Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Q7qSWNW3Aia0ycIa7BsJHzbxwTM.roa
File:                     Q7qSWNW3Aia0ycIa7BsJHzbxwTM.roa (raw, json)
Hash identifier:          vmpmv+GX8AW22JVdSZIyCd71AiW+UzX9dzVBlIZamUg=
Subject key identifier:   43:BA:92:58:D5:B7:02:26:B4:C9:C2:1A:EC:1B:09:1F:36:F1:C1:33
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       019075241B146545C2938B8278874C6575C3
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Q7qSWNW3Aia0ycIa7BsJHzbxwTM.roa
Signing time:             Tue 02 Jul 2024 20:30:18 +0000
ROA not before:           Tue 02 Jul 2024 20:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57487
IP address blocks:        2a12:1245::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:75:24:1b:14:65:45:c2:93:8b:82:78:87:4c:65:75:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Jul  2 20:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43ba9258d5b70226b4c9c21aec1b091f36f1c133
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:05:b8:2a:c0:1f:ab:5a:8c:53:ce:62:95:d2:
                    8d:ef:e4:51:63:01:7a:fe:30:2e:04:75:00:f7:83:
                    f9:b2:84:60:eb:5e:c6:98:2b:56:a6:88:c5:ec:35:
                    c3:46:a8:e8:e3:45:cb:a7:93:cd:6d:7e:29:68:7c:
                    99:22:a6:73:ae:93:4f:65:c4:0f:c8:ce:b1:70:85:
                    3b:ca:95:fc:d2:63:0d:76:6b:18:cf:79:b9:e5:bc:
                    c7:82:17:26:fd:94:25:96:93:99:bc:18:fd:3d:ef:
                    f2:13:a7:49:a0:07:2a:ad:1b:52:c5:d1:d5:4d:63:
                    5e:a6:ae:e8:00:a4:41:74:95:e5:03:32:aa:15:f2:
                    aa:10:1a:da:56:3a:73:3a:9d:7f:28:cd:33:56:94:
                    06:af:02:84:a4:af:93:5c:fa:5b:89:24:e8:f6:97:
                    d8:ef:e2:4c:fc:0b:88:da:17:18:98:e2:c8:6f:6b:
                    cf:87:53:36:fc:49:5a:30:98:0c:10:45:48:21:c0:
                    17:0e:b5:96:21:ad:43:03:e1:53:5d:71:18:9d:1e:
                    62:ed:a3:39:c0:c9:3f:82:ab:64:74:6a:08:83:e1:
                    a6:a6:1b:ed:3c:32:48:38:20:82:34:65:07:7a:f3:
                    2a:59:b2:bd:ca:cf:4f:bd:19:6e:92:5e:bc:2d:01:
                    0b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:BA:92:58:D5:B7:02:26:B4:C9:C2:1A:EC:1B:09:1F:36:F1:C1:33
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Q7qSWNW3Aia0ycIa7BsJHzbxwTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1245::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:75:27:c0:39:82:f1:c8:a0:0f:5c:6d:b5:28:4f:66:57:66:
         1d:a7:0f:ef:ec:dc:f9:77:90:1b:b3:38:69:3b:11:d5:88:16:
         77:73:90:f3:29:d1:11:1f:d4:03:bd:c2:b7:f5:df:3d:4b:58:
         fe:c0:e4:cd:41:28:e6:79:e1:66:bb:b6:0a:24:10:a7:86:ad:
         6a:88:03:ac:b8:07:48:cb:e6:87:30:bb:a6:d8:77:c2:95:97:
         08:68:34:93:55:31:b5:5b:b1:1e:65:d0:86:e3:84:fe:0a:3d:
         73:58:f3:00:4f:ee:8c:3d:5f:ab:be:c9:ee:ea:79:b4:db:b8:
         30:cc:de:b2:f4:48:41:15:47:c3:8c:1d:fa:46:f6:9c:d6:74:
         b3:67:ac:86:50:de:91:48:59:49:68:3c:62:33:42:17:91:18:
         25:55:1a:26:36:06:50:a4:b3:62:60:bd:8e:d0:04:d9:4e:23:
         b5:8c:72:e2:82:a2:ee:1f:da:cd:76:a4:f9:de:79:21:08:64:
         19:69:ae:6b:a3:11:64:4a:18:f8:42:d8:e4:f0:d3:cf:c9:43:
         07:22:80:76:a7:66:c4:4f:43:94:a1:1b:87:9f:f2:ec:a1:f3:
         7e:7a:62:d7:24:73:a3:48:79:74:43:02:7e:19:13:69:49:79:
         91:c3:25:27
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZB1JBsUZUXCk4uCeIdMZXXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwNzAyMjAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2JhOTI1OGQ1YjcwMjI2YjRjOWMyMWFlYzFiMDkxZjM2ZjFjMTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywW4KsAfq1qMU85ildKN7+RRYwF6
/jAuBHUA94P5soRg617GmCtWpojF7DXDRqjo40XLp5PNbX4paHyZIqZzrpNPZcQP
yM6xcIU7ypX80mMNdmsYz3m55bzHghcm/ZQllpOZvBj9Pe/yE6dJoAcqrRtSxdHV
TWNepq7oAKRBdJXlAzKqFfKqEBraVjpzOp1/KM0zVpQGrwKEpK+TXPpbiSTo9pfY
7+JM/AuI2hcYmOLIb2vPh1M2/ElaMJgMEEVIIcAXDrWWIa1DA+FTXXEYnR5i7aM5
wMk/gqtkdGoIg+GmphvtPDJIOCCCNGUHevMqWbK9ys9PvRlukl68LQEL8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEO6kljVtwImtMnCGuwbCR828cEzMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvUTdxU1dOVzNBaWEweWNJYTdCc0pIemJ4d1RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhISRTAN
BgkqhkiG9w0BAQsFAAOCAQEACHUnwDmC8cigD1xttShPZldmHacP7+zc+XeQG7M4
aTsR1YgWd3OQ8ynRER/UA73Ct/XfPUtY/sDkzUEo5nnhZru2CiQQp4ataogDrLgH
SMvmhzC7pth3wpWXCGg0k1UxtVuxHmXQhuOE/go9c1jzAE/ujD1fq77J7up5tNu4
MMzesvRIQRVHw4wd+kb2nNZ0s2eshlDekUhZSWg8YjNCF5EYJVUaJjYGUKSzYmC9
jtAE2U4jtYxy4oKi7h/azXak+d55IQhkGWmua6MRZEoY+ELY5PDTz8lDByKAdqdm
xE9DlKEbh5/y7KHzfnpi1yRzo0h5dEMCfhkTaUl5kcMlJw==
-----END CERTIFICATE-----