Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/0b1Octt82kvN3_6VYldJ1TYabDw.roa
File:                     0b1Octt82kvN3_6VYldJ1TYabDw.roa (raw, json)
Hash identifier:          Uig0RqQqSxl07Ve6Php0kJj4hZeVUZWqQBytkviUS/s=
Subject key identifier:   D1:BD:4E:72:DB:7C:DA:4B:CD:DF:FE:95:62:57:49:D5:36:1A:6C:3C
Certificate issuer:       /CN=0e64f81b9e36b849917787678d014db4bfcef311
Certificate serial:       018CCEF9D4731D0EC3CAC7CA7FAD4F5ACA92
Authority key identifier: 0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/0b1Octt82kvN3_6VYldJ1TYabDw.roa
Signing time:             Wed 03 Jan 2024 10:58:48 +0000
ROA not before:           Wed 03 Jan 2024 10:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138181
IP address blocks:        2a12:a307:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:f9:d4:73:1d:0e:c3:ca:c7:ca:7f:ad:4f:5a:ca:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e64f81b9e36b849917787678d014db4bfcef311
        Validity
            Not Before: Jan  3 10:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1bd4e72db7cda4bcddffe95625749d5361a6c3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c2:a4:89:ca:66:f5:1f:64:ad:a9:3c:82:5b:
                    d9:d2:4a:81:c7:d7:18:30:2c:8e:b4:1b:7c:96:e0:
                    ca:7e:8c:4c:59:ed:ba:f1:63:58:5c:01:7b:9b:47:
                    3d:61:6f:37:4b:f4:ea:e2:50:2d:09:96:d4:b5:64:
                    62:d1:f4:33:97:40:1e:5e:a1:f5:e9:6e:79:cc:69:
                    d7:7b:26:19:4a:58:42:6e:bf:e7:c0:64:00:ff:a5:
                    d6:ea:18:dd:d0:f4:36:b8:30:be:c4:12:10:dc:51:
                    29:bd:7d:9c:15:46:3e:ea:03:ee:7f:6b:1a:37:d7:
                    27:25:6d:e5:34:7f:7d:7c:94:74:b3:c8:3f:c1:93:
                    32:7f:3e:04:19:7f:0a:46:8b:41:70:5f:7d:8b:f1:
                    30:5b:74:2b:f6:44:3f:99:56:8c:f6:3e:b9:c7:09:
                    e3:1d:00:00:66:7f:e6:c7:bb:9a:ba:32:93:2f:be:
                    28:fd:0a:7d:e7:0e:c8:b6:c6:ff:5c:05:98:ea:19:
                    6a:0d:70:ec:1e:21:e8:ef:6a:ae:69:ed:f5:48:61:
                    02:90:dd:fa:c7:ef:b0:e3:21:b5:f9:ac:48:76:9e:
                    ae:55:8e:aa:a4:5a:be:1c:cd:76:25:77:04:10:20:
                    7f:ec:06:06:0d:77:88:88:b8:ff:0c:59:09:59:53:
                    99:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:BD:4E:72:DB:7C:DA:4B:CD:DF:FE:95:62:57:49:D5:36:1A:6C:3C
            X509v3 Authority Key Identifier:
                keyid:0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/0b1Octt82kvN3_6VYldJ1TYabDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a307:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:60:a6:2b:f6:40:c7:0e:7a:9d:b0:cd:8f:16:9c:ae:da:f1:
         a8:6c:a1:9c:f8:68:11:b3:e6:8f:67:47:9f:59:7c:d5:8f:16:
         16:f9:92:93:d3:4c:37:f0:af:26:6a:3a:e9:92:a3:fe:bf:ed:
         31:85:6a:9b:09:41:32:51:11:c6:59:0b:a8:b1:99:7d:24:a5:
         32:43:46:ab:16:75:1f:5c:23:b4:20:eb:8a:3d:bf:77:0a:e1:
         47:8f:3d:6b:31:66:92:4b:0d:19:a0:52:fb:5d:ea:f0:5b:eb:
         4a:ec:19:2b:c1:4a:86:31:8f:e7:12:83:ec:84:77:2e:bf:42:
         b8:cd:8c:df:cd:ea:d4:21:b1:57:27:4d:a9:67:73:f5:b2:e0:
         84:df:c8:81:bd:0d:75:46:d4:98:b3:ea:92:1b:df:d2:6c:87:
         46:e1:75:6c:27:88:c7:ec:91:2f:57:3d:a9:5a:32:2e:99:e1:
         e8:a4:57:78:86:24:2a:07:ba:5b:fd:9e:67:8c:3b:07:35:01:
         41:78:3d:57:c1:6d:28:fb:4f:4d:92:f8:3f:38:99:ca:7e:e0:
         54:66:b7:a7:fc:ac:3d:5e:e1:45:11:65:07:20:a4:e8:91:11:
         05:2c:77:0e:6d:35:36:0a:b7:c7:48:e8:1d:a3:57:85:85:92:
         cc:af:05:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzO+dRzHQ7DysfKf61PWsqSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjRmODFiOWUzNmI4NDk5MTc3ODc2NzhkMDE0ZGI0YmZj
ZWYzMTEwHhcNMjQwMTAzMTA1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWJkNGU3MmRiN2NkYTRiY2RkZmZlOTU2MjU3NDlkNTM2MWE2YzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsKkicpm9R9krak8glvZ0kqBx9cY
MCyOtBt8luDKfoxMWe268WNYXAF7m0c9YW83S/Tq4lAtCZbUtWRi0fQzl0AeXqH1
6W55zGnXeyYZSlhCbr/nwGQA/6XW6hjd0PQ2uDC+xBIQ3FEpvX2cFUY+6gPuf2sa
N9cnJW3lNH99fJR0s8g/wZMyfz4EGX8KRotBcF99i/EwW3Qr9kQ/mVaM9j65xwnj
HQAAZn/mx7uaujKTL74o/Qp95w7Itsb/XAWY6hlqDXDsHiHo72quae31SGECkN36
x++w4yG1+axIdp6uVY6qpFq+HM12JXcEECB/7AYGDXeIiLj/DFkJWVOZRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNG9TnLbfNpLzd/+lWJXSdU2Gmw8MB8GA1UdIwQY
MBaAFA5k+BueNrhJkXeHZ40BTbS/zvMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTct
YzhmMTgyZTk1ZWE1LzEvMGIxT2N0dDgya3ZOM182VllsZEoxVFlhYkR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTctYzhmMTgyZTk1ZWE1
LzEvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKjBwAD
MA0GCSqGSIb3DQEBCwUAA4IBAQA5YKYr9kDHDnqdsM2PFpyu2vGobKGc+GgRs+aP
Z0efWXzVjxYW+ZKT00w38K8majrpkqP+v+0xhWqbCUEyURHGWQuosZl9JKUyQ0ar
FnUfXCO0IOuKPb93CuFHjz1rMWaSSw0ZoFL7XerwW+tK7BkrwUqGMY/nEoPshHcu
v0K4zYzfzerUIbFXJ02pZ3P1suCE38iBvQ11RtSYs+qSG9/SbIdG4XVsJ4jH7JEv
Vz2pWjIumeHopFd4hiQqB7pb/Z5njDsHNQFBeD1XwW0o+09Nkvg/OJnKfuBUZren
/Kw9XuFFEWUHIKTokREFLHcObTU2CrfHSOgdo1eFhZLMrwXy
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:01:03 2024 by rpki-client on console-ams.rpki-client.org