Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9mt1G5ATpatnr-Glc-XBqmf1FXM.roa
File:                     9mt1G5ATpatnr-Glc-XBqmf1FXM.roa (raw, json)
Hash identifier:          cqnlq5knAcpHiMY1aAKSmLyBJSBPTm+LDfNFNo1U/ZU=
Subject key identifier:   F6:6B:75:1B:90:13:A5:AB:67:AF:E1:A5:73:E5:C1:AA:67:F5:15:73
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B548734ABCB4150059E5FC682E045
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9mt1G5ATpatnr-Glc-XBqmf1FXM.roa
Signing time:             Tue 02 Jan 2024 12:34:46 +0000
ROA not before:           Tue 02 Jan 2024 12:34:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47987
IP address blocks:        2a06:8ec0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:54:87:34:ab:cb:41:50:05:9e:5f:c6:82:e0:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f66b751b9013a5ab67afe1a573e5c1aa67f51573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2e:09:7b:70:53:b1:8f:23:07:c3:85:c8:50:
                    17:a9:07:94:80:b3:96:06:c7:70:c2:cb:52:54:5b:
                    1b:d6:cf:b3:bc:f0:d4:02:0a:c3:7b:cd:c7:11:bf:
                    51:79:60:c2:d3:f8:a5:4b:46:97:a5:2a:cf:b3:10:
                    c1:20:ad:1b:17:31:0b:47:49:37:fc:8e:7f:b8:af:
                    1a:bc:31:77:bc:5b:05:24:d5:37:c0:5c:5d:fd:7c:
                    c8:91:a2:09:00:da:a5:45:29:c1:86:a2:be:d5:68:
                    7d:01:64:b5:48:f6:83:8e:05:27:6f:92:b1:f0:e7:
                    0e:27:de:1d:66:70:56:a9:58:8a:2c:a2:22:0e:08:
                    a3:76:8e:c2:9c:7c:e0:62:d3:a9:72:aa:87:8c:3e:
                    13:9e:26:8a:d6:9b:14:2c:ef:6f:2b:e0:7f:2f:85:
                    38:6c:3b:bf:06:c0:6b:7c:73:62:41:d4:fa:b9:52:
                    8c:e1:4e:5c:7a:c7:a6:7d:ea:97:24:30:9f:9b:25:
                    7a:a3:c7:a2:84:92:97:0e:d4:69:5c:08:dd:dd:06:
                    c1:54:52:fb:fa:99:68:b7:85:7e:07:b5:7f:a4:e7:
                    c9:e4:16:08:57:ff:fe:3c:81:cd:14:c0:27:19:f9:
                    30:ca:61:81:a8:a9:47:09:68:f4:8e:fd:b9:3c:f8:
                    c3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:6B:75:1B:90:13:A5:AB:67:AF:E1:A5:73:E5:C1:AA:67:F5:15:73
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9mt1G5ATpatnr-Glc-XBqmf1FXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:8ec0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:0a:bc:c1:6d:4c:cb:f3:16:33:03:80:cc:82:8d:04:2a:c0:
         38:e6:58:8d:b3:bc:7b:d2:b2:b2:b2:02:66:ce:d0:fd:ec:9b:
         92:07:71:a0:46:d1:40:61:82:f5:c9:f3:9e:44:32:a3:51:d6:
         c7:5a:98:11:de:ce:65:dd:f6:1d:99:09:27:a3:a8:c1:7c:8c:
         76:0a:df:37:98:b1:a0:90:be:52:de:5e:60:45:a5:65:86:59:
         fe:f1:b3:f6:50:44:7b:9c:3b:3a:ac:0b:e9:74:3b:df:70:d2:
         03:31:c6:ec:9a:1a:d6:6c:f8:be:71:e2:0f:97:27:e1:93:41:
         04:35:70:cd:31:9c:49:71:61:c3:4a:0b:0e:8e:0d:1b:2f:73:
         98:a1:2e:3a:a2:62:82:a0:06:c8:b9:68:f7:83:81:70:86:ca:
         06:ba:af:fa:bd:86:a1:2c:b8:02:28:8b:f3:9b:19:92:b0:d8:
         19:24:f7:73:39:f5:38:cd:35:3d:04:1b:55:4a:23:99:e0:3d:
         de:c8:b9:d8:9e:83:3f:75:55:c8:cb:49:85:e5:1d:43:2c:78:
         a0:d6:74:a6:1a:7a:e2:4a:44:76:84:4b:b9:f5:a9:c7:12:00:
         ec:15:5c:2f:61:40:46:77:59:d5:3f:c4:08:dd:1d:4d:5d:0d:
         71:66:ac:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK1SHNKvLQVAFnl/GguBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjZiNzUxYjkwMTNhNWFiNjdhZmUxYTU3M2U1YzFhYTY3ZjUxNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlC4Je3BTsY8jB8OFyFAXqQeUgLOW
BsdwwstSVFsb1s+zvPDUAgrDe83HEb9ReWDC0/ilS0aXpSrPsxDBIK0bFzELR0k3
/I5/uK8avDF3vFsFJNU3wFxd/XzIkaIJANqlRSnBhqK+1Wh9AWS1SPaDjgUnb5Kx
8OcOJ94dZnBWqViKLKIiDgijdo7CnHzgYtOpcqqHjD4TniaK1psULO9vK+B/L4U4
bDu/BsBrfHNiQdT6uVKM4U5cesemfeqXJDCfmyV6o8eihJKXDtRpXAjd3QbBVFL7
+plot4V+B7V/pOfJ5BYIV//+PIHNFMAnGfkwymGBqKlHCWj0jv25PPjDjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPZrdRuQE6WrZ6/hpXPlwapn9RVzMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvOW10MUc1QVRwYXRuci1HbGMtWEJxbWYxRlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaOwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCaCrzBbUzL8xYzA4DMgo0EKsA45liNs7x70rKy
sgJmztD97JuSB3GgRtFAYYL1yfOeRDKjUdbHWpgR3s5l3fYdmQkno6jBfIx2Ct83
mLGgkL5S3l5gRaVlhln+8bP2UER7nDs6rAvpdDvfcNIDMcbsmhrWbPi+ceIPlyfh
k0EENXDNMZxJcWHDSgsOjg0bL3OYoS46omKCoAbIuWj3g4FwhsoGuq/6vYahLLgC
KIvzmxmSsNgZJPdzOfU4zTU9BBtVSiOZ4D3eyLnYnoM/dVXIy0mF5R1DLHig1nSm
GnriSkR2hEu59anHEgDsFVwvYUBGd1nVP8QI3R1NXQ1xZqyk
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:09:50 2024 by rpki-client on console-fra.rpki-client.org