Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/rZVc5_3K_1-jGrhdm9YkbN63AsM.roa
File:                     rZVc5_3K_1-jGrhdm9YkbN63AsM.roa (raw, json)
Hash identifier:          gVFfmk3tu5vaxJnLtzUpqcTmymQLUqZSyLTw56IirNc=
Subject key identifier:   AD:95:5C:E7:FD:CA:FF:5F:A3:1A:B8:5D:9B:D6:24:6C:DE:B7:02:C3
Certificate issuer:       /CN=f80e017cf1711519b0ff9f65858c491b2fa5d40b
Certificate serial:       018CC801451E7FB00DECBD8740D7EC78E435
Authority key identifier: F8:0E:01:7C:F1:71:15:19:B0:FF:9F:65:85:8C:49:1B:2F:A5:D4:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-A4BfPFxFRmw_59lhYxJGy-l1As.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/rZVc5_3K_1-jGrhdm9YkbN63AsM.roa
Signing time:             Tue 02 Jan 2024 02:29:35 +0000
ROA not before:           Tue 02 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49689
IP address blocks:        2a10:8b40:1001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/1-A4BfPFxFRmw_59lhYxJGy-l1As.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/1-A4BfPFxFRmw_59lhYxJGy-l1As.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-A4BfPFxFRmw_59lhYxJGy-l1As.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:45:1e:7f:b0:0d:ec:bd:87:40:d7:ec:78:e4:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f80e017cf1711519b0ff9f65858c491b2fa5d40b
        Validity
            Not Before: Jan  2 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad955ce7fdcaff5fa31ab85d9bd6246cdeb702c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2f:69:fa:9d:e6:39:ec:97:3a:56:80:e0:00:
                    ae:a7:ca:04:f3:11:56:9f:7c:f7:39:83:f5:11:38:
                    a6:21:a2:46:13:e4:61:2e:37:ad:18:f6:da:53:3d:
                    b2:63:c5:ad:12:da:54:e4:a9:ee:b9:3a:3a:81:22:
                    ed:1c:e0:ca:29:b2:11:5a:a5:ec:aa:44:86:fc:ff:
                    7f:f3:a2:c2:66:74:2f:ec:ff:32:8c:c6:d0:8e:3f:
                    11:4e:38:36:39:1b:75:42:c7:31:fe:27:7b:24:d7:
                    c0:3c:ed:a8:1d:c7:f7:b5:6c:6c:39:5b:67:13:3f:
                    a0:cd:f5:9b:13:95:ef:87:d1:84:09:5d:e8:d5:4e:
                    f4:51:e4:47:f4:3b:1d:5d:e0:fd:10:ea:62:db:df:
                    ec:70:79:e2:1a:19:85:9d:9c:2b:27:3d:3a:a1:73:
                    40:f0:d3:96:18:dd:ac:8c:6a:df:17:81:53:8b:72:
                    ad:1a:f9:e8:ca:e3:fe:11:b7:37:23:5a:49:56:77:
                    d1:2c:1f:0b:52:05:a8:f1:a3:c1:a0:ba:bc:5c:c7:
                    45:d2:f3:6a:ec:e2:26:df:c6:3b:3d:e4:87:4c:53:
                    df:f0:af:f4:da:3f:d7:02:12:48:e7:6c:97:bf:a8:
                    60:ff:32:64:99:c4:db:58:96:69:32:aa:65:de:be:
                    64:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:95:5C:E7:FD:CA:FF:5F:A3:1A:B8:5D:9B:D6:24:6C:DE:B7:02:C3
            X509v3 Authority Key Identifier:
                keyid:F8:0E:01:7C:F1:71:15:19:B0:FF:9F:65:85:8C:49:1B:2F:A5:D4:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-A4BfPFxFRmw_59lhYxJGy-l1As.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/rZVc5_3K_1-jGrhdm9YkbN63AsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/2dc136-400d-40e7-ad86-8ce60a5c8b1f/1/1-A4BfPFxFRmw_59lhYxJGy-l1As.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:8b40:1001::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:8c:26:95:cc:fd:7a:e7:2e:d8:ef:66:cb:5c:02:3d:fc:93:
         12:da:4a:d0:9b:0b:0b:c6:db:a3:b0:2c:96:2a:9d:2f:4f:a7:
         1e:ed:a9:58:78:a3:ff:5c:94:1d:59:69:ff:2b:71:b2:12:84:
         7b:c6:a8:ea:69:89:3d:8a:0b:65:07:0f:1b:b4:e9:a5:c4:73:
         4a:01:a6:c5:8b:16:e4:3b:e2:3e:7d:52:7a:2a:76:f8:be:42:
         a6:82:e1:02:e3:ee:37:42:53:98:4d:aa:8f:d7:80:6e:f9:33:
         24:cb:5b:84:e3:f6:28:ad:dd:d4:3a:43:aa:75:40:94:a4:2d:
         43:f3:79:a1:09:ca:34:35:62:02:f9:7d:d4:89:61:b7:85:df:
         bf:99:51:da:7b:be:bd:60:45:d3:55:6c:67:0e:0e:fc:75:86:
         14:78:4d:30:9a:68:67:3e:a3:ac:c1:3b:c2:73:76:dc:b8:91:
         01:3c:e2:0c:ef:ed:19:83:f7:59:04:08:26:64:7a:54:be:67:
         ff:cf:d8:04:1f:84:b0:51:69:f7:1c:5a:68:19:2b:b1:93:f3:
         ec:6a:cb:46:a2:10:c7:f8:8c:b9:15:16:2c:32:50:ea:03:ab:
         1a:b5:3e:60:84:ee:29:78:20:dd:59:34:70:c2:f9:1f:b5:7b:
         4b:83:a4:09
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzIAUUef7AN7L2HQNfseOQ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MGUwMTdjZjE3MTE1MTliMGZmOWY2NTg1OGM0OTFiMmZh
NWQ0MGIwHhcNMjQwMTAyMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDk1NWNlN2ZkY2FmZjVmYTMxYWI4NWQ5YmQ2MjQ2Y2RlYjcwMmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC9p+p3mOeyXOlaA4ACup8oE8xFW
n3z3OYP1ETimIaJGE+RhLjetGPbaUz2yY8WtEtpU5KnuuTo6gSLtHODKKbIRWqXs
qkSG/P9/86LCZnQv7P8yjMbQjj8RTjg2ORt1Qscx/id7JNfAPO2oHcf3tWxsOVtn
Ez+gzfWbE5Xvh9GECV3o1U70UeRH9DsdXeD9EOpi29/scHniGhmFnZwrJz06oXNA
8NOWGN2sjGrfF4FTi3KtGvnoyuP+Ebc3I1pJVnfRLB8LUgWo8aPBoLq8XMdF0vNq
7OIm38Y7PeSHTFPf8K/02j/XAhJI52yXv6hg/zJkmcTbWJZpMqpl3r5kKwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFK2VXOf9yv9foxq4XZvWJGzetwLDMB8GA1UdIwQY
MBaAFPgOAXzxcRUZsP+fZYWMSRsvpdQLMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1BNEJmUEZ4RlJtd181OWxoWXhKR3ktbDFBcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcvMmRjMTM2LTQwMGQtNDBlNy1hZDg2
LThjZTYwYTVjOGIxZi8xL3JaVmM1XzNLXzEtakdyaGRtOVlrYk42M0FzTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODcvMmRjMTM2LTQwMGQtNDBlNy1hZDg2LThjZTYwYTVjOGIx
Zi8xLzEtQTRCZlBGeEZSbXdfNTlsaFl4Skd5LWwxQXMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqEItA
EAEwDQYJKoZIhvcNAQELBQADggEBADGMJpXM/XrnLtjvZstcAj38kxLaStCbCwvG
26OwLJYqnS9Ppx7tqVh4o/9clB1Zaf8rcbIShHvGqOppiT2KC2UHDxu06aXEc0oB
psWLFuQ74j59Unoqdvi+QqaC4QLj7jdCU5hNqo/XgG75MyTLW4Tj9iit3dQ6Q6p1
QJSkLUPzeaEJyjQ1YgL5fdSJYbeF37+ZUdp7vr1gRdNVbGcODvx1hhR4TTCaaGc+
o6zBO8Jzdty4kQE84gzv7RmD91kECCZkelS+Z//P2AQfhLBRafccWmgZK7GT8+xq
y0aiEMf4jLkVFiwyUOoDqxq1PmCE7il4IN1ZNHDC+R+1e0uDpAk=
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:15:24 2024 by rpki-client on console-fra.rpki-client.org