Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/4Qlv2Ygw8FtBY951VYPkZwa_1lc.roa
File:                     4Qlv2Ygw8FtBY951VYPkZwa_1lc.roa (raw, json)
Hash identifier:          PwVdzGcgoHg57zDouUmke2uwWAwmwG1REODjD29pgL4=
Subject key identifier:   E1:09:6F:D9:88:30:F0:5B:41:63:DE:75:55:83:E4:67:06:BF:D6:57
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01900CFF46F02E2949F9F4840134EDBBF7C3
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/4Qlv2Ygw8FtBY951VYPkZwa_1lc.roa
Signing time:             Wed 12 Jun 2024 15:09:34 +0000
ROA not before:           Wed 12 Jun 2024 15:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214714
IP address blocks:        2a0f:7803:fa50::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0c:ff:46:f0:2e:29:49:f9:f4:84:01:34:ed:bb:f7:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jun 12 15:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1096fd98830f05b4163de755583e46706bfd657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:35:ef:8e:77:54:b4:b0:b0:de:a7:a3:54:16:
                    7f:0a:b1:65:0b:39:d9:7b:eb:2e:91:df:9a:2a:9e:
                    8e:cb:35:39:2c:af:14:6d:af:e0:d6:26:b9:0a:68:
                    67:39:84:00:50:36:ef:87:a2:c8:23:0f:bf:ba:f2:
                    2c:69:86:b3:2e:35:50:4a:88:c6:a8:7b:c4:c2:6f:
                    ca:76:87:1b:d2:f8:44:8b:22:1f:52:ed:ff:7b:7b:
                    2a:c8:8b:a3:a0:9f:2c:2d:c1:83:43:ae:2b:3c:13:
                    b9:c0:58:c5:2f:c8:99:0d:aa:17:df:7f:66:a0:0b:
                    c9:db:a4:ad:18:d9:f4:20:79:42:8a:1e:4b:9c:45:
                    85:2e:3c:ae:99:35:27:cb:00:b3:e3:fe:06:e3:86:
                    25:15:a5:c9:a7:75:10:4a:b6:0f:58:f7:50:d8:fa:
                    c7:2d:fe:df:ec:9d:db:3f:94:a2:cf:f3:7d:bd:57:
                    09:45:ce:b7:63:a3:b6:a1:85:30:da:10:f2:09:eb:
                    5d:0c:cb:cb:c4:3b:c2:b8:9e:70:67:9f:ae:9a:0c:
                    cf:5d:3e:a9:0d:7a:42:df:84:ff:ed:9f:09:af:e6:
                    ac:4f:38:53:d8:1a:8f:19:bd:b2:ef:11:8f:da:39:
                    48:51:ed:f3:a7:b7:75:17:c6:9c:44:78:07:9b:39:
                    b8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:09:6F:D9:88:30:F0:5B:41:63:DE:75:55:83:E4:67:06:BF:D6:57
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/4Qlv2Ygw8FtBY951VYPkZwa_1lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa50::/44

    Signature Algorithm: sha256WithRSAEncryption
         a4:f4:fd:5b:e6:55:b9:4e:3c:68:4f:3b:52:37:da:18:08:cd:
         16:e7:df:97:1e:b4:95:c0:53:67:96:a5:81:01:cf:14:77:7f:
         be:51:c1:6e:a8:92:db:5a:df:1f:a9:bd:ce:b0:a9:36:26:92:
         04:af:7f:19:1e:ff:26:9b:91:a1:77:49:0e:f5:97:b4:24:d1:
         a7:8e:40:de:c0:91:be:4b:7d:72:84:19:6c:ed:c1:c2:13:de:
         34:61:70:a3:8a:b5:49:43:ef:31:53:47:ca:7a:35:41:64:e9:
         4d:6e:d3:38:62:fc:00:54:95:37:d1:56:ee:f2:95:59:71:f4:
         5a:6f:45:3e:78:bb:6a:d6:03:b9:e9:c0:60:b0:3a:66:ed:51:
         8e:23:98:e3:f6:0e:65:c9:ae:a7:75:72:63:df:0e:6a:ec:87:
         a6:d5:52:37:71:df:64:5e:b6:30:96:ca:a4:88:2c:48:24:70:
         de:4d:52:54:f1:98:f5:c2:26:d2:b7:c7:15:b4:b1:24:c6:f3:
         28:0f:bb:80:44:43:68:82:40:65:30:d2:02:16:5d:b0:55:8f:
         62:d8:b3:a8:4c:b4:d0:d9:9b:ec:a1:5b:67:a3:8b:74:db:98:
         b5:36:35:26:af:0d:cd:99:ca:24:2f:f9:8f:59:92:6d:af:e1:
         8a:d9:24:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAM/0bwLilJ+fSEATTtu/fDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNjEyMTUwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTA5NmZkOTg4MzBmMDViNDE2M2RlNzU1NTgzZTQ2NzA2YmZkNjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzXvjndUtLCw3qejVBZ/CrFlCznZ
e+sukd+aKp6OyzU5LK8Uba/g1ia5CmhnOYQAUDbvh6LIIw+/uvIsaYazLjVQSojG
qHvEwm/Kdocb0vhEiyIfUu3/e3sqyIujoJ8sLcGDQ64rPBO5wFjFL8iZDaoX339m
oAvJ26StGNn0IHlCih5LnEWFLjyumTUnywCz4/4G44YlFaXJp3UQSrYPWPdQ2PrH
Lf7f7J3bP5Siz/N9vVcJRc63Y6O2oYUw2hDyCetdDMvLxDvCuJ5wZ5+umgzPXT6p
DXpC34T/7Z8Jr+asTzhT2BqPGb2y7xGP2jlIUe3zp7d1F8acRHgHmzm4PQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOEJb9mIMPBbQWPedVWD5GcGv9ZXMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvNFFsdjJZZ3c4RnRCWTk1MVZZUGtad2FfMWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/pQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCk9P1b5lW5TjxoTztSN9oYCM0W59+XHrSVwFNn
lqWBAc8Ud3++UcFuqJLbWt8fqb3OsKk2JpIEr38ZHv8mm5Ghd0kO9Ze0JNGnjkDe
wJG+S31yhBls7cHCE940YXCjirVJQ+8xU0fKejVBZOlNbtM4YvwAVJU30Vbu8pVZ
cfRab0U+eLtq1gO56cBgsDpm7VGOI5jj9g5lya6ndXJj3w5q7Iem1VI3cd9kXrYw
lsqkiCxIJHDeTVJU8Zj1wibSt8cVtLEkxvMoD7uARENogkBlMNICFl2wVY9i2LOo
TLTQ2ZvsoVtno4t025i1NjUmrw3NmcokL/mPWZJtr+GK2SRG
-----END CERTIFICATE-----
Generated at Mon Nov 25 14:11:22 2024 by rpki-client on console-fra.rpki-client.org