Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/8AKvw_v4wOGXw-n2iD9BJShjgQA.roa
File:                     8AKvw_v4wOGXw-n2iD9BJShjgQA.roa (raw, json)
Hash identifier:          u64mR5xasS2tG+0cq4m+y8Wa8UY/KEPISgqZZcTeTD8=
Subject key identifier:   F0:02:AF:C3:FB:F8:C0:E1:97:C3:E9:F6:88:3F:41:25:28:63:81:00
Certificate issuer:       /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial:       01916C8B6DCFD34A535725E13CBBB5E7DBB8
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/8AKvw_v4wOGXw-n2iD9BJShjgQA.roa
Signing time:             Mon 19 Aug 2024 21:29:22 +0000
ROA not before:           Mon 19 Aug 2024 21:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30788
IP address blocks:        2a12:35c0::/29 maxlen: 29
                          2a12:41c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6c:8b:6d:cf:d3:4a:53:57:25:e1:3c:bb:b5:e7:db:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
        Validity
            Not Before: Aug 19 21:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f002afc3fbf8c0e197c3e9f6883f412528638100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a6:3e:ce:c6:df:56:3e:4d:27:68:0c:03:ef:
                    da:d6:95:58:47:7d:53:40:46:2a:41:5c:e9:5a:40:
                    77:0c:98:b0:eb:06:f9:f2:46:ea:6a:f6:7f:c8:4c:
                    cf:e5:ad:d8:10:2b:9b:21:f5:2c:39:92:fa:bd:81:
                    d1:4b:6d:90:05:52:8a:2b:35:9b:a9:40:3c:1d:5d:
                    44:97:51:a1:c3:d2:16:61:57:63:74:93:17:7c:77:
                    43:83:13:5e:3d:94:98:90:24:2b:b7:e5:7d:f1:cf:
                    cf:5a:45:01:d0:80:47:9a:f3:0a:b5:90:57:aa:59:
                    cc:3a:f6:22:94:f8:5f:0a:bc:24:c3:a9:85:71:09:
                    a4:b6:2a:8b:88:a4:ea:2f:c1:26:ef:37:c3:36:2c:
                    d9:1c:2a:30:2c:01:f9:36:6f:e1:7c:ab:af:c8:b1:
                    99:5a:17:61:81:41:a5:28:55:41:6a:fe:e9:47:93:
                    4d:8b:26:54:4c:44:07:ab:ea:ff:47:58:cc:5e:b5:
                    36:e0:19:2e:8a:4b:f1:cf:8e:ab:12:ef:f4:c6:1f:
                    2c:cf:76:44:1e:90:ad:48:54:f7:59:45:09:fe:dc:
                    81:52:46:e4:67:fc:c0:2f:54:c4:ae:c4:e6:fc:e9:
                    4f:49:3d:10:63:4a:31:4c:e4:b7:96:c0:a5:b5:91:
                    d3:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:02:AF:C3:FB:F8:C0:E1:97:C3:E9:F6:88:3F:41:25:28:63:81:00
            X509v3 Authority Key Identifier:
                keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/8AKvw_v4wOGXw-n2iD9BJShjgQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:35c0::/29
                  2a12:41c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:dc:a5:88:32:49:76:b9:fe:8c:bb:bf:91:4d:9d:03:18:3c:
         5b:0a:ad:e3:2c:5b:b4:b3:10:02:8b:93:30:cd:32:e8:da:82:
         87:5a:6f:85:8d:b8:c6:1e:92:0f:40:59:d4:b8:67:c8:d6:21:
         51:d6:27:c4:98:f8:80:14:e1:81:95:a9:71:af:dc:3e:b4:c8:
         30:5e:71:e9:26:68:d0:74:0a:52:d9:59:a1:d7:0b:6c:4a:a7:
         16:6b:a1:15:d7:9c:3d:6d:02:d0:d9:be:7a:be:69:07:5f:00:
         eb:65:85:8d:59:a8:68:f6:ac:9d:54:39:c5:d7:73:8c:91:aa:
         17:34:d4:db:f7:aa:d2:ca:a6:5e:97:55:f5:dc:72:ae:14:8d:
         77:56:93:74:af:ee:e0:2e:6d:ca:4b:a8:49:3d:91:05:c8:7c:
         d3:5d:d7:69:ef:e3:2a:97:8f:5d:11:ee:dc:76:ec:a0:b6:a3:
         c2:49:d3:ae:11:82:25:70:71:ec:cc:da:20:9c:4d:70:a3:49:
         65:08:69:21:3a:f1:14:c8:92:80:ef:39:8d:63:54:d1:93:eb:
         0e:ea:e7:b2:10:fc:1b:33:94:3f:8b:1d:56:30:27:f6:a5:b1:
         b1:5d:f4:c0:e5:78:26:a5:14:e4:50:29:f7:2a:56:8d:d4:7f:
         b5:61:ab:be
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZFsi23P00pTVyXhPLu159u4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwODE5MjEyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDAyYWZjM2ZiZjhjMGUxOTdjM2U5ZjY4ODNmNDEyNTI4NjM4MTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKY+zsbfVj5NJ2gMA+/a1pVYR31T
QEYqQVzpWkB3DJiw6wb58kbqavZ/yEzP5a3YECubIfUsOZL6vYHRS22QBVKKKzWb
qUA8HV1El1Ghw9IWYVdjdJMXfHdDgxNePZSYkCQrt+V98c/PWkUB0IBHmvMKtZBX
qlnMOvYilPhfCrwkw6mFcQmktiqLiKTqL8Em7zfDNizZHCowLAH5Nm/hfKuvyLGZ
WhdhgUGlKFVBav7pR5NNiyZUTEQHq+r/R1jMXrU24Bkuikvxz46rEu/0xh8sz3ZE
HpCtSFT3WUUJ/tyBUkbkZ/zAL1TErsTm/OlPST0QY0oxTOS3lsCltZHTrwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPACr8P7+MDhl8Pp9og/QSUoY4EAMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvOEFLdndfdjR3T0dYdy1uMmlEOUJKU2hqZ1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhI1wAMF
AyoSQcAwDQYJKoZIhvcNAQELBQADggEBAGXcpYgySXa5/oy7v5FNnQMYPFsKreMs
W7SzEAKLkzDNMujagodab4WNuMYekg9AWdS4Z8jWIVHWJ8SY+IAU4YGVqXGv3D60
yDBecekmaNB0ClLZWaHXC2xKpxZroRXXnD1tAtDZvnq+aQdfAOtlhY1ZqGj2rJ1U
OcXXc4yRqhc01Nv3qtLKpl6XVfXccq4UjXdWk3Sv7uAubcpLqEk9kQXIfNNd12nv
4yqXj10R7tx27KC2o8JJ064RgiVwcezM2iCcTXCjSWUIaSE68RTIkoDvOY1jVNGT
6w7q57IQ/BszlD+LHVYwJ/alsbFd9MDleCalFORQKfcqVo3Uf7Vhq74=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:58:57 2024 by rpki-client on console-ams.rpki-client.org