Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/0Ushjlx519Vf97PiC0DXs_XfAIg.roa
File:                     0Ushjlx519Vf97PiC0DXs_XfAIg.roa (raw, json)
Hash identifier:          ATG33ouECk+RMA3BmeyitsJELqapumEbQsXxyMtqglA=
Subject key identifier:   D1:4B:21:8E:5C:79:D7:D5:5F:F7:B3:E2:0B:40:D7:B3:F5:DF:00:88
Certificate issuer:       /CN=219885ea020e65006314ee9480def3b3efc039e3
Certificate serial:       018CC5DC3DCB93FFC2A80A1E9CA5A108D427
Authority key identifier: 21:98:85:EA:02:0E:65:00:63:14:EE:94:80:DE:F3:B3:EF:C0:39:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IZiF6gIOZQBjFO6UgN7zs-_AOeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/0Ushjlx519Vf97PiC0DXs_XfAIg.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51559
IP address blocks:        2a0a:db00:2::/48 maxlen: 48
                          2a0a:db00:d::/48 maxlen: 48
                          2a0a:db00:8::/48 maxlen: 48
                          2a0a:db00:3::/48 maxlen: 48
                          2a0a:db00:6::/48 maxlen: 48
                          2a0a:db00:1::/48 maxlen: 48
                          2a0a:db00:c::/48 maxlen: 48
                          2a0a:db00:7::/48 maxlen: 48
                          2a0a:db00:a::/48 maxlen: 48
                          2a0a:db00:5::/48 maxlen: 48
                          2a0a:db00::/48 maxlen: 48
                          2a0a:db00:b::/48 maxlen: 48
                          2a0a:db00:e::/48 maxlen: 48
                          2a0a:db00:9::/48 maxlen: 48
                          2a0a:db00:4::/48 maxlen: 48
                          2a0a:db00::/29 maxlen: 29
                          2a0a:db00:f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/IZiF6gIOZQBjFO6UgN7zs-_AOeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/IZiF6gIOZQBjFO6UgN7zs-_AOeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IZiF6gIOZQBjFO6UgN7zs-_AOeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3d:cb:93:ff:c2:a8:0a:1e:9c:a5:a1:08:d4:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=219885ea020e65006314ee9480def3b3efc039e3
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d14b218e5c79d7d55ff7b3e20b40d7b3f5df0088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:da:66:cc:54:41:49:e8:01:2d:5d:a9:03:88:
                    95:b6:50:91:00:50:73:f2:2a:1c:8f:8e:e8:b5:4f:
                    bb:9e:70:bc:12:da:e0:f9:74:53:c5:6b:b5:34:81:
                    e5:8f:fc:a6:9f:55:8e:b7:01:3d:12:a6:a0:a8:f9:
                    31:5d:80:e5:ee:a3:48:3b:da:0b:18:95:36:f7:d9:
                    2e:b8:1d:24:8a:6e:64:bb:dc:cb:b7:8d:f7:09:2d:
                    fa:ad:f8:47:cb:5d:e7:49:92:9e:f3:65:fb:62:05:
                    92:42:46:f2:82:da:fe:af:d3:b3:5b:3f:76:6b:28:
                    c8:ff:51:a5:b4:97:6a:db:7e:e0:5b:7f:8b:58:16:
                    1c:ee:e3:f3:2e:5f:26:dc:35:6d:9b:a3:a2:3d:f4:
                    d0:de:cd:00:23:9a:c5:6b:8e:5f:55:8d:86:d3:d2:
                    f2:f4:ac:2d:6d:99:b0:7f:e2:83:9b:59:93:97:b8:
                    5e:4e:54:aa:b2:c1:29:9c:6c:42:bc:fc:15:cf:6e:
                    22:31:34:c0:88:46:4b:11:e3:d4:09:ca:f1:7b:8e:
                    9c:37:1e:90:e8:da:35:36:ce:92:93:84:d2:5d:ec:
                    07:a6:79:57:b5:65:12:f2:ff:eb:1e:10:89:f9:aa:
                    4b:70:18:ae:76:da:cc:04:ba:f4:08:3f:24:5a:a5:
                    62:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:4B:21:8E:5C:79:D7:D5:5F:F7:B3:E2:0B:40:D7:B3:F5:DF:00:88
            X509v3 Authority Key Identifier:
                keyid:21:98:85:EA:02:0E:65:00:63:14:EE:94:80:DE:F3:B3:EF:C0:39:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IZiF6gIOZQBjFO6UgN7zs-_AOeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/0Ushjlx519Vf97PiC0DXs_XfAIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/IZiF6gIOZQBjFO6UgN7zs-_AOeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:db00::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:f0:e8:e2:f0:62:06:b8:34:fa:80:f4:38:48:8e:10:bb:c2:
         17:7d:15:19:6c:4e:a1:f1:03:32:65:86:0f:74:ce:e7:0c:6b:
         3a:e8:60:20:6a:22:13:d7:ac:00:70:19:f5:d5:80:67:21:f8:
         2e:a1:82:fa:27:9f:c3:e9:ea:92:49:ef:06:28:b5:9d:d8:e4:
         ba:f7:e0:4e:11:14:16:42:6b:6a:f3:98:96:ad:9c:d4:d5:ba:
         f4:79:51:87:32:a9:93:71:0f:a9:6d:2b:7f:57:90:27:ad:56:
         a1:79:23:8d:1e:ce:f8:5a:70:b8:76:1a:d5:7b:18:ed:80:e1:
         a4:6b:62:3e:48:32:3e:f5:2d:9c:ca:3e:23:e2:a5:4d:69:42:
         1c:cd:35:1c:72:1e:f9:5a:34:a6:41:08:46:3f:c8:c9:b6:53:
         37:44:4f:98:0b:60:8d:30:ec:1c:42:95:a8:82:6f:8d:d1:be:
         58:77:01:51:42:16:b2:25:45:52:cf:99:63:02:26:5b:fd:60:
         96:b1:41:a4:bc:17:46:2b:3c:bf:53:e4:30:89:a7:6f:33:ef:
         4f:65:3d:0d:31:06:7a:7c:15:5c:ae:37:e5:55:1a:3a:ef:04:
         b8:e7:c4:34:ab:81:dd:c4:65:85:f0:9a:f5:d1:e0:15:8a:6d:
         7e:38:5d:ed
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3D3Lk//CqAoenKWhCNQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxOTg4NWVhMDIwZTY1MDA2MzE0ZWU5NDgwZGVmM2IzZWZj
MDM5ZTMwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTRiMjE4ZTVjNzlkN2Q1NWZmN2IzZTIwYjQwZDdiM2Y1ZGYwMDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9pmzFRBSegBLV2pA4iVtlCRAFBz
8iocj47otU+7nnC8Etrg+XRTxWu1NIHlj/ymn1WOtwE9EqagqPkxXYDl7qNIO9oL
GJU299kuuB0kim5ku9zLt433CS36rfhHy13nSZKe82X7YgWSQkbygtr+r9OzWz92
ayjI/1GltJdq237gW3+LWBYc7uPzLl8m3DVtm6OiPfTQ3s0AI5rFa45fVY2G09Ly
9KwtbZmwf+KDm1mTl7heTlSqssEpnGxCvPwVz24iMTTAiEZLEePUCcrxe46cNx6Q
6No1Ns6Sk4TSXewHpnlXtWUS8v/rHhCJ+apLcBiudtrMBLr0CD8kWqViVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNFLIY5cedfVX/ez4gtA17P13wCIMB8GA1UdIwQY
MBaAFCGYheoCDmUAYxTulIDe87PvwDnjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVppRjZnSU9aUUJqRk82VWdON3pzLV9BT2VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZTA0YWMtYTE5MC00ODA0LTkxM2Mt
ZmZjMDI1ODMxZjRmLzEvMFVzaGpseDUxOVZmOTdQaUMwRFhzX1hmQUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZTA0YWMtYTE5MC00ODA0LTkxM2MtZmZjMDI1ODMxZjRm
LzEvSVppRjZnSU9aUUJqRk82VWdON3pzLV9BT2VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgrbADAN
BgkqhkiG9w0BAQsFAAOCAQEAg/Do4vBiBrg0+oD0OEiOELvCF30VGWxOofEDMmWG
D3TO5wxrOuhgIGoiE9esAHAZ9dWAZyH4LqGC+iefw+nqkknvBii1ndjkuvfgThEU
FkJravOYlq2c1NW69HlRhzKpk3EPqW0rf1eQJ61WoXkjjR7O+FpwuHYa1XsY7YDh
pGtiPkgyPvUtnMo+I+KlTWlCHM01HHIe+Vo0pkEIRj/IybZTN0RPmAtgjTDsHEKV
qIJvjdG+WHcBUUIWsiVFUs+ZYwImW/1glrFBpLwXRis8v1PkMImnbzPvT2U9DTEG
enwVXK435VUaOu8EuOfENKuB3cRlhfCa9dHgFYptfjhd7Q==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:56:07 2024 by rpki-client on console-ams.rpki-client.org