Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/orBDAfSjI1NCg3af1O2rIizGDuY.roa
File:                     orBDAfSjI1NCg3af1O2rIizGDuY.roa (raw, json)
Hash identifier:          UUdDrV3WwUhmQqkZLdxfylOh/5wqavyvkkIvaN4OFEE=
Subject key identifier:   A2:B0:43:01:F4:A3:23:53:42:83:76:9F:D4:ED:AB:22:2C:C6:0E:E6
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       018CC500709225DAEC4696DC49C3C8080071
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/orBDAfSjI1NCg3af1O2rIizGDuY.roa
Signing time:             Mon 01 Jan 2024 12:29:49 +0000
ROA not before:           Mon 01 Jan 2024 12:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198814
IP address blocks:        2a02:17a6::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:70:92:25:da:ec:46:96:dc:49:c3:c8:08:00:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  1 12:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2b04301f4a323534283769fd4edab222cc60ee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d5:4a:33:78:a4:6e:cf:96:a2:15:d9:5d:f9:
                    78:f1:b1:82:8d:1f:78:42:c5:41:93:de:f8:11:a6:
                    78:70:59:5e:df:15:57:1e:4d:c8:48:42:0f:28:5a:
                    e9:09:c9:9c:62:0b:bc:11:dd:0e:f8:d7:5f:42:d7:
                    3b:cb:80:ac:6d:3b:1f:cd:c5:4f:ef:ed:d7:07:9a:
                    dc:d4:2d:a5:fc:1f:30:d8:f4:41:6e:99:9d:16:0a:
                    a2:8b:61:a7:9a:7b:3c:2e:1e:44:f2:21:1f:ff:82:
                    ca:4f:4a:1d:5e:01:1d:83:43:7e:88:0b:19:10:a3:
                    ff:2d:6c:74:67:8c:d1:81:a0:ce:30:96:7e:0b:59:
                    f5:e1:6a:38:2f:30:69:9e:7d:98:1c:7a:bb:2c:43:
                    78:fd:95:51:ae:80:a8:6a:7d:d4:21:5f:10:47:ae:
                    2a:32:05:b0:b2:4a:85:59:47:bd:78:a7:7a:53:ea:
                    24:ca:31:c9:81:16:54:b3:c3:4e:bb:d7:b6:f8:ac:
                    86:2d:e8:bb:5c:2b:56:88:d9:16:75:0b:9a:db:5b:
                    3a:b3:8d:2d:79:5b:5f:24:fc:74:29:9f:46:94:71:
                    cb:40:2b:91:c2:64:6d:3f:d6:29:62:81:77:e3:19:
                    6b:e9:ce:28:d1:7b:cd:3e:db:88:93:30:eb:e1:d7:
                    b2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:B0:43:01:F4:A3:23:53:42:83:76:9F:D4:ED:AB:22:2C:C6:0E:E6
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/orBDAfSjI1NCg3af1O2rIizGDuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:17a6::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:21:3e:78:52:ef:1e:2a:46:4f:d5:17:6c:0b:59:c2:c4:20:
         2c:05:15:27:7d:6b:a7:0e:fb:32:a2:05:0e:6d:f9:a6:be:62:
         49:04:3e:04:5a:5d:8d:66:d7:ae:03:18:84:b5:0c:ad:43:df:
         36:98:e9:38:09:8e:29:70:83:49:2a:24:00:23:30:ef:a6:0e:
         23:09:aa:29:e8:19:c0:91:ac:36:60:3f:73:a7:34:c5:15:49:
         95:e7:fc:6f:51:12:6c:8c:5f:5b:58:0d:9b:3d:5e:94:c4:50:
         2c:59:f1:cc:db:5d:77:76:78:7e:52:3c:ff:25:61:ad:3a:9b:
         94:e4:ae:66:40:5a:8f:4b:cb:7e:3c:7f:e1:a2:99:a9:2c:6e:
         08:ef:95:87:fc:ae:a7:69:e6:a3:fb:11:c6:62:bd:4a:40:e4:
         c3:6f:ee:f3:2c:e3:a5:2d:93:da:c5:80:be:fd:f8:0b:c3:aa:
         bc:0d:8e:a7:57:76:d3:2e:85:67:bf:7b:ef:2a:ca:20:77:ab:
         9f:43:ab:be:8b:02:e2:4f:28:4c:ef:b6:7b:28:fb:6a:02:3f:
         33:a3:98:23:a0:c9:80:39:d0:a6:5d:48:c6:48:ed:68:4e:15:
         55:2e:04:61:a3:d0:98:3e:2d:a3:f6:33:e4:de:02:91:24:75:
         fd:2c:10:c3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAHCSJdrsRpbcScPICABxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjQwMTAxMTIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmIwNDMwMWY0YTMyMzUzNDI4Mzc2OWZkNGVkYWIyMjJjYzYwZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdVKM3ikbs+WohXZXfl48bGCjR94
QsVBk974EaZ4cFle3xVXHk3ISEIPKFrpCcmcYgu8Ed0O+NdfQtc7y4CsbTsfzcVP
7+3XB5rc1C2l/B8w2PRBbpmdFgqii2Gnmns8Lh5E8iEf/4LKT0odXgEdg0N+iAsZ
EKP/LWx0Z4zRgaDOMJZ+C1n14Wo4LzBpnn2YHHq7LEN4/ZVRroCoan3UIV8QR64q
MgWwskqFWUe9eKd6U+okyjHJgRZUs8NOu9e2+KyGLei7XCtWiNkWdQua21s6s40t
eVtfJPx0KZ9GlHHLQCuRwmRtP9YpYoF34xlr6c4o0XvNPtuIkzDr4deyKwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKKwQwH0oyNTQoN2n9TtqyIsxg7mMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvb3JCREFmU2pJMU5DZzNhZjFPMnJJaXpHRHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIXpjAN
BgkqhkiG9w0BAQsFAAOCAQEAbyE+eFLvHipGT9UXbAtZwsQgLAUVJ31rpw77MqIF
Dm35pr5iSQQ+BFpdjWbXrgMYhLUMrUPfNpjpOAmOKXCDSSokACMw76YOIwmqKegZ
wJGsNmA/c6c0xRVJlef8b1ESbIxfW1gNmz1elMRQLFnxzNtdd3Z4flI8/yVhrTqb
lOSuZkBaj0vLfjx/4aKZqSxuCO+Vh/yup2nmo/sRxmK9SkDkw2/u8yzjpS2T2sWA
vv34C8OqvA2Op1d20y6FZ7977yrKIHern0OrvosC4k8oTO+2eyj7agI/M6OYI6DJ
gDnQpl1IxkjtaE4VVS4EYaPQmD4to/Yz5N4CkSR1/SwQww==
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:41:17 2024 by rpki-client on console-ams.rpki-client.org