Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/965580-8736-4173-bde3-2c3028fcece9/1/XDu3t-XMMsnBrrWp9y2zR1b-RSg.roa
File:                     XDu3t-XMMsnBrrWp9y2zR1b-RSg.roa (raw, json)
Hash identifier:          pn03Fc3RYDY23svqk4zM+WHRY3aSlE+k5GElJ8hVjpI=
Subject key identifier:   5C:3B:B7:B7:E5:CC:32:C9:C1:AE:B5:A9:F7:2D:B3:47:56:FE:45:28
Certificate issuer:       /CN=93ecccde85c40b154f919baf64ef032ec70d751e
Certificate serial:       018CC94E61476A67D78ACC7542CE5FD8CECA
Authority key identifier: 93:EC:CC:DE:85:C4:0B:15:4F:91:9B:AF:64:EF:03:2E:C7:0D:75:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-zM3oXECxVPkZuvZO8DLscNdR4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/965580-8736-4173-bde3-2c3028fcece9/1/XDu3t-XMMsnBrrWp9y2zR1b-RSg.roa
Signing time:             Tue 02 Jan 2024 08:33:26 +0000
ROA not before:           Tue 02 Jan 2024 08:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50324
IP address blocks:        2001:67c:138::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/965580-8736-4173-bde3-2c3028fcece9/1/k-zM3oXECxVPkZuvZO8DLscNdR4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/965580-8736-4173-bde3-2c3028fcece9/1/k-zM3oXECxVPkZuvZO8DLscNdR4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-zM3oXECxVPkZuvZO8DLscNdR4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:61:47:6a:67:d7:8a:cc:75:42:ce:5f:d8:ce:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93ecccde85c40b154f919baf64ef032ec70d751e
        Validity
            Not Before: Jan  2 08:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c3bb7b7e5cc32c9c1aeb5a9f72db34756fe4528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e3:a4:95:ed:b9:a5:4b:58:c4:6d:91:58:5b:
                    21:84:88:df:12:e2:5a:b5:5b:7f:4f:c8:d6:c5:dd:
                    e7:97:86:cd:42:d8:f2:0b:b9:bf:e7:4e:d8:b3:f3:
                    d3:9d:b0:8a:de:56:c1:4d:fa:dd:0e:fe:88:af:5b:
                    55:5a:4a:30:e3:1c:5e:c1:89:ee:fe:f7:2d:43:c4:
                    45:b9:36:c7:0e:34:2b:b0:0d:a7:84:9e:30:37:ef:
                    a3:6c:9c:d1:05:ea:4e:c2:1e:7d:0f:3c:6b:32:2d:
                    87:df:ae:2d:4b:c1:ea:b6:5b:48:0d:67:e4:87:fe:
                    41:c3:a6:94:21:d3:cf:0e:ac:3e:f3:28:79:25:2f:
                    07:37:cf:b4:56:d0:08:59:34:32:0c:81:ae:5a:8b:
                    b9:e8:4e:b3:3c:27:6d:6d:c4:ba:3b:2d:55:b5:ba:
                    e6:81:16:1e:7b:bb:98:ec:52:75:3c:67:67:7e:14:
                    0e:3a:34:f9:43:e0:af:6e:71:3d:48:f0:d6:51:6a:
                    39:9a:e3:52:82:38:84:8b:a5:7c:b2:d2:b8:f8:6a:
                    df:84:1a:0a:21:a6:7b:ce:11:cb:13:2c:56:10:a5:
                    3d:bd:42:7b:71:98:5b:41:eb:4b:28:d4:04:83:ad:
                    11:22:88:b4:45:c7:c4:ba:b0:27:51:d4:fe:f3:50:
                    0f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:3B:B7:B7:E5:CC:32:C9:C1:AE:B5:A9:F7:2D:B3:47:56:FE:45:28
            X509v3 Authority Key Identifier:
                keyid:93:EC:CC:DE:85:C4:0B:15:4F:91:9B:AF:64:EF:03:2E:C7:0D:75:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-zM3oXECxVPkZuvZO8DLscNdR4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/965580-8736-4173-bde3-2c3028fcece9/1/XDu3t-XMMsnBrrWp9y2zR1b-RSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/965580-8736-4173-bde3-2c3028fcece9/1/k-zM3oXECxVPkZuvZO8DLscNdR4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:138::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:48:7d:b6:b2:fd:f5:b6:a0:6b:27:1a:e9:0b:c9:97:bf:99:
         85:94:88:b4:fb:6c:96:a7:d2:ad:6b:a5:9f:71:f1:13:9d:2c:
         22:19:2c:1a:3b:63:e3:ca:2e:eb:c7:9c:e1:68:e4:69:ea:1c:
         e0:cc:fb:13:ee:fa:d7:5d:67:33:3e:96:04:25:14:d2:56:c8:
         63:84:c4:ee:7f:40:8e:1e:73:32:7c:ad:e2:d1:0a:22:b8:21:
         8e:58:69:01:a6:dd:f2:fa:7a:f5:e1:9f:2d:ae:04:fb:a3:6c:
         dd:7d:d8:7a:f4:53:88:6b:77:25:35:90:84:b7:49:12:b2:5f:
         d3:bf:54:54:ed:53:20:ce:95:46:db:7c:53:d2:46:87:32:49:
         2e:d4:2c:ca:16:df:6f:70:3f:1e:dd:97:63:08:25:22:3f:fc:
         44:78:21:63:29:1f:8b:66:c2:b5:a2:6a:97:5c:82:94:1a:7c:
         03:a6:cb:57:ae:10:c9:de:f8:77:cc:78:fe:98:c3:93:ec:11:
         ce:8d:84:24:2d:eb:56:70:85:a8:8c:37:63:80:8d:4c:2c:d2:
         b2:08:f2:98:5d:26:fb:81:97:34:be:7b:a9:69:f8:f2:c9:d5:
         d3:aa:e8:aa:8e:b9:e2:24:32:ce:7b:a9:fd:77:1b:b7:6b:99:
         96:bd:68:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTmFHamfXisx1Qs5f2M7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZWNjY2RlODVjNDBiMTU0ZjkxOWJhZjY0ZWYwMzJlYzcw
ZDc1MWUwHhcNMjQwMTAyMDgzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNiYjdiN2U1Y2MzMmM5YzFhZWI1YTlmNzJkYjM0NzU2ZmU0NTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+Okle25pUtYxG2RWFshhIjfEuJa
tVt/T8jWxd3nl4bNQtjyC7m/507Ys/PTnbCK3lbBTfrdDv6Ir1tVWkow4xxewYnu
/vctQ8RFuTbHDjQrsA2nhJ4wN++jbJzRBepOwh59DzxrMi2H364tS8HqtltIDWfk
h/5Bw6aUIdPPDqw+8yh5JS8HN8+0VtAIWTQyDIGuWou56E6zPCdtbcS6Oy1Vtbrm
gRYee7uY7FJ1PGdnfhQOOjT5Q+CvbnE9SPDWUWo5muNSgjiEi6V8stK4+GrfhBoK
IaZ7zhHLEyxWEKU9vUJ7cZhbQetLKNQEg60RIoi0RcfEurAnUdT+81APxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFw7t7flzDLJwa61qfcts0dW/kUoMB8GA1UdIwQY
MBaAFJPszN6FxAsVT5Gbr2TvAy7HDXUeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay16TTNvWEVDeFZQa1p1dlpPOERMc2NOZFI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC85NjU1ODAtODczNi00MTczLWJkZTMt
MmMzMDI4ZmNlY2U5LzEvWER1M3QtWE1Nc25CcnJXcDl5MnpSMWItUlNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC85NjU1ODAtODczNi00MTczLWJkZTMtMmMzMDI4ZmNlY2U5
LzEvay16TTNvWEVDeFZQa1p1dlpPOERMc2NOZFI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAE4
MA0GCSqGSIb3DQEBCwUAA4IBAQAQSH22sv31tqBrJxrpC8mXv5mFlIi0+2yWp9Kt
a6WfcfETnSwiGSwaO2Pjyi7rx5zhaORp6hzgzPsT7vrXXWczPpYEJRTSVshjhMTu
f0COHnMyfK3i0QoiuCGOWGkBpt3y+nr14Z8trgT7o2zdfdh69FOIa3clNZCEt0kS
sl/Tv1RU7VMgzpVG23xT0kaHMkku1CzKFt9vcD8e3ZdjCCUiP/xEeCFjKR+LZsK1
omqXXIKUGnwDpstXrhDJ3vh3zHj+mMOT7BHOjYQkLetWcIWojDdjgI1MLNKyCPKY
XSb7gZc0vnupafjyydXTquiqjrniJDLOe6n9dxu3a5mWvWgb
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:16:24 2024 by rpki-client on console-ams.rpki-client.org