Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/27w5U8_qx1GxnrOThLkfyExiFeY.roa
File:                     27w5U8_qx1GxnrOThLkfyExiFeY.roa (raw, json)
Hash identifier:          nbpq09AZQbCZLqPS5Sltq9GaZF5wIQYm8z0Ud9o6XPM=
Subject key identifier:   DB:BC:39:53:CF:EA:C7:51:B1:9E:B3:93:84:B9:1F:C8:4C:62:15:E6
Certificate issuer:       /CN=651bad95276947c7be536af4c870a3721f0b7761
Certificate serial:       018CC26CFCFD024686D02418FAB3DF51377B
Authority key identifier: 65:1B:AD:95:27:69:47:C7:BE:53:6A:F4:C8:70:A3:72:1F:0B:77:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZRutlSdpR8e-U2r0yHCjch8Ld2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/27w5U8_qx1GxnrOThLkfyExiFeY.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200299
IP address blocks:        2a09:3a00:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/ZRutlSdpR8e-U2r0yHCjch8Ld2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/ZRutlSdpR8e-U2r0yHCjch8Ld2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZRutlSdpR8e-U2r0yHCjch8Ld2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fc:fd:02:46:86:d0:24:18:fa:b3:df:51:37:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=651bad95276947c7be536af4c870a3721f0b7761
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbbc3953cfeac751b19eb39384b91fc84c6215e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ad:3e:fd:3e:c7:be:ae:a0:a1:21:16:62:83:
                    77:d4:71:0d:46:c7:66:46:1f:51:74:43:f4:23:a5:
                    af:bd:66:07:f7:8f:de:b5:98:77:0b:d9:37:b8:f3:
                    19:4c:c0:88:ea:12:9a:ea:39:a1:d7:4a:8d:47:99:
                    8d:6d:0a:b2:f1:33:ba:1f:6d:18:00:55:0f:6f:0f:
                    78:28:13:ee:44:a1:80:a8:f7:6d:c6:e1:7b:65:bc:
                    8c:ee:7b:94:50:6f:fb:c7:5c:e3:2d:74:c4:1c:45:
                    25:9f:4c:d1:ef:dc:04:74:e6:22:18:05:14:3a:18:
                    c7:49:39:21:d9:22:f0:e5:64:30:87:6d:b5:b6:ea:
                    5d:7e:3e:28:5b:fa:cc:9a:52:5f:ab:e8:c3:54:d0:
                    9e:12:02:02:c2:1e:f5:7d:0a:be:05:d3:20:eb:dd:
                    3d:d6:83:0f:f6:c2:c7:d7:07:69:0d:0e:96:9a:d3:
                    27:ad:7f:94:d6:41:db:5a:72:dc:7d:42:c6:57:73:
                    ba:4e:da:4d:f0:e5:30:dc:d1:7e:39:97:a3:d8:1f:
                    0d:54:a2:19:91:7a:2d:2b:2f:f1:22:91:d4:87:56:
                    ba:ec:a4:64:77:a2:44:07:ca:3c:13:c5:be:8f:e5:
                    0a:1b:c6:d6:f5:b7:00:f9:07:41:91:8e:39:9f:5c:
                    76:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:BC:39:53:CF:EA:C7:51:B1:9E:B3:93:84:B9:1F:C8:4C:62:15:E6
            X509v3 Authority Key Identifier:
                keyid:65:1B:AD:95:27:69:47:C7:BE:53:6A:F4:C8:70:A3:72:1F:0B:77:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZRutlSdpR8e-U2r0yHCjch8Ld2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/27w5U8_qx1GxnrOThLkfyExiFeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1dbd6b-35cc-4f09-b92e-198b6a61ce85/1/ZRutlSdpR8e-U2r0yHCjch8Ld2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:3a00:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:e7:a3:41:ce:38:84:76:c7:5a:4f:c6:48:a0:f8:c8:39:a2:
         2e:ac:ba:74:7d:b6:68:6b:cb:9e:04:5a:aa:6b:c5:7a:63:f2:
         c6:e9:3d:14:66:f3:2c:f2:f2:63:1d:d8:b0:e8:c7:05:f2:31:
         7c:45:05:4f:9e:95:94:6f:f5:af:96:41:e6:4e:0e:ef:8f:e7:
         97:68:45:9a:ad:27:6d:a2:17:02:79:c2:5e:25:08:13:b0:0e:
         ef:d7:d6:d7:14:0a:83:35:76:41:67:8e:62:0c:5c:73:17:7d:
         97:a8:37:8c:32:ae:02:89:5b:d5:6d:0c:7c:c5:1b:b9:ee:9d:
         29:4e:0c:07:9b:80:22:c4:be:52:10:e8:cb:04:6f:65:70:69:
         cd:5d:5a:e7:ad:16:61:8f:3e:28:45:b2:05:4e:30:89:19:98:
         61:0d:7f:a9:3d:04:36:a6:14:ca:c3:39:0a:22:cc:d7:a8:d2:
         dc:ec:0e:f0:e7:ae:3f:3e:88:70:16:3a:6a:4c:c3:91:73:74:
         f5:e9:f7:b8:43:d4:37:29:d3:98:1f:24:c0:20:bc:4b:ec:e5:
         a8:75:51:ad:bd:db:8a:15:8d:77:6e:ae:01:cf:01:9f:84:49:
         db:d1:a4:bc:03:90:19:93:aa:4a:21:e7:f3:bd:fd:f9:9d:f2:
         50:d5:49:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbPz9AkaG0CQY+rPfUTd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MWJhZDk1Mjc2OTQ3YzdiZTUzNmFmNGM4NzBhMzcyMWYw
Yjc3NjEwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmJjMzk1M2NmZWFjNzUxYjE5ZWIzOTM4NGI5MWZjODRjNjIxNWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs60+/T7Hvq6goSEWYoN31HENRsdm
Rh9RdEP0I6WvvWYH94/etZh3C9k3uPMZTMCI6hKa6jmh10qNR5mNbQqy8TO6H20Y
AFUPbw94KBPuRKGAqPdtxuF7ZbyM7nuUUG/7x1zjLXTEHEUln0zR79wEdOYiGAUU
OhjHSTkh2SLw5WQwh221tupdfj4oW/rMmlJfq+jDVNCeEgICwh71fQq+BdMg6909
1oMP9sLH1wdpDQ6WmtMnrX+U1kHbWnLcfULGV3O6TtpN8OUw3NF+OZej2B8NVKIZ
kXotKy/xIpHUh1a67KRkd6JEB8o8E8W+j+UKG8bW9bcA+QdBkY45n1x2cQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNu8OVPP6sdRsZ6zk4S5H8hMYhXmMB8GA1UdIwQY
MBaAFGUbrZUnaUfHvlNq9Mhwo3IfC3dhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlJ1dGxTZHBSOGUtVTJyMHlIQ2pjaDhMZDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xZGJkNmItMzVjYy00ZjA5LWI5MmUt
MTk4YjZhNjFjZTg1LzEvMjd3NVU4X3F4MUd4bnJPVGhMa2Z5RXhpRmVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xZGJkNmItMzVjYy00ZjA5LWI5MmUtMTk4YjZhNjFjZTg1
LzEvWlJ1dGxTZHBSOGUtVTJyMHlIQ2pjaDhMZDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgk6ACAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB/56NBzjiEdsdaT8ZIoPjIOaIurLp0fbZoa8ue
BFqqa8V6Y/LG6T0UZvMs8vJjHdiw6McF8jF8RQVPnpWUb/WvlkHmTg7vj+eXaEWa
rSdtohcCecJeJQgTsA7v19bXFAqDNXZBZ45iDFxzF32XqDeMMq4CiVvVbQx8xRu5
7p0pTgwHm4AixL5SEOjLBG9lcGnNXVrnrRZhjz4oRbIFTjCJGZhhDX+pPQQ2phTK
wzkKIszXqNLc7A7w564/PohwFjpqTMORc3T16fe4Q9Q3KdOYHyTAILxL7OWodVGt
vduKFY13bq4BzwGfhEnb0aS8A5AZk6pKIefzvf35nfJQ1UkU
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:54:32 2024 by rpki-client on console-ams.rpki-client.org