Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/tqYc2__uGlmSl9YzecDNT2fbj1c.roa
File:                     tqYc2__uGlmSl9YzecDNT2fbj1c.roa (raw, json)
Hash identifier:          /yByxoWsL/jk5rlA6JyGuw8Xedo7JE6rnAayeqqubBs=
Subject key identifier:   B6:A6:1C:DB:FF:EE:1A:59:92:97:D6:33:79:C0:CD:4F:67:DB:8F:57
Certificate issuer:       /CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
Certificate serial:       01909D3FFBB5E1895E3BDB0E10B7D3222DBD
Authority key identifier: 70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/tqYc2__uGlmSl9YzecDNT2fbj1c.roa
Signing time:             Wed 10 Jul 2024 15:25:34 +0000
ROA not before:           Wed 10 Jul 2024 15:25:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200193
IP address blocks:        2a0f:bf00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9d:3f:fb:b5:e1:89:5e:3b:db:0e:10:b7:d3:22:2d:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7021d7528be713a4ba2cb4db5e58d64d882eb555
        Validity
            Not Before: Jul 10 15:25:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6a61cdbffee1a599297d63379c0cd4f67db8f57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:57:41:f4:e2:36:56:41:1f:22:87:b7:24:19:
                    c9:70:cf:dd:42:6d:3b:dd:a8:9c:40:c0:c3:05:2f:
                    37:36:ec:73:77:d5:f2:36:c6:30:6c:74:3f:1d:21:
                    96:b5:ad:86:4b:5b:ab:52:8a:79:f8:cc:1e:bd:81:
                    e9:af:77:30:c9:4e:c9:19:55:f9:db:8c:51:10:c1:
                    c3:de:4d:b5:93:b2:c9:25:f5:e0:a4:14:42:01:0a:
                    a3:39:27:fa:52:51:cc:a7:8a:d9:92:89:32:a9:42:
                    57:5c:e2:a4:b6:f2:ea:da:ff:68:f9:25:aa:b9:3f:
                    24:d2:80:f0:d3:6a:62:81:d1:6c:28:bc:3d:61:36:
                    63:5d:28:8e:70:2a:4f:f3:fb:da:83:85:f9:a1:c4:
                    03:8d:0a:38:4b:13:5a:25:38:19:6d:40:df:5d:29:
                    ba:22:dd:b2:d8:92:a5:7b:09:d1:00:47:c9:c6:85:
                    b7:b4:1b:68:df:f7:67:6e:19:6c:f7:cd:f5:a1:f4:
                    dd:97:35:a0:2a:4e:1b:22:63:cd:37:82:88:37:be:
                    2c:fa:29:5c:93:97:6f:86:96:d0:ff:ae:38:7e:73:
                    e4:e0:81:ae:af:58:cd:93:7d:e0:6d:a7:c1:91:7a:
                    a4:e4:a3:ab:74:7b:c6:9c:8d:ad:bb:54:d8:b4:7c:
                    53:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A6:1C:DB:FF:EE:1A:59:92:97:D6:33:79:C0:CD:4F:67:DB:8F:57
            X509v3 Authority Key Identifier:
                keyid:70:21:D7:52:8B:E7:13:A4:BA:2C:B4:DB:5E:58:D6:4D:88:2E:B5:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCHXUovnE6S6LLTbXljWTYgutVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/tqYc2__uGlmSl9YzecDNT2fbj1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/01b0c0-1b87-4d6f-9e90-9281f0d23dbf/1/cCHXUovnE6S6LLTbXljWTYgutVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:bf00::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:02:26:72:48:df:80:44:58:1b:04:78:5a:17:39:c5:7b:fa:
         da:a0:22:94:c9:f3:34:ea:ac:71:81:ff:78:6d:69:64:2a:61:
         aa:d8:af:8b:ec:2b:31:6b:b6:22:9b:ec:00:e0:bb:fc:d1:10:
         d4:e4:da:70:51:54:3e:42:36:4a:91:d0:89:33:f8:6f:1d:cd:
         78:66:6a:8d:57:59:b2:2e:6d:ec:67:77:b3:b7:a4:50:6b:4a:
         a4:7f:ba:8a:c7:0c:ca:0e:5a:9d:0c:15:dc:96:23:ed:2d:cb:
         48:16:1b:b0:c6:b2:e1:81:df:4d:3b:5f:ba:ed:32:9d:a3:8e:
         5a:83:99:21:2a:ac:12:e7:8e:1c:b7:1a:51:38:9f:d7:18:fd:
         79:85:8e:ec:82:27:93:9b:b4:2e:0e:f1:c1:c3:91:4a:50:f5:
         54:1f:f7:ae:28:39:73:9d:9b:f6:d9:c1:9e:c2:11:50:eb:cb:
         f1:45:51:b7:21:a3:67:ee:7e:c1:8b:44:ae:d3:90:65:a8:89:
         89:c8:11:db:5a:da:54:ac:06:d3:d3:8b:39:9f:81:0d:85:97:
         c6:62:20:80:2c:01:07:00:58:78:b2:07:51:93:09:19:5c:3d:
         de:3b:17:8a:29:04:39:7b:80:c9:00:a8:29:f1:29:e0:88:c0:
         4d:2e:85:06
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCdP/u14YleO9sOELfTIi29MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjFkNzUyOGJlNzEzYTRiYTJjYjRkYjVlNThkNjRkODgy
ZWI1NTUwHhcNMjQwNzEwMTUyNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmE2MWNkYmZmZWUxYTU5OTI5N2Q2MzM3OWMwY2Q0ZjY3ZGI4ZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnldB9OI2VkEfIoe3JBnJcM/dQm07
3aicQMDDBS83Nuxzd9XyNsYwbHQ/HSGWta2GS1urUop5+MwevYHpr3cwyU7JGVX5
24xREMHD3k21k7LJJfXgpBRCAQqjOSf6UlHMp4rZkokyqUJXXOKktvLq2v9o+SWq
uT8k0oDw02pigdFsKLw9YTZjXSiOcCpP8/vag4X5ocQDjQo4SxNaJTgZbUDfXSm6
It2y2JKlewnRAEfJxoW3tBto3/dnbhls9831ofTdlzWgKk4bImPNN4KIN74s+ilc
k5dvhpbQ/644fnPk4IGur1jNk33gbafBkXqk5KOrdHvGnI2tu1TYtHxTFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLamHNv/7hpZkpfWM3nAzU9n249XMB8GA1UdIwQY
MBaAFHAh11KL5xOkuiy0215Y1k2ILrVVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAt
OTI4MWYwZDIzZGJmLzEvdHFZYzJfX3VHbG1TbDlZemVjRE5UMmZiajFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wMWIwYzAtMWI4Ny00ZDZmLTllOTAtOTI4MWYwZDIzZGJm
LzEvY0NIWFVvdm5FNlM2TExUYlhsaldUWWd1dFZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg+/ADAN
BgkqhkiG9w0BAQsFAAOCAQEAbQImckjfgERYGwR4Whc5xXv62qAilMnzNOqscYH/
eG1pZCphqtivi+wrMWu2IpvsAOC7/NEQ1OTacFFUPkI2SpHQiTP4bx3NeGZqjVdZ
si5t7Gd3s7ekUGtKpH+6iscMyg5anQwV3JYj7S3LSBYbsMay4YHfTTtfuu0ynaOO
WoOZISqsEueOHLcaUTif1xj9eYWO7IInk5u0Lg7xwcORSlD1VB/3rig5c52b9tnB
nsIRUOvL8UVRtyGjZ+5+wYtErtOQZaiJicgR21raVKwG09OLOZ+BDYWXxmIggCwB
BwBYeLIHUZMJGVw93jsXiikEOXuAyQCoKfEp4IjATS6FBg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 23:42:41 2024 by rpki-client on console-fra.rpki-client.org