Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/fOGLQbh3ZW8KVG-0iSsTBnke2NU.roa
File:                     fOGLQbh3ZW8KVG-0iSsTBnke2NU.roa (raw, json)
Hash identifier:          f8BGXAVxQVkOQY1ZG1xtpTtNpCfs81r3xfcBKdB0DoY=
Subject key identifier:   7C:E1:8B:41:B8:77:65:6F:0A:54:6F:B4:89:2B:13:06:79:1E:D8:D5
Certificate issuer:       /CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
Certificate serial:       018CC86F589489E4723290CFB693415F35FF
Authority key identifier: 73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/fOGLQbh3ZW8KVG-0iSsTBnke2NU.roa
Signing time:             Tue 02 Jan 2024 04:29:49 +0000
ROA not before:           Tue 02 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41996
IP address blocks:        2a0b:b600:3c03::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:58:94:89:e4:72:32:90:cf:b6:93:41:5f:35:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
        Validity
            Not Before: Jan  2 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ce18b41b877656f0a546fb4892b1306791ed8d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:24:06:32:e3:fd:f0:d8:37:1c:e9:40:b6:6d:
                    5e:2f:c5:57:25:08:2e:9c:92:62:fc:b0:9a:65:37:
                    de:11:05:0c:1c:33:f3:cb:9b:e0:4b:0a:51:bc:eb:
                    31:54:ef:f3:79:14:9c:50:1d:c8:2b:62:3a:53:81:
                    1f:61:8d:2f:af:44:c7:09:32:0b:9e:29:8e:2c:1f:
                    16:fb:a6:c1:61:09:3d:92:dc:b4:a0:60:f3:39:bb:
                    ee:6c:bd:ea:8d:b3:8f:25:b4:eb:25:7b:97:74:5e:
                    0b:f0:7b:81:cd:bc:43:16:40:87:74:fe:98:5a:95:
                    95:37:f4:4b:82:a3:c8:69:77:6a:6e:83:fb:32:ed:
                    d9:e9:22:74:9f:1f:7f:ec:82:d1:73:50:b1:8c:c2:
                    dd:d3:82:24:31:bd:01:36:8d:d1:af:54:13:04:c4:
                    c8:af:d7:5f:a0:10:4c:c5:00:cc:69:1e:7f:49:00:
                    92:a8:d1:7a:71:51:b3:a9:8c:d9:0e:40:47:95:8d:
                    91:f3:98:80:da:a1:97:9c:57:f2:9b:0d:b8:59:a9:
                    95:aa:d3:07:19:b4:76:bd:a2:cf:61:3b:f0:9f:99:
                    6f:ec:90:9d:b2:26:01:dc:dc:06:50:8a:64:30:1e:
                    46:b2:af:aa:33:a9:fe:29:73:3a:e6:ed:08:b9:ce:
                    71:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:E1:8B:41:B8:77:65:6F:0A:54:6F:B4:89:2B:13:06:79:1E:D8:D5
            X509v3 Authority Key Identifier:
                keyid:73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/fOGLQbh3ZW8KVG-0iSsTBnke2NU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b600:3c03::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:99:d8:14:e9:b3:c4:9d:e0:7f:e6:02:35:73:6b:b1:a5:36:
         ac:0a:b5:83:9e:3c:6c:84:ec:1a:69:14:27:b5:f0:fe:4e:0f:
         f6:58:dd:52:0d:a2:45:43:b8:b6:68:b9:ff:86:2b:29:f9:31:
         5f:2d:72:94:11:63:0b:b0:6f:df:69:c2:85:1b:82:6c:e2:cd:
         af:25:e2:f5:8c:f7:8c:aa:94:a4:98:49:b6:12:6b:db:6a:1a:
         83:d8:a3:51:9c:1b:c0:90:23:9c:90:8b:0c:cc:fc:3d:16:9a:
         95:2b:6b:60:9e:e5:8d:49:3f:94:c2:ba:2a:56:e8:9e:04:93:
         07:08:8b:b4:1b:6d:5e:e8:b9:a2:ca:02:1d:53:c2:d5:3f:cf:
         6c:a0:af:4e:0d:30:8f:fe:b9:bc:4f:af:2a:08:1d:ad:27:57:
         20:6d:e3:4f:7e:58:e5:76:e5:92:03:ac:56:96:5b:4b:cc:2c:
         fa:dc:f6:ba:89:cc:b2:e8:07:3e:42:0b:c2:40:2f:07:81:45:
         49:18:f2:e2:fe:9e:29:3a:03:cc:6f:de:31:de:1e:31:7f:e0:
         da:34:48:38:d1:27:15:b8:f2:06:07:f4:66:a1:bf:58:fb:b7:
         18:f1:72:c4:ba:64:15:35:14:38:88:8e:da:86:5d:f5:95:c4:
         ed:d8:b8:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb1iUieRyMpDPtpNBXzX/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjk4NmM3NzA1YmQ4MDhjMWIwMmViZDc1NGZiZmE5MTgw
N2U5YjYwHhcNMjQwMTAyMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2UxOGI0MWI4Nzc2NTZmMGE1NDZmYjQ4OTJiMTMwNjc5MWVkOGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CQGMuP98Ng3HOlAtm1eL8VXJQgu
nJJi/LCaZTfeEQUMHDPzy5vgSwpRvOsxVO/zeRScUB3IK2I6U4EfYY0vr0THCTIL
nimOLB8W+6bBYQk9kty0oGDzObvubL3qjbOPJbTrJXuXdF4L8HuBzbxDFkCHdP6Y
WpWVN/RLgqPIaXdqboP7Mu3Z6SJ0nx9/7ILRc1CxjMLd04IkMb0BNo3Rr1QTBMTI
r9dfoBBMxQDMaR5/SQCSqNF6cVGzqYzZDkBHlY2R85iA2qGXnFfymw24WamVqtMH
GbR2vaLPYTvwn5lv7JCdsiYB3NwGUIpkMB5Gsq+qM6n+KXM65u0Iuc5xqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHzhi0G4d2VvClRvtIkrEwZ5HtjVMB8GA1UdIwQY
MBaAFHP5hsdwW9gIwbAuvXVPv6kYB+m2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEt
OWExMjk1ZjAyZjJlLzEvZk9HTFFiaDNaVzhLVkctMGlTc1RCbmtlMk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEtOWExMjk1ZjAyZjJl
LzEvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgu2ADwD
MA0GCSqGSIb3DQEBCwUAA4IBAQBymdgU6bPEneB/5gI1c2uxpTasCrWDnjxshOwa
aRQntfD+Tg/2WN1SDaJFQ7i2aLn/hisp+TFfLXKUEWMLsG/facKFG4Js4s2vJeL1
jPeMqpSkmEm2EmvbahqD2KNRnBvAkCOckIsMzPw9FpqVK2tgnuWNST+UwroqVuie
BJMHCIu0G21e6LmiygIdU8LVP89soK9ODTCP/rm8T68qCB2tJ1cgbeNPfljlduWS
A6xWlltLzCz63Pa6icyy6Ac+QgvCQC8HgUVJGPLi/p4pOgPMb94x3h4xf+DaNEg4
0ScVuPIGB/Rmob9Y+7cY8XLEumQVNRQ4iI7ahl31lcTt2Lj2
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:38 2024 by rpki-client on console-ams.rpki-client.org