Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/uEPOjRS8d-LvmEhNODzipMd91RE.roa
File:                     uEPOjRS8d-LvmEhNODzipMd91RE.roa (raw, json)
Hash identifier:          udAkoIKRQyNnkig1erNSVsicDvIgS2U/i2CKDC7vo7k=
Subject key identifier:   B8:43:CE:8D:14:BC:77:E2:EF:98:48:4D:38:3C:E2:A4:C7:7D:D5:11
Certificate issuer:       /CN=c2937b9461a3d266e935834e5047a182238362c8
Certificate serial:       018CC3B6BBE9FC8687BB9B660868940D1A33
Authority key identifier: C2:93:7B:94:61:A3:D2:66:E9:35:83:4E:50:47:A1:82:23:83:62:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wpN7lGGj0mbpNYNOUEehgiODYsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/uEPOjRS8d-LvmEhNODzipMd91RE.roa
Signing time:             Mon 01 Jan 2024 06:29:41 +0000
ROA not before:           Mon 01 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204228
IP address blocks:        2001:67c:24d8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/wpN7lGGj0mbpNYNOUEehgiODYsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/wpN7lGGj0mbpNYNOUEehgiODYsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wpN7lGGj0mbpNYNOUEehgiODYsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:bb:e9:fc:86:87:bb:9b:66:08:68:94:0d:1a:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2937b9461a3d266e935834e5047a182238362c8
        Validity
            Not Before: Jan  1 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b843ce8d14bc77e2ef98484d383ce2a4c77dd511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:15:26:21:41:96:4e:51:ad:31:f3:d8:4c:67:
                    f1:57:b9:b1:bf:85:79:db:c1:b1:c7:c5:15:79:df:
                    e7:46:5b:a6:d9:bf:d9:87:29:66:8a:75:4c:d0:9b:
                    df:3e:cb:cc:d3:ec:09:84:ad:f1:d0:fc:27:55:70:
                    f6:11:08:61:08:da:7c:94:0b:7c:c9:97:5e:f0:42:
                    16:03:c1:d3:7f:b0:1d:58:c7:c7:23:18:1f:de:f7:
                    b9:32:29:61:36:5c:0e:68:38:a6:b5:7c:b7:25:0f:
                    97:9e:ea:8f:ae:61:3c:3e:40:db:45:b4:10:65:67:
                    68:2e:37:23:4e:56:51:31:d4:57:3c:5b:62:f5:1a:
                    fc:0b:ac:16:80:43:fa:9a:1d:7d:9d:a0:01:12:ef:
                    85:65:44:03:4b:ae:56:2f:3b:50:cb:13:9b:e9:33:
                    45:02:98:47:f5:5c:ab:31:33:17:ca:84:a5:5d:93:
                    4d:8c:e0:01:92:bd:6e:62:5a:1b:16:3f:fd:7a:8f:
                    9c:42:71:c0:7f:3b:f7:51:fa:87:08:b9:36:88:26:
                    f6:10:03:4b:3f:17:b1:67:e4:0d:1e:24:6c:18:e2:
                    65:b4:83:8b:14:c0:e9:4a:77:d4:ac:ce:44:d6:e8:
                    8b:14:d5:bf:e6:49:c7:ff:c9:9b:d6:c3:79:10:f5:
                    9e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:43:CE:8D:14:BC:77:E2:EF:98:48:4D:38:3C:E2:A4:C7:7D:D5:11
            X509v3 Authority Key Identifier:
                keyid:C2:93:7B:94:61:A3:D2:66:E9:35:83:4E:50:47:A1:82:23:83:62:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wpN7lGGj0mbpNYNOUEehgiODYsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/uEPOjRS8d-LvmEhNODzipMd91RE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/wpN7lGGj0mbpNYNOUEehgiODYsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:24d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:d6:b9:62:2f:23:9e:94:8c:9c:8a:fc:fc:fa:24:26:90:5e:
         bf:7f:c2:bb:8c:77:2b:ad:cb:13:6f:e0:d2:40:e8:f4:e2:75:
         dd:4c:c2:7d:16:47:eb:40:06:2d:de:6b:d4:34:0f:37:38:ae:
         00:59:e0:4c:79:f8:18:5e:0b:58:33:5e:cc:34:33:1d:05:f1:
         f6:9a:be:17:60:5a:a4:51:c2:8a:4e:51:d3:fc:a6:18:93:e6:
         d1:86:6d:7d:2e:11:85:9c:73:01:33:98:5f:c2:c4:76:f6:74:
         37:b8:03:61:6c:48:6f:2d:a8:cb:48:58:91:d5:8b:8a:45:70:
         2a:a1:02:b6:7a:f0:42:81:72:2f:51:b5:15:e3:32:20:ca:72:
         ce:59:10:25:d3:4b:1a:26:ff:a5:4d:cd:be:ae:fa:6e:47:27:
         af:35:1e:8b:62:af:0d:98:4d:77:ff:64:e4:71:c6:4a:94:3f:
         45:ea:e2:b4:47:a8:f5:56:4d:35:3b:63:c2:3f:c5:fe:ff:e3:
         f0:d0:96:4c:b3:94:1f:de:be:25:1f:3b:21:09:9f:fb:a2:ae:
         ee:21:dc:66:b0:aa:92:73:cd:83:7b:43:cf:86:41:d0:26:34:
         23:55:23:01:0b:8f:43:89:b4:58:d7:e4:01:b4:3d:67:18:89:
         3c:47:c9:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtrvp/IaHu5tmCGiUDRozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyOTM3Yjk0NjFhM2QyNjZlOTM1ODM0ZTUwNDdhMTgyMjM4
MzYyYzgwHhcNMjQwMTAxMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODQzY2U4ZDE0YmM3N2UyZWY5ODQ4NGQzODNjZTJhNGM3N2RkNTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRUmIUGWTlGtMfPYTGfxV7mxv4V5
28Gxx8UVed/nRlum2b/ZhylminVM0JvfPsvM0+wJhK3x0PwnVXD2EQhhCNp8lAt8
yZde8EIWA8HTf7AdWMfHIxgf3ve5MilhNlwOaDimtXy3JQ+XnuqPrmE8PkDbRbQQ
ZWdoLjcjTlZRMdRXPFti9Rr8C6wWgEP6mh19naABEu+FZUQDS65WLztQyxOb6TNF
AphH9VyrMTMXyoSlXZNNjOABkr1uYlobFj/9eo+cQnHAfzv3UfqHCLk2iCb2EANL
PxexZ+QNHiRsGOJltIOLFMDpSnfUrM5E1uiLFNW/5knH/8mb1sN5EPWeEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLhDzo0UvHfi75hITTg84qTHfdURMB8GA1UdIwQY
MBaAFMKTe5Rho9Jm6TWDTlBHoYIjg2LIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3BON2xHR2owbWJwTllOT1VFZWhnaU9EWXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85ZGVkMmUtMzk3My00YmNmLTk1NjIt
Mzc3NDg4MWU3ZTFlLzEvdUVQT2pSUzhkLUx2bUVoTk9EemlwTWQ5MVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85ZGVkMmUtMzk3My00YmNmLTk1NjItMzc3NDg4MWU3ZTFl
LzEvd3BON2xHR2owbWJwTllOT1VFZWhnaU9EWXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCTY
MA0GCSqGSIb3DQEBCwUAA4IBAQCN1rliLyOelIycivz8+iQmkF6/f8K7jHcrrcsT
b+DSQOj04nXdTMJ9FkfrQAYt3mvUNA83OK4AWeBMefgYXgtYM17MNDMdBfH2mr4X
YFqkUcKKTlHT/KYYk+bRhm19LhGFnHMBM5hfwsR29nQ3uANhbEhvLajLSFiR1YuK
RXAqoQK2evBCgXIvUbUV4zIgynLOWRAl00saJv+lTc2+rvpuRyevNR6LYq8NmE13
/2TkccZKlD9F6uK0R6j1Vk01O2PCP8X+/+Pw0JZMs5Qf3r4lHzshCZ/7oq7uIdxm
sKqSc82De0PPhkHQJjQjVSMBC49DibRY1+QBtD1nGIk8R8kq
-----END CERTIFICATE-----
Generated at Sat Nov 23 07:50:33 2024 by rpki-client on console-ams.rpki-client.org