Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/TDwHpZrvt_4GEf8xEl3WGWt99rM.roa
File:                     TDwHpZrvt_4GEf8xEl3WGWt99rM.roa (raw, json)
Hash identifier:          sea1WINN3VMWhbUJ4oQaEyE1tV2YNzBtqgeWfEGob6Q=
Subject key identifier:   4C:3C:07:A5:9A:EF:B7:FE:06:11:FF:31:12:5D:D6:19:6B:7D:F6:B3
Certificate issuer:       /CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
Certificate serial:       018CC86F57A8DAF532CA593E8482EAFB9A90
Authority key identifier: 73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/TDwHpZrvt_4GEf8xEl3WGWt99rM.roa
Signing time:             Tue 02 Jan 2024 04:29:49 +0000
ROA not before:           Tue 02 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15703
IP address blocks:        2a0b:b600:3000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:57:a8:da:f5:32:ca:59:3e:84:82:ea:fb:9a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
        Validity
            Not Before: Jan  2 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c3c07a59aefb7fe0611ff31125dd6196b7df6b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:68:ef:95:a4:95:05:67:b3:b2:60:4c:8d:fd:
                    12:d3:01:56:92:3e:00:55:16:06:77:85:a5:fb:6d:
                    44:9b:40:f8:ce:fe:68:52:7b:87:dc:af:06:1d:0c:
                    4f:fd:26:9f:c0:64:ce:aa:2b:0d:ab:a5:d9:ad:51:
                    85:ee:7d:61:42:7c:2a:2a:87:d8:e1:1b:91:3c:05:
                    a8:7a:7c:e7:ee:c9:ff:a0:a1:31:8a:83:6f:1d:c5:
                    45:5d:ac:85:35:cf:42:01:4c:05:9f:bf:4f:ce:45:
                    4b:14:73:10:8b:d6:8a:99:d2:96:f3:c7:d7:5c:d9:
                    c0:cf:cc:be:03:12:84:49:2b:14:20:b1:10:44:44:
                    d7:1b:15:d2:c7:be:8c:e3:f7:38:ae:b0:20:f2:28:
                    cd:0d:fa:6a:2c:e5:cc:d8:fc:3a:23:c0:98:0f:1e:
                    aa:fe:34:1e:db:68:83:c9:c9:d0:f8:55:3a:79:85:
                    cf:8d:41:11:aa:64:c8:dc:e5:28:99:05:30:4d:8d:
                    53:6a:e7:4d:93:04:68:bb:85:1e:e2:2a:af:f1:f2:
                    45:2c:ff:8b:15:8b:63:bf:01:ed:e7:05:2b:e6:fd:
                    6d:b9:9e:93:56:de:5d:e2:a2:dd:47:52:8d:e2:e1:
                    56:12:77:0d:4f:52:a7:b7:81:6c:be:bb:5e:09:41:
                    23:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:3C:07:A5:9A:EF:B7:FE:06:11:FF:31:12:5D:D6:19:6B:7D:F6:B3
            X509v3 Authority Key Identifier:
                keyid:73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/TDwHpZrvt_4GEf8xEl3WGWt99rM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b600:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:0c:76:28:08:e9:df:16:01:ed:6e:65:73:a1:1c:8c:33:8f:
         fa:bd:78:e6:48:33:29:2a:0b:4d:48:1a:ab:bf:86:bd:25:b4:
         be:98:04:ac:3b:b6:8c:41:45:c7:32:ee:f4:6a:c4:a6:81:13:
         60:06:38:ac:ec:e3:7e:fc:73:ed:0a:4b:53:ff:e1:b3:a6:e7:
         c4:ae:1a:3e:51:1f:a7:a9:06:75:aa:2f:0a:1e:da:49:d2:03:
         90:58:25:d6:e2:d3:f3:66:e1:f2:39:89:a1:74:80:cc:be:9b:
         1f:91:c5:c2:e0:49:45:f4:82:9b:5a:17:0d:2e:ca:31:af:65:
         3f:3e:6d:61:fb:c3:7c:7c:bf:3f:65:24:0a:ae:d0:56:5c:3a:
         1e:bb:f5:76:43:f0:e8:33:3c:e3:ae:c1:8b:37:33:d0:2d:0d:
         e3:ee:01:b6:59:97:23:b6:bd:5e:95:a2:45:94:ac:f9:84:42:
         ab:61:b2:98:50:b5:77:8b:24:fd:1a:af:df:0b:e9:c4:10:a1:
         0b:3e:29:85:a0:37:52:48:64:f1:5a:27:e7:c3:f4:15:dc:03:
         51:b2:58:7a:f3:d6:d2:7e:bd:93:71:95:30:d0:87:8c:46:b7:
         df:10:bf:16:c4:30:22:e5:ba:13:32:1b:6d:8a:03:c4:95:37:
         ae:23:87:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb1eo2vUyylk+hILq+5qQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjk4NmM3NzA1YmQ4MDhjMWIwMmViZDc1NGZiZmE5MTgw
N2U5YjYwHhcNMjQwMTAyMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzNjMDdhNTlhZWZiN2ZlMDYxMWZmMzExMjVkZDYxOTZiN2RmNmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGjvlaSVBWezsmBMjf0S0wFWkj4A
VRYGd4Wl+21Em0D4zv5oUnuH3K8GHQxP/SafwGTOqisNq6XZrVGF7n1hQnwqKofY
4RuRPAWoenzn7sn/oKExioNvHcVFXayFNc9CAUwFn79PzkVLFHMQi9aKmdKW88fX
XNnAz8y+AxKESSsUILEQRETXGxXSx76M4/c4rrAg8ijNDfpqLOXM2Pw6I8CYDx6q
/jQe22iDycnQ+FU6eYXPjUERqmTI3OUomQUwTY1TaudNkwRou4Ue4iqv8fJFLP+L
FYtjvwHt5wUr5v1tuZ6TVt5d4qLdR1KN4uFWEncNT1Knt4FsvrteCUEjVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEw8B6Wa77f+BhH/MRJd1hlrffazMB8GA1UdIwQY
MBaAFHP5hsdwW9gIwbAuvXVPv6kYB+m2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEt
OWExMjk1ZjAyZjJlLzEvVER3SHBacnZ0XzRHRWY4eEVsM1dHV3Q5OXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEtOWExMjk1ZjAyZjJl
LzEvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgu2ADAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA0DHYoCOnfFgHtbmVzoRyMM4/6vXjmSDMpKgtN
SBqrv4a9JbS+mASsO7aMQUXHMu70asSmgRNgBjis7ON+/HPtCktT/+GzpufErho+
UR+nqQZ1qi8KHtpJ0gOQWCXW4tPzZuHyOYmhdIDMvpsfkcXC4ElF9IKbWhcNLsox
r2U/Pm1h+8N8fL8/ZSQKrtBWXDoeu/V2Q/DoMzzjrsGLNzPQLQ3j7gG2WZcjtr1e
laJFlKz5hEKrYbKYULV3iyT9Gq/fC+nEEKELPimFoDdSSGTxWifnw/QV3ANRslh6
89bSfr2TcZUw0IeMRrffEL8WxDAi5boTMhttigPElTeuI4d7
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:38 2024 by rpki-client on console-ams.rpki-client.org