X4D+
EvOz7+p1Sp4lpbTaFyII+5vUNjyIB2sRmqKe8v5DqKqVsjmP5wynWoDjiALbhco6
p1fdcZQ0JFt9OsQGhOh+T7A9JEBT7vUFzst3O/VHTInuc3Evpe4Nk6tqwwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFkHplVMGvB8a1uYKBdpOsuDjkQxMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvV1FlbVZVd2E4SHhyVzVnb0YyazZ5NE9PUkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgINgDAN
BgkqhkiG9w0BAQsFAAOCAQEAo2ehYW8NXuB6TqgdecADZ1P7C8PDO3+lGipGNajM
mvcwmhvyRI2kAPfqGegxGsDW0DSFm1j1mRN1bJHUt0hk9QBzi0V49aVYNauUXvK0
V0TjV9+iHOnfr8A3xnPDSG8gM7fQJad+ycQI4ePuEyl3kOXbon3ccNSbcLVfg8/Y
C7/JQbi4OPUyKmoOrI2UD/+K/7RjrWJ8026OJ9B2cBVvWxRw4AWBZjSBI8P3Ff4z
OeUhAydxkLEN41i3kNOnhoS7QE1IZGc6rTGE9aDS/Cd4R1x7zySuNXLb+ZEFkvuS
vdt1vhFsOehUE+0YT7mOdYqk8LgRtVGHCnYWX/kkWgD8cw==
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:02:47 2024 by rpki-client on console-ams.rpki-client.org