Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/8nUMk0ZLdg4r1bX9hPaRnyTpa00.roa
File:                     8nUMk0ZLdg4r1bX9hPaRnyTpa00.roa (raw, json)
Hash identifier:          KWd6bRvadTngjr+4tKWBVRMhH6nzdvPiQYnxoA5SdH0=
Subject key identifier:   F2:75:0C:93:46:4B:76:0E:2B:D5:B5:FD:84:F6:91:9F:24:E9:6B:4D
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       018CC26D56B01E5300664C292A5823D725A2
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/8nUMk0ZLdg4r1bX9hPaRnyTpa00.roa
Signing time:             Mon 01 Jan 2024 00:29:54 +0000
ROA not before:           Mon 01 Jan 2024 00:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210625
IP address blocks:        2a09:4e07:7000::/36 maxlen: 36
                          2a09:4e07:9000::/36 maxlen: 36
                          2a09:4e06::/32 maxlen: 32
                          2a0d:60c5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:56:b0:1e:53:00:66:4c:29:2a:58:23:d7:25:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2750c93464b760e2bd5b5fd84f6919f24e96b4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c5:7e:a9:76:83:3d:aa:a0:bf:c9:a9:78:99:
                    8d:bb:fe:b0:10:99:7c:2f:60:88:f3:6c:db:cc:ed:
                    f6:b8:79:e4:b8:ec:a0:c8:e6:8d:d9:fa:71:67:d1:
                    ba:62:9f:94:59:b3:d6:01:1b:e3:1e:5e:55:ef:3d:
                    db:8c:36:fb:bb:4e:36:35:19:15:3d:d4:de:fb:57:
                    7f:f4:02:c4:73:8e:bc:0b:5f:32:45:a4:69:38:b5:
                    46:66:50:70:5e:bc:ef:f2:b1:0c:67:61:e9:7b:a5:
                    b5:04:cd:75:35:25:f0:fb:47:40:bd:54:32:a9:0f:
                    9f:d6:2c:c6:a9:20:df:cb:9d:cf:ae:14:c0:ad:1c:
                    43:f0:a6:c3:b6:80:0d:95:ad:00:17:2c:3d:15:3d:
                    22:e4:e7:0f:e7:b9:4c:32:b5:bd:62:b4:5f:b9:71:
                    68:c4:30:71:f6:d2:2d:d7:cb:a0:98:98:eb:06:56:
                    3b:a3:74:a3:72:f6:55:69:79:f3:f0:57:8d:9c:9e:
                    77:48:80:ec:e5:d0:7c:30:3a:36:a4:40:2f:a5:77:
                    47:62:4c:3c:eb:3a:e8:a0:47:0b:9a:69:10:fe:f6:
                    8a:8e:11:29:bc:14:d3:81:ca:3b:e4:d9:8c:e8:e1:
                    5d:9e:c3:f1:8b:88:71:84:7c:ad:bc:5c:cb:34:67:
                    7e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:75:0C:93:46:4B:76:0E:2B:D5:B5:FD:84:F6:91:9F:24:E9:6B:4D
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/8nUMk0ZLdg4r1bX9hPaRnyTpa00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:4e06::/32
                  2a09:4e07:7000::/36
                  2a09:4e07:9000::/36
                  2a0d:60c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:a7:cf:4c:66:2e:db:95:d0:8e:c9:ff:11:a5:4a:78:2a:f0:
         91:18:1f:16:be:2d:ba:e5:b8:c5:47:ff:72:dd:a9:f2:2b:cd:
         b3:ff:fd:aa:78:2e:5d:1e:f2:4c:16:1b:56:6a:cc:32:a3:8a:
         b0:fa:49:e4:54:24:79:4e:96:33:f3:d9:3f:61:3c:3b:0b:9d:
         96:64:0a:3d:86:da:50:9d:08:80:bb:59:58:54:03:ab:5b:07:
         a0:ce:a2:7f:94:c4:16:12:61:1e:73:07:66:64:8b:42:f6:9a:
         44:19:2c:71:66:89:60:ef:7c:79:2c:07:d7:68:c9:cb:2b:a4:
         63:b5:05:4e:fd:9b:f5:e5:8d:22:c0:04:e2:94:55:49:1b:36:
         b4:37:85:2f:62:ac:12:db:5c:55:09:da:90:8d:9d:24:3a:e1:
         f4:cd:60:c9:80:2e:91:70:23:2f:64:9c:ad:74:d6:0a:af:e1:
         8d:e6:b5:61:0a:a7:dc:9d:b8:be:bc:2c:0c:08:8e:ad:e2:6b:
         3d:9a:83:3d:3f:df:22:60:42:e9:f7:82:ce:7b:b1:45:b0:1e:
         3e:bb:51:a1:8a:cc:ed:5e:6b:73:76:d1:3f:45:f7:bf:5c:32:
         4c:72:8c:45:76:41:3c:98:8f:17:16:56:c1:9a:3d:6e:82:9e:
         95:e4:1b:da
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzCbVawHlMAZkwpKlgj1yWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjc1MGM5MzQ2NGI3NjBlMmJkNWI1ZmQ4NGY2OTE5ZjI0ZTk2YjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsV+qXaDPaqgv8mpeJmNu/6wEJl8
L2CI82zbzO32uHnkuOygyOaN2fpxZ9G6Yp+UWbPWARvjHl5V7z3bjDb7u042NRkV
PdTe+1d/9ALEc468C18yRaRpOLVGZlBwXrzv8rEMZ2Hpe6W1BM11NSXw+0dAvVQy
qQ+f1izGqSDfy53PrhTArRxD8KbDtoANla0AFyw9FT0i5OcP57lMMrW9YrRfuXFo
xDBx9tIt18ugmJjrBlY7o3SjcvZVaXnz8FeNnJ53SIDs5dB8MDo2pEAvpXdHYkw8
6zrooEcLmmkQ/vaKjhEpvBTTgco75NmM6OFdnsPxi4hxhHytvFzLNGd+pwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFPJ1DJNGS3YOK9W1/YT2kZ8k6WtNMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvOG5VTWswWkxkZzRyMWJYOWhQYVJueVRwYTAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAAjAeAwUAKglOBgMG
BCoJTgdwAwYEKglOB5ADBQAqDWDFMA0GCSqGSIb3DQEBCwUAA4IBAQAPp89MZi7b
ldCOyf8RpUp4KvCRGB8Wvi265bjFR/9y3anyK82z//2qeC5dHvJMFhtWaswyo4qw
+knkVCR5TpYz89k/YTw7C52WZAo9htpQnQiAu1lYVAOrWwegzqJ/lMQWEmEecwdm
ZItC9ppEGSxxZolg73x5LAfXaMnLK6RjtQVO/Zv15Y0iwATilFVJGza0N4UvYqwS
21xVCdqQjZ0kOuH0zWDJgC6RcCMvZJytdNYKr+GN5rVhCqfcnbi+vCwMCI6t4ms9
moM9P98iYELp94LOe7FFsB4+u1GhisztXmtzdtE/Rfe/XDJMcoxFdkE8mI8XFlbB
mj1ugp6V5Bva
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:52:44 2024 by rpki-client on console-ams.rpki-client.org