Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1-ltg6U4MIlMTj35QXoVxdW8EGjs.roa
File:                     1-ltg6U4MIlMTj35QXoVxdW8EGjs.roa (raw, json)
Hash identifier:          K6wFeAeyd4dUp3EE54OmBCoppWTKid9qI0zK2T3u9TI=
Subject key identifier:   FA:5B:60:E9:4E:0C:22:53:13:8F:7E:50:5E:85:71:75:6F:04:1A:3B
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01914267CD25A0D6C36D4577E76AB769FC51
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1-ltg6U4MIlMTj35QXoVxdW8EGjs.roa
Signing time:             Sun 11 Aug 2024 17:06:24 +0000
ROA not before:           Sun 11 Aug 2024 17:06:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36530
IP address blocks:        2a0f:7802:e000::/40 maxlen: 48
                          2a0f:7802:e100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:42:67:cd:25:a0:d6:c3:6d:45:77:e7:6a:b7:69:fc:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Aug 11 17:06:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa5b60e94e0c2253138f7e505e8571756f041a3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e6:14:62:76:40:42:34:80:55:c3:d1:56:8e:
                    d2:f8:06:37:78:2b:92:fb:dc:9f:94:29:74:84:23:
                    b7:92:58:4a:53:9b:90:0c:14:1d:a1:82:35:b8:2b:
                    5d:ce:bb:18:5a:ec:1a:09:ac:c0:37:9a:1d:63:8c:
                    e4:5b:fc:9e:c0:42:5f:da:57:fd:51:38:e0:40:1b:
                    69:31:0d:d3:f5:b6:c7:d1:94:dc:3c:8d:26:e7:0f:
                    68:f1:ba:32:ce:0a:06:c3:fd:df:91:48:fb:45:26:
                    0f:7e:24:95:44:a5:e0:4f:a0:ce:b4:ba:9a:82:b2:
                    a4:3d:ad:8e:d5:7d:24:aa:5e:45:fb:13:d1:64:23:
                    b7:0d:21:b4:af:0b:87:1f:82:a3:73:6e:46:79:e2:
                    a5:d4:dc:76:40:e4:2f:92:29:2d:09:44:46:59:d0:
                    92:0f:6a:19:55:fd:be:9c:82:d7:b5:e3:a2:84:42:
                    cf:11:ba:17:d8:b7:1d:ac:2d:3e:4b:7b:a2:cb:be:
                    28:79:4d:4e:b2:19:70:df:3c:1e:63:4c:09:81:81:
                    31:10:0c:ec:0d:b0:24:c8:95:26:9f:48:14:3f:a4:
                    c1:ea:0e:10:b0:09:09:c8:6c:36:7f:83:a9:ce:6c:
                    61:bf:b5:28:40:7a:eb:6e:fb:e7:da:e2:7b:be:d1:
                    62:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:5B:60:E9:4E:0C:22:53:13:8F:7E:50:5E:85:71:75:6F:04:1A:3B
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1-ltg6U4MIlMTj35QXoVxdW8EGjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:e000::/39

    Signature Algorithm: sha256WithRSAEncryption
         0f:2c:d1:1b:48:ca:4f:2d:6a:da:b8:2e:84:db:da:fe:d7:45:
         58:8c:2e:07:df:d0:46:8a:cd:82:62:5b:c9:35:41:fd:ed:3c:
         27:23:c0:74:c8:d3:fd:21:f6:5b:a3:50:66:5a:c8:c4:a9:7f:
         d6:b6:fb:e3:af:a3:3c:e3:81:3b:64:05:e6:b7:b6:17:9a:46:
         27:1f:3e:a3:80:3b:fb:c8:86:92:3c:22:41:42:78:09:a4:c1:
         8b:9a:fc:d1:bc:0f:5b:60:98:65:db:e5:11:8e:13:c7:77:d0:
         85:1c:a6:e1:26:fe:66:d9:ef:f3:59:30:5a:21:9c:8f:2c:d9:
         77:4b:76:81:f1:c7:4c:fc:53:ff:cd:5a:7e:d2:6c:9a:c3:ec:
         e6:ae:1b:c5:85:6b:09:ee:49:aa:ed:58:d9:29:53:92:4e:5d:
         7a:fb:ec:42:2a:c6:05:80:20:df:93:70:7c:fc:cb:4c:09:bf:
         f1:19:11:42:e2:73:25:bf:25:54:92:dd:5e:a3:30:a5:49:25:
         3e:51:ae:7c:77:f6:53:08:aa:e8:5f:a0:9a:c2:5e:0f:6e:2b:
         56:f6:4c:20:74:da:df:c5:44:90:75:82:a2:9a:e0:bf:9e:ea:
         c3:03:1f:34:37:43:b5:b7:9d:b7:84:a2:36:ea:e4:a6:9f:53:
         8c:e3:cb:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFCZ80loNbDbUV352q3afxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwODExMTcwNjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTViNjBlOTRlMGMyMjUzMTM4ZjdlNTA1ZTg1NzE3NTZmMDQxYTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOYUYnZAQjSAVcPRVo7S+AY3eCuS
+9yflCl0hCO3klhKU5uQDBQdoYI1uCtdzrsYWuwaCazAN5odY4zkW/yewEJf2lf9
UTjgQBtpMQ3T9bbH0ZTcPI0m5w9o8boyzgoGw/3fkUj7RSYPfiSVRKXgT6DOtLqa
grKkPa2O1X0kql5F+xPRZCO3DSG0rwuHH4Kjc25GeeKl1Nx2QOQvkiktCURGWdCS
D2oZVf2+nILXteOihELPEboX2LcdrC0+S3uiy74oeU1Oshlw3zweY0wJgYExEAzs
DbAkyJUmn0gUP6TB6g4QsAkJyGw2f4Opzmxhv7UoQHrrbvvn2uJ7vtFiSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPpbYOlODCJTE49+UF6FcXVvBBo7MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvMS1sdGc2VTRNSWxNVGozNVFYb1Z4ZFc4RUdqcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDUvYzQ2NDdhLTYwNDItNGZlOC1hMjc2LWY1YjZhNzE4ZjRi
NS8xL3o4NnRPUVlsN2JvVUNCQ045WHpxUnhZTmNPVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGASoPeALg
MA0GCSqGSIb3DQEBCwUAA4IBAQAPLNEbSMpPLWrauC6E29r+10VYjC4H39BGis2C
YlvJNUH97TwnI8B0yNP9IfZbo1BmWsjEqX/Wtvvjr6M844E7ZAXmt7YXmkYnHz6j
gDv7yIaSPCJBQngJpMGLmvzRvA9bYJhl2+URjhPHd9CFHKbhJv5m2e/zWTBaIZyP
LNl3S3aB8cdM/FP/zVp+0myaw+zmrhvFhWsJ7kmq7VjZKVOSTl16++xCKsYFgCDf
k3B8/MtMCb/xGRFC4nMlvyVUkt1eozClSSU+Ua58d/ZTCKroX6Cawl4PbitW9kwg
dNrfxUSQdYKimuC/nurDAx80N0O1t523hKI26uSmn1OM48tz
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:25:39 2024 by rpki-client on console-fra.rpki-client.org