Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/176f7d-6f0f-45e5-97f2-c9db981a2a2f/1/Ndj0ofR7Im6hXhXtW7EmVsSGucU.roa
File:                     Ndj0ofR7Im6hXhXtW7EmVsSGucU.roa (raw, json)
Hash identifier:          aeLRFhoyda/N9rmXYlgCEJelQLvDDQjl6J1v/5aaNvQ=
Subject key identifier:   35:D8:F4:A1:F4:7B:22:6E:A1:5E:15:ED:5B:B1:26:56:C4:86:B9:C5
Certificate issuer:       /CN=a4338168cd9d5af0604013fc4274126fc581f3cb
Certificate serial:       018CC56E26E18545A9DFB10624D2AE815360
Authority key identifier: A4:33:81:68:CD:9D:5A:F0:60:40:13:FC:42:74:12:6F:C5:81:F3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pDOBaM2dWvBgQBP8QnQSb8WB88s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/176f7d-6f0f-45e5-97f2-c9db981a2a2f/1/Ndj0ofR7Im6hXhXtW7EmVsSGucU.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211833
IP address blocks:        2a12:f340::/48 maxlen: 48
                          2a12:f340:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/176f7d-6f0f-45e5-97f2-c9db981a2a2f/1/pDOBaM2dWvBgQBP8QnQSb8WB88s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/176f7d-6f0f-45e5-97f2-c9db981a2a2f/1/pDOBaM2dWvBgQBP8QnQSb8WB88s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pDOBaM2dWvBgQBP8QnQSb8WB88s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:26:e1:85:45:a9:df:b1:06:24:d2:ae:81:53:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4338168cd9d5af0604013fc4274126fc581f3cb
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35d8f4a1f47b226ea15e15ed5bb12656c486b9c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fb:58:03:44:f8:6e:0d:d8:5e:88:92:5e:68:
                    34:46:1f:fc:60:8b:60:fb:bf:7a:2d:c8:d7:d7:4c:
                    21:cd:a3:bc:e1:bb:91:b6:ff:05:48:90:67:fe:31:
                    72:a4:26:50:b6:68:ab:f5:f4:ea:1b:b8:9f:03:7c:
                    74:6d:dc:7c:3f:ed:ba:27:d8:b9:7b:c1:cc:24:f0:
                    65:da:d2:58:bd:62:da:a0:f9:44:e8:b0:ce:10:17:
                    19:e4:d3:d7:e6:cd:83:4c:85:1c:a6:cf:f9:52:50:
                    9a:93:27:0d:5f:5e:fe:dc:7f:42:30:99:f6:3f:6a:
                    8d:d9:65:88:57:52:7a:19:a7:1f:4c:ba:9f:f1:e6:
                    2b:11:0f:b1:a2:21:e4:58:7f:e3:32:88:89:2c:65:
                    8b:77:6d:65:13:7c:7d:06:a8:9e:54:c1:c2:29:73:
                    9e:cd:bc:91:c0:47:61:0b:0e:a5:02:dd:f5:e1:f7:
                    36:bf:10:9f:b6:79:0d:40:48:a0:53:87:e9:45:e7:
                    58:f8:df:12:c8:cd:01:08:2d:36:66:7d:7b:82:f1:
                    ae:bc:cb:fb:73:6c:37:2b:43:0c:03:50:f6:64:6b:
                    3c:09:92:43:80:ac:f7:6b:b7:e4:47:4d:bc:a4:5a:
                    77:e3:a3:ca:91:82:28:7f:63:f8:12:59:fa:0c:00:
                    62:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D8:F4:A1:F4:7B:22:6E:A1:5E:15:ED:5B:B1:26:56:C4:86:B9:C5
            X509v3 Authority Key Identifier:
                keyid:A4:33:81:68:CD:9D:5A:F0:60:40:13:FC:42:74:12:6F:C5:81:F3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDOBaM2dWvBgQBP8QnQSb8WB88s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/176f7d-6f0f-45e5-97f2-c9db981a2a2f/1/Ndj0ofR7Im6hXhXtW7EmVsSGucU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/176f7d-6f0f-45e5-97f2-c9db981a2a2f/1/pDOBaM2dWvBgQBP8QnQSb8WB88s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f340::/47

    Signature Algorithm: sha256WithRSAEncryption
         bb:6d:dd:c6:62:2d:cf:14:f3:73:41:05:fd:84:eb:f8:a1:46:
         3f:79:11:19:2d:b0:01:2c:0f:79:0f:e2:b6:01:ef:38:cf:b5:
         a4:ff:dc:37:1a:cd:dc:5b:ca:9a:b3:fb:ee:dd:66:ed:5e:89:
         54:f0:72:94:b5:90:a3:ad:79:a4:5d:2e:01:5a:aa:88:c1:71:
         d8:33:58:64:00:3e:17:ee:67:cc:1e:ef:82:0d:ff:d9:a6:52:
         39:e9:25:15:ad:27:0c:b5:4e:43:88:84:09:18:9c:e6:07:6b:
         53:43:59:8c:c6:67:22:b7:c8:a1:c1:bc:56:bb:0e:bd:2b:ac:
         84:dc:fd:f9:6c:55:8b:11:9e:5a:02:59:46:78:3d:ba:16:df:
         c5:c9:88:98:2d:e0:a3:3e:59:63:10:18:5d:d2:f9:2d:78:92:
         1d:1c:b4:d3:e1:d7:ef:b7:63:36:85:04:01:73:fd:43:07:b5:
         93:4c:eb:0e:89:64:9e:0e:34:63:a5:44:aa:60:ac:77:2b:7f:
         f7:bb:ff:09:d1:63:07:b0:92:a7:84:2e:3d:98:a2:b9:ef:d0:
         11:0d:2d:ce:e1:7c:bf:31:f8:a8:25:f2:24:af:38:25:67:c4:
         87:45:72:2c:52:da:47:dc:36:6e:d7:d9:90:34:59:0b:f8:17:
         40:89:b2:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbibhhUWp37EGJNKugVNgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzM4MTY4Y2Q5ZDVhZjA2MDQwMTNmYzQyNzQxMjZmYzU4
MWYzY2IwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQ4ZjRhMWY0N2IyMjZlYTE1ZTE1ZWQ1YmIxMjY1NmM0ODZiOWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvtYA0T4bg3YXoiSXmg0Rh/8YItg
+796LcjX10whzaO84buRtv8FSJBn/jFypCZQtmir9fTqG7ifA3x0bdx8P+26J9i5
e8HMJPBl2tJYvWLaoPlE6LDOEBcZ5NPX5s2DTIUcps/5UlCakycNX17+3H9CMJn2
P2qN2WWIV1J6GacfTLqf8eYrEQ+xoiHkWH/jMoiJLGWLd21lE3x9BqieVMHCKXOe
zbyRwEdhCw6lAt314fc2vxCftnkNQEigU4fpRedY+N8SyM0BCC02Zn17gvGuvMv7
c2w3K0MMA1D2ZGs8CZJDgKz3a7fkR028pFp346PKkYIof2P4Eln6DABijwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDXY9KH0eyJuoV4V7VuxJlbEhrnFMB8GA1UdIwQY
MBaAFKQzgWjNnVrwYEAT/EJ0Em/FgfPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERPQmFNMmRXdkJnUUJQOFFuUVNiOFdCODhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xNzZmN2QtNmYwZi00NWU1LTk3ZjIt
YzlkYjk4MWEyYTJmLzEvTmRqMG9mUjdJbTZoWGhYdFc3RW1Wc1NHdWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xNzZmN2QtNmYwZi00NWU1LTk3ZjItYzlkYjk4MWEyYTJm
LzEvcERPQmFNMmRXdkJnUUJQOFFuUVNiOFdCODhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhLzQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQC7bd3GYi3PFPNzQQX9hOv4oUY/eREZLbABLA95
D+K2Ae84z7Wk/9w3Gs3cW8qas/vu3WbtXolU8HKUtZCjrXmkXS4BWqqIwXHYM1hk
AD4X7mfMHu+CDf/ZplI56SUVrScMtU5DiIQJGJzmB2tTQ1mMxmcit8ihwbxWuw69
K6yE3P35bFWLEZ5aAllGeD26Ft/FyYiYLeCjPlljEBhd0vkteJIdHLTT4dfvt2M2
hQQBc/1DB7WTTOsOiWSeDjRjpUSqYKx3K3/3u/8J0WMHsJKnhC49mKK579ARDS3O
4Xy/MfioJfIkrzglZ8SHRXIsUtpH3DZu19mQNFkL+BdAibJB
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:14:22 2024 by rpki-client on console-fra.rpki-client.org