Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/a9ofITqqYa60yp597jFNJiFfkDk.roa
File:                     a9ofITqqYa60yp597jFNJiFfkDk.roa (raw, json)
Hash identifier:          +VNpTQzKJJZj8EZ6senrGu1+xne4/xLouiN0wCmmxbU=
Subject key identifier:   6B:DA:1F:21:3A:AA:61:AE:B4:CA:9E:7D:EE:31:4D:26:21:5F:90:39
Certificate issuer:       /CN=aeb76321c8d469ee3ba023920b372ccda5de9e0f
Certificate serial:       019425FCB2CFF5DDDEEFD34539D606AF2784
Authority key identifier: AE:B7:63:21:C8:D4:69:EE:3B:A0:23:92:0B:37:2C:CD:A5:DE:9E:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrdjIcjUae47oCOSCzcszaXeng8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/a9ofITqqYa60yp597jFNJiFfkDk.roa
Signing time:             Thu 02 Jan 2025 07:48:25 +0000
ROA not before:           Thu 02 Jan 2025 07:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1152
IP address blocks:        2a0f:d980::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/rrdjIcjUae47oCOSCzcszaXeng8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/rrdjIcjUae47oCOSCzcszaXeng8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrdjIcjUae47oCOSCzcszaXeng8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:b2:cf:f5:dd:de:ef:d3:45:39:d6:06:af:27:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb76321c8d469ee3ba023920b372ccda5de9e0f
        Validity
            Not Before: Jan  2 07:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6bda1f213aaa61aeb4ca9e7dee314d26215f9039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:13:da:6a:b0:63:6d:3f:7f:b3:92:5e:c4:08:
                    c5:3b:64:45:fa:f9:18:54:5e:2c:f8:71:f5:fa:46:
                    eb:d8:c8:19:ce:49:6d:1e:d3:32:14:74:d8:00:3f:
                    a5:5d:1c:df:a7:8b:17:2e:07:c2:f5:46:70:31:9c:
                    fb:1b:1e:71:39:86:bc:3f:72:d3:b7:83:b0:48:29:
                    27:82:31:82:0a:9f:34:d6:a6:ab:94:66:70:8a:6d:
                    fe:32:e2:fa:9f:08:32:e7:9d:a3:3b:a3:a3:a7:19:
                    63:11:b4:a5:18:52:d1:bb:ec:93:bf:ce:88:07:e7:
                    68:32:ad:f7:f0:0b:16:56:1c:45:10:1e:dd:c6:3a:
                    67:01:8a:ae:66:fa:05:60:5a:5e:43:8b:de:59:8f:
                    d1:f8:83:10:42:2f:4b:0e:2b:f0:8b:53:d2:d2:ef:
                    91:80:5b:43:6f:66:c2:c8:4d:30:c8:f5:94:0a:0e:
                    44:27:00:f1:d7:d1:f6:84:af:dc:f9:38:53:8d:44:
                    73:b7:be:7c:f5:9d:fa:57:a2:8c:0a:b8:84:42:01:
                    4b:05:4b:0e:ab:68:bd:cc:08:a3:dc:3e:aa:c3:81:
                    08:49:f1:f7:56:a0:ca:5b:37:f0:ce:96:e1:12:12:
                    bf:ad:33:6c:a9:39:18:7f:5b:8d:0a:1f:01:2e:90:
                    1d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:DA:1F:21:3A:AA:61:AE:B4:CA:9E:7D:EE:31:4D:26:21:5F:90:39
            X509v3 Authority Key Identifier:
                keyid:AE:B7:63:21:C8:D4:69:EE:3B:A0:23:92:0B:37:2C:CD:A5:DE:9E:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrdjIcjUae47oCOSCzcszaXeng8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/a9ofITqqYa60yp597jFNJiFfkDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/rrdjIcjUae47oCOSCzcszaXeng8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:d980::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:ee:1b:76:c5:9d:16:09:d8:53:ee:3c:cf:ee:b1:8c:a8:0d:
         f1:5b:47:0e:fb:a7:eb:d0:57:6b:17:e4:c1:5c:9c:36:cf:a4:
         0c:0d:5c:80:63:3d:c7:c6:26:5a:de:39:39:26:bd:ce:bb:68:
         96:20:87:11:a9:df:14:c7:96:d4:2b:ab:ac:69:c3:91:eb:71:
         82:94:8b:2c:0e:01:05:40:d8:78:dd:6d:05:be:3c:a7:c5:d1:
         af:7e:f4:a7:c1:44:a0:10:b9:83:22:a0:ef:c8:87:d4:a0:b1:
         c6:e8:32:36:ba:97:a4:d6:bd:90:3f:ef:b3:27:53:af:0b:76:
         63:be:95:ff:f4:43:39:c5:19:a7:4f:51:12:ac:ae:c5:15:59:
         0a:a1:7c:88:1b:91:d9:bc:45:21:e6:29:4d:e5:1f:91:67:08:
         a6:48:a3:33:52:60:4e:15:81:60:66:64:f9:b0:9e:62:1f:19:
         64:d3:b5:ee:95:3f:04:7e:3a:6f:1f:f7:f6:cc:bd:f2:7b:bd:
         13:ce:17:39:34:36:1d:1a:8a:dc:29:31:0d:1b:18:4d:d5:87:
         d4:2d:ab:ee:1d:e9:ba:76:14:cd:04:3c:d2:4a:7f:ab:7e:fa:
         d3:c1:56:30:46:1c:0f:1b:3d:b5:23:e6:4c:95:23:b2:5a:e0:
         d2:34:4e:6a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/LLP9d3e79NFOdYGryeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjc2MzIxYzhkNDY5ZWUzYmEwMjM5MjBiMzcyY2NkYTVk
ZTllMGYwHhcNMjUwMTAyMDc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmRhMWYyMTNhYWE2MWFlYjRjYTllN2RlZTMxNGQyNjIxNWY5MDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBPaarBjbT9/s5JexAjFO2RF+vkY
VF4s+HH1+kbr2MgZzkltHtMyFHTYAD+lXRzfp4sXLgfC9UZwMZz7Gx5xOYa8P3LT
t4OwSCkngjGCCp801qarlGZwim3+MuL6nwgy552jO6OjpxljEbSlGFLRu+yTv86I
B+doMq338AsWVhxFEB7dxjpnAYquZvoFYFpeQ4veWY/R+IMQQi9LDivwi1PS0u+R
gFtDb2bCyE0wyPWUCg5EJwDx19H2hK/c+ThTjURzt7589Z36V6KMCriEQgFLBUsO
q2i9zAij3D6qw4EISfH3VqDKWzfwzpbhEhK/rTNsqTkYf1uNCh8BLpAdfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGvaHyE6qmGutMqefe4xTSYhX5A5MB8GA1UdIwQY
MBaAFK63YyHI1GnuO6Ajkgs3LM2l3p4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJkakljalVhZTQ3b0NPU0N6Y3N6YVhlbmc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC84ZDdlODUtMDBjMC00MGUwLWFhODAt
YzdkY2MyMzkxY2M5LzEvYTlvZklUcXFZYTYweXA1OTdqRk5KaUZma0RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC84ZDdlODUtMDBjMC00MGUwLWFhODAtYzdkY2MyMzkxY2M5
LzEvcnJkakljalVhZTQ3b0NPU0N6Y3N6YVhlbmc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg/ZgDAN
BgkqhkiG9w0BAQsFAAOCAQEAHe4bdsWdFgnYU+48z+6xjKgN8VtHDvun69BXaxfk
wVycNs+kDA1cgGM9x8YmWt45OSa9zrtoliCHEanfFMeW1CurrGnDketxgpSLLA4B
BUDYeN1tBb48p8XRr370p8FEoBC5gyKg78iH1KCxxugyNrqXpNa9kD/vsydTrwt2
Y76V//RDOcUZp09REqyuxRVZCqF8iBuR2bxFIeYpTeUfkWcIpkijM1JgThWBYGZk
+bCeYh8ZZNO17pU/BH46bx/39sy98nu9E84XOTQ2HRqK3CkxDRsYTdWH1C2r7h3p
unYUzQQ80kp/q37608FWMEYcDxs9tSPmTJUjslrg0jROag==
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:53:33 2025 by rpki-client