Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/aryV4T6Jo-ABn3ueXOoki0uxGsk.roa
File:                     aryV4T6Jo-ABn3ueXOoki0uxGsk.roa (raw, json)
Hash identifier:          oqXmcAqy7nfbn66n3AnIwIzEyKolV9tHJHBeEo99pRE=
Subject key identifier:   6A:BC:95:E1:3E:89:A3:E0:01:9F:7B:9E:5C:EA:24:8B:4B:B1:1A:C9
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       018CC86F817ED11C8462B15869FE4CF5E91E
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/aryV4T6Jo-ABn3ueXOoki0uxGsk.roa
Signing time:             Tue 02 Jan 2024 04:29:59 +0000
ROA not before:           Tue 02 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22773
IP address blocks:        2a10:5c80::/29 maxlen: 29
                          2a10:5a80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:81:7e:d1:1c:84:62:b1:58:69:fe:4c:f5:e9:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Jan  2 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6abc95e13e89a3e0019f7b9e5cea248b4bb11ac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:90:af:f3:af:5e:33:33:9c:e6:ac:0f:c8:6a:
                    47:7a:9e:46:c7:d0:6e:76:84:ef:0e:c4:9a:cd:1c:
                    db:5f:e5:cd:29:9a:30:96:82:ba:93:48:3b:7a:01:
                    3a:91:c0:ba:b6:e1:03:a6:4a:f4:4e:ad:c5:b7:af:
                    e6:5e:bc:e7:66:0c:dc:8b:97:fc:18:f2:1b:d8:75:
                    6b:1d:45:d6:77:5d:e3:6a:98:a6:1a:b6:35:65:fe:
                    c4:eb:0b:d5:24:ad:7e:16:c0:79:47:8b:55:dd:f8:
                    34:03:16:8f:a7:3b:ed:c0:f8:e5:32:ed:2c:72:85:
                    6f:ec:5b:2a:b9:15:35:fe:bb:f7:3b:6b:e1:34:8f:
                    b8:de:b0:aa:59:ce:b1:c0:2d:7c:09:13:64:3f:e0:
                    f8:09:d9:cc:f7:bb:57:e5:4f:6f:78:fe:c7:0c:82:
                    5c:d0:da:f6:73:5d:f6:65:ca:ed:9d:e0:0c:12:9d:
                    5a:4f:e9:73:7d:cd:39:ed:06:a8:ce:08:ec:cc:d9:
                    53:15:26:85:98:c4:4d:c4:8d:ce:41:8b:09:36:bf:
                    8e:f8:15:58:de:92:cd:44:95:1e:45:73:f8:07:2d:
                    b0:c3:84:7b:e4:f7:86:e6:63:92:c4:53:6f:fd:9e:
                    64:ec:5e:aa:ee:18:15:f5:1b:d2:9c:c3:fd:e2:28:
                    af:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:BC:95:E1:3E:89:A3:E0:01:9F:7B:9E:5C:EA:24:8B:4B:B1:1A:C9
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/aryV4T6Jo-ABn3ueXOoki0uxGsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:5a80::/29
                  2a10:5c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:7a:24:97:cf:4f:25:56:c6:de:47:af:5a:b0:78:ff:dd:52:
         26:3c:44:16:b4:bf:08:e0:31:65:91:b6:b3:3f:52:2d:82:52:
         af:5c:e9:4f:2c:61:e9:53:19:c4:d7:91:1e:3c:2a:e0:37:f7:
         cd:e0:7e:90:c7:16:b3:c6:f6:1d:58:e7:c2:54:67:46:a2:55:
         43:d1:8f:b5:e6:2b:28:cd:4b:05:fa:7e:0a:8f:81:b5:da:0b:
         d9:55:e6:4e:0e:8c:f8:e9:d3:a4:07:d4:30:dd:ef:a1:7b:a9:
         62:26:c3:2d:bc:21:05:6e:8d:9c:17:a3:45:9b:97:bf:47:25:
         d9:e9:f5:5f:48:fb:78:7d:67:66:a7:01:78:e8:ce:6a:25:97:
         71:1b:8a:66:5d:03:df:7c:d3:75:81:65:7e:46:95:6e:91:f1:
         93:10:63:df:91:c4:33:7e:74:ce:d8:08:84:e4:db:19:03:1d:
         91:55:87:b1:68:9e:b0:20:ae:8c:5f:38:2b:61:48:5e:37:2a:
         c7:ad:74:e9:59:7a:1a:99:e2:4f:27:67:be:f5:92:c5:40:2b:
         87:31:5f:df:17:eb:0c:a6:85:d8:43:b9:62:27:64:58:fd:24:
         4b:d9:d8:ac:a7:20:65:8f:ec:72:c7:ce:59:bd:d5:a0:19:0e:
         a4:78:80:37
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIb4F+0RyEYrFYaf5M9ekeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjQwMTAyMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWJjOTVlMTNlODlhM2UwMDE5ZjdiOWU1Y2VhMjQ4YjRiYjExYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZCv869eMzOc5qwPyGpHep5Gx9Bu
doTvDsSazRzbX+XNKZowloK6k0g7egE6kcC6tuEDpkr0Tq3Ft6/mXrznZgzci5f8
GPIb2HVrHUXWd13japimGrY1Zf7E6wvVJK1+FsB5R4tV3fg0AxaPpzvtwPjlMu0s
coVv7FsquRU1/rv3O2vhNI+43rCqWc6xwC18CRNkP+D4CdnM97tX5U9veP7HDIJc
0Nr2c132ZcrtneAMEp1aT+lzfc057QaozgjszNlTFSaFmMRNxI3OQYsJNr+O+BVY
3pLNRJUeRXP4By2ww4R75PeG5mOSxFNv/Z5k7F6q7hgV9RvSnMP94iivmwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGq8leE+iaPgAZ97nlzqJItLsRrJMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvYXJ5VjRUNkpvLUFCbjN1ZVhPb2tpMHV4R3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhBagAMF
AyoQXIAwDQYJKoZIhvcNAQELBQADggEBAEN6JJfPTyVWxt5Hr1qweP/dUiY8RBa0
vwjgMWWRtrM/Ui2CUq9c6U8sYelTGcTXkR48KuA3983gfpDHFrPG9h1Y58JUZ0ai
VUPRj7XmKyjNSwX6fgqPgbXaC9lV5k4OjPjp06QH1DDd76F7qWImwy28IQVujZwX
o0Wbl79HJdnp9V9I+3h9Z2anAXjozmoll3EbimZdA99803WBZX5GlW6R8ZMQY9+R
xDN+dM7YCITk2xkDHZFVh7FonrAgroxfOCthSF43KsetdOlZehqZ4k8nZ771ksVA
K4cxX98X6wymhdhDuWInZFj9JEvZ2KynIGWP7HLHzlm91aAZDqR4gDc=
-----END CERTIFICATE-----
Generated at Mon Nov 25 01:31:42 2024 by rpki-client on console-ams.rpki-client.org