Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/rheBLew268rGTPyzf4nrRJCTxn8.roa
File:                     rheBLew268rGTPyzf4nrRJCTxn8.roa (raw, json)
Hash identifier:          DP2PtLD5YIVG4WQhOBy0q66l51LCyr+IPYx+Dzg8Dps=
Subject key identifier:   AE:17:81:2D:EC:36:EB:CA:C6:4C:FC:B3:7F:89:EB:44:90:93:C6:7F
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01915B82C6762CBDCD2AEBBB73A9E39D15DC
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/rheBLew268rGTPyzf4nrRJCTxn8.roa
Signing time:             Fri 16 Aug 2024 14:06:22 +0000
ROA not before:           Fri 16 Aug 2024 14:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30788
IP address blocks:        2a11:1340::/29 maxlen: 29
                          2a11:2c40::/29 maxlen: 29
                          2a11:3180::/29 maxlen: 29
                          2a11:4340::/29 maxlen: 29
                          2a11:4a00::/29 maxlen: 29
                          2a11:6340::/29 maxlen: 29
                          2a11:7880::/29 maxlen: 29
                          2a11:8500::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5b:82:c6:76:2c:bd:cd:2a:eb:bb:73:a9:e3:9d:15:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Aug 16 14:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae17812dec36ebcac64cfcb37f89eb449093c67f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:83:1b:b6:c8:18:ad:41:c7:1b:3e:14:6d:d0:
                    00:c3:26:f1:16:f6:68:76:ff:f1:da:61:77:90:5b:
                    c9:6a:52:fe:0e:91:b3:2e:5e:ab:d0:76:90:9a:3f:
                    6e:e5:92:94:20:3c:11:08:65:44:8a:96:33:3f:9e:
                    02:ab:1c:61:b8:d8:fe:dc:0d:4b:69:b2:56:02:cd:
                    89:3e:76:cd:46:7a:48:79:ce:c7:7d:53:af:04:ef:
                    0b:5c:1d:70:b6:2f:32:a2:ab:cd:88:ab:b8:ab:4a:
                    19:38:70:17:7c:f9:24:74:a2:ae:13:e5:d2:c3:48:
                    bb:65:eb:4f:54:4a:26:3f:4b:68:db:8a:44:4b:96:
                    3c:bf:8b:ab:cd:25:16:d1:75:53:f1:12:76:80:e7:
                    57:5c:d8:22:aa:a5:2c:7e:dc:9f:20:87:10:69:2b:
                    57:90:90:87:c2:91:f9:90:3b:a0:cc:0f:14:7f:23:
                    70:bc:4f:7f:d8:a6:73:40:e3:52:e1:7b:08:f2:aa:
                    7d:08:d8:57:d1:e5:e6:31:53:13:14:d8:ad:59:db:
                    cb:4f:ca:76:b2:b1:86:9d:ea:b0:55:80:21:25:7e:
                    ac:00:0a:dc:27:7e:f0:9e:cc:5b:b4:c4:d1:68:52:
                    6c:b3:98:50:e7:e1:cb:18:9c:03:7b:2a:0a:5f:1b:
                    9d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:17:81:2D:EC:36:EB:CA:C6:4C:FC:B3:7F:89:EB:44:90:93:C6:7F
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/rheBLew268rGTPyzf4nrRJCTxn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1340::/29
                  2a11:2c40::/29
                  2a11:3180::/29
                  2a11:4340::/29
                  2a11:4a00::/29
                  2a11:6340::/29
                  2a11:7880::/29
                  2a11:8500::/29

    Signature Algorithm: sha256WithRSAEncryption
         cf:f9:2a:44:3d:24:bc:98:0b:40:b0:ad:e1:a0:1b:db:0f:cb:
         1c:45:a1:72:4f:3c:5b:4c:b9:2d:04:03:31:62:98:d0:5d:0d:
         d4:34:aa:23:19:eb:ec:d3:c7:2e:a7:dd:88:35:bb:a5:9f:10:
         b4:a5:53:ae:22:6d:48:4a:77:d7:9f:8d:00:60:78:ad:ff:07:
         68:25:0e:0f:44:1a:0e:b6:f4:08:bd:9b:bb:f4:8b:39:f3:df:
         3d:2c:d4:1e:87:a7:6b:0c:0d:31:e9:38:14:cd:bf:f5:a6:51:
         6d:7b:e4:66:86:f6:d4:6c:3c:30:da:db:12:8f:df:c6:5b:cf:
         48:f8:f9:54:e9:0d:7b:99:4b:f2:71:56:ea:c2:4c:66:c6:14:
         2a:87:15:13:9d:ab:53:7b:89:4e:b2:35:25:3c:c9:91:37:4a:
         15:8f:1c:15:92:14:01:76:b7:4c:5a:fd:95:67:34:3b:67:bd:
         59:2d:df:6b:fd:bb:94:bf:32:9f:a6:30:66:40:08:c9:58:8b:
         71:e2:d7:8b:79:87:21:72:e9:63:17:d9:73:13:f4:78:43:c0:
         86:08:86:19:c3:b2:e5:d1:4b:be:af:87:2a:91:bb:82:64:c0:
         aa:cf:37:04:9a:f8:d3:ca:55:29:36:bf:ef:02:7a:6e:b8:87:
         5b:00:31:97
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZFbgsZ2LL3NKuu7c6njnRXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwODE2MTQwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE3ODEyZGVjMzZlYmNhYzY0Y2ZjYjM3Zjg5ZWI0NDkwOTNjNjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oMbtsgYrUHHGz4UbdAAwybxFvZo
dv/x2mF3kFvJalL+DpGzLl6r0HaQmj9u5ZKUIDwRCGVEipYzP54CqxxhuNj+3A1L
abJWAs2JPnbNRnpIec7HfVOvBO8LXB1wti8yoqvNiKu4q0oZOHAXfPkkdKKuE+XS
w0i7ZetPVEomP0to24pES5Y8v4urzSUW0XVT8RJ2gOdXXNgiqqUsftyfIIcQaStX
kJCHwpH5kDugzA8UfyNwvE9/2KZzQONS4XsI8qp9CNhX0eXmMVMTFNitWdvLT8p2
srGGneqwVYAhJX6sAArcJ37wnsxbtMTRaFJss5hQ5+HLGJwDeyoKXxudewIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFK4XgS3sNuvKxkz8s3+J60SQk8Z/MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvcmhlQkxldzI2OHJHVFB5emY0bnJSSkNUeG44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUDKhETQAMF
AyoRLEADBQMqETGAAwUDKhFDQAMFAyoRSgADBQMqEWNAAwUDKhF4gAMFAyoRhQAw
DQYJKoZIhvcNAQELBQADggEBAM/5KkQ9JLyYC0CwreGgG9sPyxxFoXJPPFtMuS0E
AzFimNBdDdQ0qiMZ6+zTxy6n3Yg1u6WfELSlU64ibUhKd9efjQBgeK3/B2glDg9E
Gg629Ai9m7v0iznz3z0s1B6Hp2sMDTHpOBTNv/WmUW175GaG9tRsPDDa2xKP38Zb
z0j4+VTpDXuZS/JxVurCTGbGFCqHFROdq1N7iU6yNSU8yZE3ShWPHBWSFAF2t0xa
/ZVnNDtnvVkt32v9u5S/Mp+mMGZACMlYi3Hi14t5hyFy6WMX2XMT9HhDwIYIhhnD
suXRS76vhyqRu4JkwKrPNwSa+NPKVSk2v+8Cem64h1sAMZc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:30:29 2024 by rpki-client on console-ams.rpki-client.org