Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/TePwxizWnFvpzoVVWY26uqWo5SI.roa
File:                     TePwxizWnFvpzoVVWY26uqWo5SI.roa (raw, json)
Hash identifier:          /9wrN4mKxbnuivx9oLx/mSSOj6zFbtfzkl28Zd1W9f0=
Subject key identifier:   4D:E3:F0:C6:2C:D6:9C:5B:E9:CE:85:55:59:8D:BA:BA:A5:A8:E5:22
Certificate issuer:       /CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
Certificate serial:       01905EF6ECEDF2FF8DE5A13A8A8498AA6E51
Authority key identifier: 55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/TePwxizWnFvpzoVVWY26uqWo5SI.roa
Signing time:             Fri 28 Jun 2024 13:09:19 +0000
ROA not before:           Fri 28 Jun 2024 13:09:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216213
IP address blocks:        2a13:e0c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5e:f6:ec:ed:f2:ff:8d:e5:a1:3a:8a:84:98:aa:6e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
        Validity
            Not Before: Jun 28 13:09:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4de3f0c62cd69c5be9ce8555598dbabaa5a8e522
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:4a:d3:ef:2f:2e:58:58:46:22:e8:82:34:ed:
                    f9:22:dd:29:dd:ae:a0:75:ee:24:a4:bc:5c:7b:a2:
                    50:98:2b:05:03:a9:c1:dc:f3:be:5c:51:68:e0:82:
                    fe:cc:dc:c4:0a:69:f9:a6:0c:5f:b9:82:a6:8c:ba:
                    48:00:db:31:28:74:e5:b2:d1:2e:dc:12:cd:2f:ae:
                    86:17:84:36:18:d8:b3:39:d2:39:00:42:e7:05:82:
                    0e:e1:db:85:06:3f:50:4d:d7:a7:5e:2d:1d:f9:ce:
                    b9:28:5f:12:79:9c:70:29:4f:0c:6d:cb:18:2a:54:
                    eb:62:b8:72:ad:07:3b:cf:0b:5c:ae:08:92:0f:98:
                    f4:bf:60:62:94:a7:61:84:eb:f5:56:b5:b4:a3:ea:
                    e1:a7:2c:b9:ea:11:b3:21:7b:66:db:56:cf:3d:09:
                    38:0e:4e:b0:c1:98:5d:45:45:9d:06:0b:f3:1e:46:
                    b2:63:19:26:10:ff:f0:0a:ac:e0:ad:69:03:1f:ff:
                    89:48:2e:da:42:3e:cf:be:d3:9b:7d:01:24:91:fe:
                    fb:a4:78:68:16:fc:96:bf:c0:fa:b8:4c:17:4e:e3:
                    55:c6:3e:75:65:af:98:b9:46:9c:9f:11:43:e0:ea:
                    7a:64:f4:8b:bf:19:ba:f5:ed:a3:47:94:43:a7:24:
                    39:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:E3:F0:C6:2C:D6:9C:5B:E9:CE:85:55:59:8D:BA:BA:A5:A8:E5:22
            X509v3 Authority Key Identifier:
                keyid:55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/TePwxizWnFvpzoVVWY26uqWo5SI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:d7:b5:59:1c:37:64:89:33:9b:e0:b5:65:c5:11:0b:8f:8f:
         b9:26:15:50:77:65:f0:05:b6:3c:dd:08:3a:c7:e1:6d:91:a9:
         a5:48:5a:9f:df:4e:77:a3:7c:06:0c:da:37:42:2b:59:5c:37:
         45:fc:84:b7:3c:f2:1c:c4:54:05:9c:ba:1b:39:12:87:ba:2e:
         f2:91:3e:45:8a:f3:20:1c:bc:b6:11:b3:36:eb:8d:11:5e:c0:
         1e:98:78:67:e2:45:13:8c:04:30:fa:d3:a1:45:d8:cb:4e:b3:
         13:d9:24:38:9c:d8:d7:4a:db:61:d1:4e:0e:57:a5:16:24:d0:
         8c:77:01:73:2e:de:ff:5e:b0:79:e4:fe:3f:83:6f:49:e0:ad:
         77:1b:f5:00:45:17:e8:eb:2e:b7:cc:0e:77:3a:25:d1:1f:b0:
         55:ef:c4:b2:ce:e4:a6:3b:fa:d2:56:50:fc:7d:17:52:78:12:
         ea:7e:1a:18:b9:42:7b:33:0d:f9:a4:1e:8e:d4:03:32:1c:37:
         b7:ed:6c:b9:ff:da:0f:ca:65:c2:06:b9:31:db:a6:1c:d7:e3:
         86:44:9c:23:d8:7a:91:40:cd:bc:cc:d6:a9:4c:d2:f1:7e:72:
         a6:92:66:df:1e:c5:19:70:d0:ee:a3:fe:94:a4:17:a2:e4:06:
         1f:d5:c7:3f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBe9uzt8v+N5aE6ioSYqm5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjRiMmUyNmRkM2FmY2M1YzFlYWMwMWY5MDI2M2QyMDFm
YmUwOTkwHhcNMjQwNjI4MTMwOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGUzZjBjNjJjZDY5YzViZTljZTg1NTU1OThkYmFiYWE1YThlNTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7UrT7y8uWFhGIuiCNO35It0p3a6g
de4kpLxce6JQmCsFA6nB3PO+XFFo4IL+zNzECmn5pgxfuYKmjLpIANsxKHTlstEu
3BLNL66GF4Q2GNizOdI5AELnBYIO4duFBj9QTdenXi0d+c65KF8SeZxwKU8MbcsY
KlTrYrhyrQc7zwtcrgiSD5j0v2BilKdhhOv1VrW0o+rhpyy56hGzIXtm21bPPQk4
Dk6wwZhdRUWdBgvzHkayYxkmEP/wCqzgrWkDH/+JSC7aQj7PvtObfQEkkf77pHho
FvyWv8D6uEwXTuNVxj51Za+YuUacnxFD4Op6ZPSLvxm69e2jR5RDpyQ57wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE3j8MYs1pxb6c6FVVmNurqlqOUiMB8GA1UdIwQY
MBaAFFUksuJt06/MXB6sAfkCY9IB++CZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMt
M2FhMjIyN2JhZGZlLzEvVGVQd3hpelduRnZwem9WVldZMjZ1cVdvNVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMtM2FhMjIyN2JhZGZl
LzEvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPgwDAN
BgkqhkiG9w0BAQsFAAOCAQEAtde1WRw3ZIkzm+C1ZcURC4+PuSYVUHdl8AW2PN0I
OsfhbZGppUhan99Od6N8BgzaN0IrWVw3RfyEtzzyHMRUBZy6GzkSh7ou8pE+RYrz
IBy8thGzNuuNEV7AHph4Z+JFE4wEMPrToUXYy06zE9kkOJzY10rbYdFODlelFiTQ
jHcBcy7e/16weeT+P4NvSeCtdxv1AEUX6Osut8wOdzol0R+wVe/Ess7kpjv60lZQ
/H0XUngS6n4aGLlCezMN+aQejtQDMhw3t+1suf/aD8plwga5MdumHNfjhkScI9h6
kUDNvMzWqUzS8X5yppJm3x7FGXDQ7qP+lKQXouQGH9XHPw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:07:00 2024 by rpki-client on console-fra.rpki-client.org