Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/VWhMUwqUttAXY-7gfSgiCxOuk6s.roa
File:                     VWhMUwqUttAXY-7gfSgiCxOuk6s.roa (raw, json)
Hash identifier:          wu7o9zutZSx9wGdlZLYdGmCWe11Yg+fA/423onqEv3Q=
Subject key identifier:   55:68:4C:53:0A:94:B6:D0:17:63:EE:E0:7D:28:22:0B:13:AE:93:AB
Certificate issuer:       /CN=c6f53c03d2f4e7f07a81ea903ecef01d68c68137
Certificate serial:       018CC793DC16ABCFAD7302F6E70A9B91F061
Authority key identifier: C6:F5:3C:03:D2:F4:E7:F0:7A:81:EA:90:3E:CE:F0:1D:68:C6:81:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xvU8A9L05_B6geqQPs7wHWjGgTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/VWhMUwqUttAXY-7gfSgiCxOuk6s.roa
Signing time:             Tue 02 Jan 2024 00:30:05 +0000
ROA not before:           Tue 02 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398549
IP address blocks:        2a13:d8c0::/32 maxlen: 32
                          2a13:d8c6::/32 maxlen: 32
                          2a13:d8c5::/32 maxlen: 32
                          2a13:d8c2::/32 maxlen: 32
                          2a13:d8c1::/32 maxlen: 32
                          2a13:d8c3::/32 maxlen: 32
                          2a13:d8c4::/32 maxlen: 32
                          2a13:d8c7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/xvU8A9L05_B6geqQPs7wHWjGgTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/xvU8A9L05_B6geqQPs7wHWjGgTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xvU8A9L05_B6geqQPs7wHWjGgTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:dc:16:ab:cf:ad:73:02:f6:e7:0a:9b:91:f0:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6f53c03d2f4e7f07a81ea903ecef01d68c68137
        Validity
            Not Before: Jan  2 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55684c530a94b6d01763eee07d28220b13ae93ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bb:53:91:3b:48:be:96:c2:f9:77:67:03:c2:
                    61:75:85:c3:07:16:fd:8b:dd:68:4a:0d:67:26:e4:
                    00:07:60:bc:e6:4a:fa:1d:0c:b0:d2:13:13:41:5a:
                    f2:ea:95:96:f8:5e:65:60:0c:6f:06:9d:8c:d5:d6:
                    74:a1:7f:1e:da:0b:18:37:d2:82:de:da:0a:c4:cd:
                    ae:be:2d:ff:81:56:5f:d6:fe:8d:0e:b0:af:04:0d:
                    b3:30:5c:79:e4:fb:ff:bf:61:ef:91:6c:98:8d:d5:
                    93:8d:d3:ec:5c:ce:f9:8c:5e:37:52:f8:32:1d:0e:
                    06:82:5e:55:38:5a:07:08:c7:b8:4b:3c:c9:f7:e7:
                    5c:25:59:3a:97:56:01:53:3f:e7:28:1d:8f:e4:5e:
                    88:fc:23:c0:22:e6:c3:72:6e:ad:88:70:e3:26:ed:
                    52:46:e1:73:a1:dc:ac:5e:2b:a4:81:34:51:30:fe:
                    9d:30:52:ef:44:f6:68:80:04:ef:5a:83:57:b5:03:
                    06:14:9d:d9:49:6c:f4:67:fd:1b:da:7b:96:78:5a:
                    a0:54:5b:60:43:f8:a5:29:f8:d8:a3:c5:8f:b6:7e:
                    6c:01:0e:6e:40:d3:19:10:58:fb:3a:1c:8b:e1:a1:
                    65:8a:ec:c1:1e:37:da:cb:3b:93:16:a2:67:6e:e1:
                    a8:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:68:4C:53:0A:94:B6:D0:17:63:EE:E0:7D:28:22:0B:13:AE:93:AB
            X509v3 Authority Key Identifier:
                keyid:C6:F5:3C:03:D2:F4:E7:F0:7A:81:EA:90:3E:CE:F0:1D:68:C6:81:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xvU8A9L05_B6geqQPs7wHWjGgTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/VWhMUwqUttAXY-7gfSgiCxOuk6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/xvU8A9L05_B6geqQPs7wHWjGgTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:de:68:31:45:16:4d:e6:bc:16:8b:e0:39:42:de:52:91:fc:
         4f:56:c4:1d:a3:84:ec:3a:70:67:a8:7a:cc:98:61:9b:c0:52:
         c8:b4:80:05:5e:f6:1c:ee:ff:6e:89:3f:6c:f3:a6:66:99:40:
         67:26:f7:9e:d5:5b:f7:8b:66:e9:ba:e1:ee:65:df:9e:9c:21:
         31:8c:83:da:c9:57:28:fd:df:b1:21:60:80:f3:30:e1:eb:f7:
         4a:74:3f:c9:1a:88:4d:cd:86:b7:f7:f9:17:34:40:00:05:47:
         35:44:45:97:bf:5c:99:e3:36:20:0e:6b:b0:0f:a9:ce:1c:8d:
         d6:b3:81:23:b8:43:42:30:c3:43:33:8f:5c:59:3f:d1:25:34:
         36:b1:06:9d:1c:73:db:c4:32:ec:e2:4a:a7:88:bd:04:e6:e1:
         93:1b:af:e7:d8:99:99:60:2e:45:59:92:e1:39:d3:9f:6c:ce:
         64:6b:74:b0:d1:25:b9:4e:ff:7a:96:40:e6:6c:2c:70:f5:5e:
         8e:65:75:b4:aa:82:f0:11:3b:f5:d4:71:21:94:90:bb:94:fe:
         89:86:38:32:5d:5b:9d:5e:de:74:d1:8b:4e:4d:21:0b:04:d0:
         ad:16:cf:de:d8:ca:dd:4e:8f:7e:21:44:5a:5b:d2:ff:69:40:
         0e:52:47:26
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHk9wWq8+tcwL25wqbkfBhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZjUzYzAzZDJmNGU3ZjA3YTgxZWE5MDNlY2VmMDFkNjhj
NjgxMzcwHhcNMjQwMTAyMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTY4NGM1MzBhOTRiNmQwMTc2M2VlZTA3ZDI4MjIwYjEzYWU5M2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLtTkTtIvpbC+XdnA8JhdYXDBxb9
i91oSg1nJuQAB2C85kr6HQyw0hMTQVry6pWW+F5lYAxvBp2M1dZ0oX8e2gsYN9KC
3toKxM2uvi3/gVZf1v6NDrCvBA2zMFx55Pv/v2HvkWyYjdWTjdPsXM75jF43Uvgy
HQ4Ggl5VOFoHCMe4SzzJ9+dcJVk6l1YBUz/nKB2P5F6I/CPAIubDcm6tiHDjJu1S
RuFzodysXiukgTRRMP6dMFLvRPZogATvWoNXtQMGFJ3ZSWz0Z/0b2nuWeFqgVFtg
Q/ilKfjYo8WPtn5sAQ5uQNMZEFj7OhyL4aFliuzBHjfayzuTFqJnbuGo6QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFVoTFMKlLbQF2Pu4H0oIgsTrpOrMB8GA1UdIwQY
MBaAFMb1PAPS9OfweoHqkD7O8B1oxoE3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHZVOEE5TDA1X0I2Z2VxUVBzN3dIV2pHZ1RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8zYzIyN2MtNDcwNi00Nzg3LTlhMDct
OTBlYTM3MjljNTc0LzEvVldoTVV3cVV0dEFYWS03Z2ZTZ2lDeE91azZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8zYzIyN2MtNDcwNi00Nzg3LTlhMDctOTBlYTM3MjljNTc0
LzEveHZVOEE5TDA1X0I2Z2VxUVBzN3dIV2pHZ1RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPYwDAN
BgkqhkiG9w0BAQsFAAOCAQEAG95oMUUWTea8FovgOULeUpH8T1bEHaOE7DpwZ6h6
zJhhm8BSyLSABV72HO7/bok/bPOmZplAZyb3ntVb94tm6brh7mXfnpwhMYyD2slX
KP3fsSFggPMw4ev3SnQ/yRqITc2Gt/f5FzRAAAVHNURFl79cmeM2IA5rsA+pzhyN
1rOBI7hDQjDDQzOPXFk/0SU0NrEGnRxz28Qy7OJKp4i9BObhkxuv59iZmWAuRVmS
4TnTn2zOZGt0sNEluU7/epZA5mwscPVejmV1tKqC8BE79dRxIZSQu5T+iYY4Ml1b
nV7edNGLTk0hCwTQrRbP3tjK3U6PfiFEWlvS/2lADlJHJg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:56:10 2024 by rpki-client on console-fra.rpki-client.org