Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/8IPlYHI3LVnwEd_4JVSg_cYqoDU.roa
File:                     8IPlYHI3LVnwEd_4JVSg_cYqoDU.roa (raw, json)
Hash identifier:          r7LsVfU2dP8Fguwr3LQ/9Jz4V89CfzCGyRsy4w1gXm8=
Subject key identifier:   F0:83:E5:60:72:37:2D:59:F0:11:DF:F8:25:54:A0:FD:C6:2A:A0:35
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0190D94ED2428C00B176FFB6B8E258C15DA6
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/8IPlYHI3LVnwEd_4JVSg_cYqoDU.roa
Signing time:             Mon 22 Jul 2024 07:18:59 +0000
ROA not before:           Mon 22 Jul 2024 07:18:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200216
IP address blocks:        2a13:bcc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d9:4e:d2:42:8c:00:b1:76:ff:b6:b8:e2:58:c1:5d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jul 22 07:18:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f083e56072372d59f011dff82554a0fdc62aa035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:96:3a:8b:ee:6d:06:c6:80:24:6d:00:2e:10:
                    e3:c7:c6:fa:6b:ff:10:bd:59:9c:5b:15:45:03:ec:
                    ae:22:4c:b8:1f:59:a8:07:30:ce:da:ac:b4:3f:52:
                    e8:7d:32:67:a3:ab:b4:09:ff:3f:9e:c7:38:e1:10:
                    57:16:ff:91:3f:83:c2:04:63:a8:e0:67:cc:12:bc:
                    7c:1f:a6:0c:af:73:c1:80:ef:c4:0b:d9:e1:67:00:
                    d6:af:2b:c1:ff:f4:a1:1d:3d:fe:7e:a9:d0:c5:aa:
                    1b:5d:2f:43:30:59:0e:bd:ce:19:d3:5d:10:b5:78:
                    55:2a:4e:63:3d:99:6d:33:c9:1a:50:01:b1:9d:4b:
                    9c:2f:2c:2d:b4:c4:da:99:85:00:20:88:5d:92:0e:
                    ae:98:97:ef:ac:b1:96:e9:8c:85:5d:83:f2:79:83:
                    b5:a2:f8:e4:0a:cc:15:8e:ae:ac:82:b4:6d:3a:7b:
                    26:88:12:ab:65:22:35:59:29:b2:28:16:84:8b:4d:
                    8d:38:50:5a:89:9b:b7:e3:f1:a9:e2:d4:d4:2a:29:
                    98:f2:40:63:26:55:f8:ef:4c:d2:f9:a8:80:35:ca:
                    02:20:27:a5:09:10:79:01:47:11:b8:6a:f8:10:a3:
                    39:60:58:c8:f8:e9:c3:76:a0:ba:ad:20:09:b4:cc:
                    47:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:83:E5:60:72:37:2D:59:F0:11:DF:F8:25:54:A0:FD:C6:2A:A0:35
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/8IPlYHI3LVnwEd_4JVSg_cYqoDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:58:e6:ff:d3:be:16:8f:1f:b4:8f:b5:eb:8a:54:be:d2:17:
         ab:3b:4d:02:77:51:59:4c:4f:18:a9:52:5d:b5:12:31:77:ed:
         3f:7f:37:11:68:fd:b1:fc:74:ed:a5:96:8c:69:fe:39:4a:ed:
         ab:7d:ad:67:d8:78:85:20:69:e3:f3:8b:28:2a:de:06:58:c4:
         80:33:d6:d3:26:02:46:fd:bd:8d:db:c3:48:56:18:0a:23:64:
         e8:71:64:1b:63:d7:8d:24:21:02:43:63:43:68:07:2e:25:1f:
         5e:af:75:c2:55:e8:ea:c7:cb:11:6a:f3:5e:02:b3:43:f3:52:
         46:ae:39:11:68:38:e2:e1:dd:23:45:fc:d1:19:56:8c:09:06:
         09:01:06:7d:b2:7b:a4:d9:d9:d9:af:a7:57:d6:51:09:35:4f:
         00:cc:c6:0e:ba:3a:33:25:73:25:da:b5:07:9f:26:64:ef:cb:
         fc:5e:47:dc:2c:f9:4e:7e:47:86:36:91:b9:15:60:49:92:8e:
         1a:5b:ca:1a:20:32:ff:f7:ae:e2:30:ec:24:08:b5:38:1b:d0:
         cc:4f:ae:0b:a5:4a:fc:da:00:38:0b:e4:dd:14:06:a9:89:86:
         70:58:09:7f:6f:7e:5d:a0:07:39:d6:fa:13:6b:7c:5c:42:94:
         5c:79:d4:1a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDZTtJCjACxdv+2uOJYwV2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjQwNzIyMDcxODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDgzZTU2MDcyMzcyZDU5ZjAxMWRmZjgyNTU0YTBmZGM2MmFhMDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZY6i+5tBsaAJG0ALhDjx8b6a/8Q
vVmcWxVFA+yuIky4H1moBzDO2qy0P1LofTJno6u0Cf8/nsc44RBXFv+RP4PCBGOo
4GfMErx8H6YMr3PBgO/EC9nhZwDWryvB//ShHT3+fqnQxaobXS9DMFkOvc4Z010Q
tXhVKk5jPZltM8kaUAGxnUucLywttMTamYUAIIhdkg6umJfvrLGW6YyFXYPyeYO1
ovjkCswVjq6sgrRtOnsmiBKrZSI1WSmyKBaEi02NOFBaiZu34/Gp4tTUKimY8kBj
JlX470zS+aiANcoCICelCRB5AUcRuGr4EKM5YFjI+OnDdqC6rSAJtMxHTQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPCD5WByNy1Z8BHf+CVUoP3GKqA1MB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvOElQbFlISTNMVm53RWRfNEpWU2dfY1lxb0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO8wDAN
BgkqhkiG9w0BAQsFAAOCAQEAW1jm/9O+Fo8ftI+164pUvtIXqztNAndRWUxPGKlS
XbUSMXftP383EWj9sfx07aWWjGn+OUrtq32tZ9h4hSBp4/OLKCreBljEgDPW0yYC
Rv29jdvDSFYYCiNk6HFkG2PXjSQhAkNjQ2gHLiUfXq91wlXo6sfLEWrzXgKzQ/NS
Rq45EWg44uHdI0X80RlWjAkGCQEGfbJ7pNnZ2a+nV9ZRCTVPAMzGDro6MyVzJdq1
B58mZO/L/F5H3Cz5Tn5HhjaRuRVgSZKOGlvKGiAy//eu4jDsJAi1OBvQzE+uC6VK
/NoAOAvk3RQGqYmGcFgJf29+XaAHOdb6E2t8XEKUXHnUGg==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:40:02 2024 by rpki-client on console-fra.rpki-client.org