Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/08cb2a-034b-47b6-b132-7f8ba96f5e49/1/08bbcv89W87DmFtHzXrN7U3QSHU.roa
File:                     08bbcv89W87DmFtHzXrN7U3QSHU.roa (raw, json)
Hash identifier:          9AeNNFGUfpxdXEfJ8bsHsWoqd0RsRNK2NzeBfsrsJDA=
Subject key identifier:   D3:C6:DB:72:FF:3D:5B:CE:C3:98:5B:47:CD:7A:CD:ED:4D:D0:48:75
Certificate issuer:       /CN=93608a0cda0133f876ab9ad83fa37bcef62df2df
Certificate serial:       0190C9880A4AAFF132C2ED0913BC19827CA5
Authority key identifier: 93:60:8A:0C:DA:01:33:F8:76:AB:9A:D8:3F:A3:7B:CE:F6:2D:F2:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2CKDNoBM_h2q5rYP6N7zvYt8t8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/08cb2a-034b-47b6-b132-7f8ba96f5e49/1/08bbcv89W87DmFtHzXrN7U3QSHU.roa
Signing time:             Fri 19 Jul 2024 05:47:34 +0000
ROA not before:           Fri 19 Jul 2024 05:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210365
IP address blocks:        2001:67c:22cc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/08cb2a-034b-47b6-b132-7f8ba96f5e49/1/k2CKDNoBM_h2q5rYP6N7zvYt8t8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/08cb2a-034b-47b6-b132-7f8ba96f5e49/1/k2CKDNoBM_h2q5rYP6N7zvYt8t8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2CKDNoBM_h2q5rYP6N7zvYt8t8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c9:88:0a:4a:af:f1:32:c2:ed:09:13:bc:19:82:7c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93608a0cda0133f876ab9ad83fa37bcef62df2df
        Validity
            Not Before: Jul 19 05:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3c6db72ff3d5bcec3985b47cd7acded4dd04875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:88:2f:c8:52:0a:67:b5:38:d8:33:3f:55:48:
                    54:35:8e:c2:35:d6:47:b4:2c:1e:fe:6d:f1:84:06:
                    1e:61:34:54:d6:28:9f:a5:b3:92:f5:a5:0f:fa:8e:
                    df:ee:67:f1:59:ff:84:8b:8d:75:8c:18:ad:fd:1d:
                    3c:e8:f4:7a:e9:fc:2f:84:c3:36:0e:3a:cb:74:b6:
                    30:18:57:4e:b3:91:76:02:7c:ee:cd:91:49:01:56:
                    64:fa:c8:fd:42:ab:78:ef:40:51:8e:0f:08:b1:a6:
                    8a:b3:60:b4:43:32:25:f2:17:0a:3d:4d:96:73:39:
                    55:8b:2a:07:45:58:e3:75:aa:8a:c7:bf:ab:bd:5a:
                    94:75:40:c3:7f:9d:f2:e4:4f:7d:b2:5e:a4:b3:2c:
                    e7:f9:9a:71:01:1f:68:6f:b8:bc:5a:04:40:85:85:
                    33:fa:ab:09:b9:59:e1:d1:ba:82:df:9f:4a:d6:f7:
                    f1:d7:1e:09:d6:ae:c6:14:46:88:ce:a6:95:33:e1:
                    a8:6f:15:cc:ee:35:83:4c:6e:f5:cc:3e:de:7a:8e:
                    55:0c:7d:0d:3d:65:40:ca:bf:46:27:86:49:7b:c0:
                    ac:56:c8:86:e2:f9:7d:9b:7d:f2:88:c8:60:4e:74:
                    24:d8:81:f4:05:6b:b4:7a:ee:1a:67:ba:68:5a:10:
                    a5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:C6:DB:72:FF:3D:5B:CE:C3:98:5B:47:CD:7A:CD:ED:4D:D0:48:75
            X509v3 Authority Key Identifier:
                keyid:93:60:8A:0C:DA:01:33:F8:76:AB:9A:D8:3F:A3:7B:CE:F6:2D:F2:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2CKDNoBM_h2q5rYP6N7zvYt8t8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/08cb2a-034b-47b6-b132-7f8ba96f5e49/1/08bbcv89W87DmFtHzXrN7U3QSHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/08cb2a-034b-47b6-b132-7f8ba96f5e49/1/k2CKDNoBM_h2q5rYP6N7zvYt8t8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:22cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:30:4b:77:f1:95:6b:e9:eb:8e:2c:54:b1:17:51:52:9b:5a:
         7e:99:f7:80:f4:d7:93:91:4c:fb:a1:17:6f:5c:31:02:93:91:
         40:34:d2:d1:6c:83:da:ef:e7:a5:a9:b9:1e:ac:22:60:48:6c:
         12:ef:3a:77:1c:fe:4a:5e:02:a5:af:1d:63:29:8f:24:7b:c4:
         c7:73:2a:18:29:67:a2:a0:77:26:37:3b:12:80:77:91:e4:a6:
         0b:3c:a5:fd:23:64:b4:cc:51:d4:16:ea:33:7c:e6:ff:5d:37:
         5f:de:8b:40:9c:64:db:e1:9f:3a:ef:2a:48:67:ec:d5:fc:87:
         d5:f5:a5:5b:c9:b4:6e:e7:5c:52:82:de:e0:22:88:25:30:cc:
         27:24:63:67:57:99:f9:7a:f4:34:f8:15:ba:ad:7f:c1:91:4a:
         e8:bc:dd:c5:69:4c:b5:02:89:2d:74:5d:1e:9d:2d:f1:08:71:
         57:1a:b5:73:e0:04:b9:1b:a7:fd:aa:08:7e:2d:d0:d0:ae:21:
         22:52:76:98:a6:7b:54:3f:22:b2:8d:aa:39:6d:32:49:ef:80:
         ad:a8:44:15:21:31:b4:a3:95:65:47:e3:40:22:f7:7c:14:63:
         c0:c8:b0:09:20:6c:c8:42:d9:eb:17:27:40:ce:10:9c:8e:d1:
         72:46:70:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDJiApKr/Eywu0JE7wZgnylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjA4YTBjZGEwMTMzZjg3NmFiOWFkODNmYTM3YmNlZjYy
ZGYyZGYwHhcNMjQwNzE5MDU0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2M2ZGI3MmZmM2Q1YmNlYzM5ODViNDdjZDdhY2RlZDRkZDA0ODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkogvyFIKZ7U42DM/VUhUNY7CNdZH
tCwe/m3xhAYeYTRU1iifpbOS9aUP+o7f7mfxWf+Ei411jBit/R086PR66fwvhMM2
DjrLdLYwGFdOs5F2AnzuzZFJAVZk+sj9Qqt470BRjg8IsaaKs2C0QzIl8hcKPU2W
czlViyoHRVjjdaqKx7+rvVqUdUDDf53y5E99sl6ksyzn+ZpxAR9ob7i8WgRAhYUz
+qsJuVnh0bqC359K1vfx1x4J1q7GFEaIzqaVM+GobxXM7jWDTG71zD7eeo5VDH0N
PWVAyr9GJ4ZJe8CsVsiG4vl9m33yiMhgTnQk2IH0BWu0eu4aZ7poWhClfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNPG23L/PVvOw5hbR816ze1N0Eh1MB8GA1UdIwQY
MBaAFJNgigzaATP4dqua2D+je872LfLfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJDS0ROb0JNX2gycTVyWVA2Tjd6dll0OHQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8wOGNiMmEtMDM0Yi00N2I2LWIxMzIt
N2Y4YmE5NmY1ZTQ5LzEvMDhiYmN2ODlXODdEbUZ0SHpYck43VTNRU0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8wOGNiMmEtMDM0Yi00N2I2LWIxMzItN2Y4YmE5NmY1ZTQ5
LzEvazJDS0ROb0JNX2gycTVyWVA2Tjd6dll0OHQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCLM
MA0GCSqGSIb3DQEBCwUAA4IBAQBOMEt38ZVr6euOLFSxF1FSm1p+mfeA9NeTkUz7
oRdvXDECk5FANNLRbIPa7+elqbkerCJgSGwS7zp3HP5KXgKlrx1jKY8ke8THcyoY
KWeioHcmNzsSgHeR5KYLPKX9I2S0zFHUFuozfOb/XTdf3otAnGTb4Z867ypIZ+zV
/IfV9aVbybRu51xSgt7gIoglMMwnJGNnV5n5evQ0+BW6rX/BkUrovN3FaUy1Aokt
dF0enS3xCHFXGrVz4AS5G6f9qgh+LdDQriEiUnaYpntUPyKyjao5bTJJ74CtqEQV
ITG0o5VlR+NAIvd8FGPAyLAJIGzIQtnrFydAzhCcjtFyRnAG
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:10:53 2024 by rpki-client on console-ams.rpki-client.org