Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/TiGKxumKNOdpmFEy0nFQeB-Sl5Q.roa
File:                     TiGKxumKNOdpmFEy0nFQeB-Sl5Q.roa (raw, json)
Hash identifier:          5WZMAvso2vSfxM/Vfx+0ariJIeccIct/su+/Fvw9xds=
Subject key identifier:   4E:21:8A:C6:E9:8A:34:E7:69:98:51:32:D2:71:50:78:1F:92:97:94
Certificate issuer:       /CN=0e64f81b9e36b849917787678d014db4bfcef311
Certificate serial:       018CCEF9D36BE002D480A924DD4BE0039EE5
Authority key identifier: 0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/TiGKxumKNOdpmFEy0nFQeB-Sl5Q.roa
Signing time:             Wed 03 Jan 2024 10:58:48 +0000
ROA not before:           Wed 03 Jan 2024 10:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134666
IP address blocks:        2a12:a307:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:f9:d3:6b:e0:02:d4:80:a9:24:dd:4b:e0:03:9e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e64f81b9e36b849917787678d014db4bfcef311
        Validity
            Not Before: Jan  3 10:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e218ac6e98a34e769985132d27150781f929794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:49:f1:6c:68:6b:84:23:4f:f6:8d:f7:5b:8c:
                    94:de:43:2b:82:64:83:c7:0c:8f:a1:94:5e:35:6e:
                    1a:77:f9:3b:7f:58:17:22:0e:e5:d0:ec:7b:d1:a2:
                    80:a0:fb:a1:df:b6:ed:58:aa:aa:4d:a4:ac:9a:eb:
                    cf:91:70:4c:00:47:4d:b9:94:72:da:8c:13:e9:80:
                    cc:9e:1e:af:14:37:b0:48:49:f8:1b:35:15:a6:d7:
                    54:8b:25:d2:ad:8b:ca:f9:f1:0a:ee:f9:0c:cf:be:
                    e1:60:2d:0c:13:ac:66:10:e1:e7:8e:8e:6a:fb:36:
                    90:0b:36:cf:72:59:11:f2:54:d5:94:52:20:74:00:
                    78:7c:93:32:4d:ed:03:08:ef:ba:38:34:6f:23:bd:
                    4f:1c:d2:86:99:82:fa:41:76:9d:30:3e:ca:b5:1e:
                    e1:81:ed:bb:33:af:e7:d3:0f:82:ab:db:88:9f:91:
                    ff:c4:3c:99:91:d6:9d:45:bc:8c:e2:ca:55:60:66:
                    6d:b9:0c:e9:3e:85:cf:4b:d9:6c:cc:42:66:d5:62:
                    98:bb:7a:5c:25:ef:88:40:d9:a0:cb:e4:b9:bc:cb:
                    56:f2:ea:1f:91:cd:29:b7:68:22:06:8d:a8:a5:aa:
                    69:4c:e1:20:5c:73:8c:18:6c:34:f1:79:98:ea:82:
                    60:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:21:8A:C6:E9:8A:34:E7:69:98:51:32:D2:71:50:78:1F:92:97:94
            X509v3 Authority Key Identifier:
                keyid:0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/TiGKxumKNOdpmFEy0nFQeB-Sl5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a307:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:64:59:4d:06:3d:a5:66:98:84:bd:fb:b9:20:94:29:53:df:
         e5:1b:11:64:81:6d:f7:31:d4:d9:ce:ea:c5:66:60:cf:9d:3a:
         75:e8:c8:f4:bf:74:c0:73:a3:bf:76:02:be:ab:ba:f6:7e:1a:
         ae:d7:6d:70:79:0d:a2:70:60:b3:84:a6:f3:dc:cc:da:82:1a:
         e5:07:fb:ab:49:ec:69:d2:91:f4:69:cf:2f:da:33:d6:ce:ff:
         b5:f5:b2:68:05:1e:d6:47:49:f1:e1:2d:12:82:aa:cd:97:2f:
         ba:5c:d3:dd:02:2a:41:e7:7a:04:be:05:75:0a:79:45:cf:cb:
         45:87:04:be:e7:5c:0c:c6:fd:6d:8c:59:1a:9e:44:b3:b5:39:
         47:7f:4f:6e:cd:5b:6d:38:bf:c3:e5:06:3d:a6:7c:be:1a:ff:
         50:63:9a:46:3c:af:12:b6:19:56:70:eb:71:83:a6:db:90:53:
         a9:ad:d0:9b:2e:83:d2:8c:82:e7:3b:b7:b6:dd:93:27:1f:6a:
         d0:91:f5:be:7e:21:64:94:ba:ce:98:ae:16:8f:13:1c:2f:e5:
         6d:b3:5a:72:7c:31:c6:7f:37:94:18:78:ca:e8:bd:30:1e:48:
         45:92:ee:11:9e:e4:f0:2b:57:df:c5:f8:f8:a9:ae:7e:03:aa:
         57:19:22:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzO+dNr4ALUgKkk3UvgA57lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjRmODFiOWUzNmI4NDk5MTc3ODc2NzhkMDE0ZGI0YmZj
ZWYzMTEwHhcNMjQwMTAzMTA1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTIxOGFjNmU5OGEzNGU3Njk5ODUxMzJkMjcxNTA3ODFmOTI5Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUnxbGhrhCNP9o33W4yU3kMrgmSD
xwyPoZReNW4ad/k7f1gXIg7l0Ox70aKAoPuh37btWKqqTaSsmuvPkXBMAEdNuZRy
2owT6YDMnh6vFDewSEn4GzUVptdUiyXSrYvK+fEK7vkMz77hYC0ME6xmEOHnjo5q
+zaQCzbPclkR8lTVlFIgdAB4fJMyTe0DCO+6ODRvI71PHNKGmYL6QXadMD7KtR7h
ge27M6/n0w+Cq9uIn5H/xDyZkdadRbyM4spVYGZtuQzpPoXPS9lszEJm1WKYu3pc
Je+IQNmgy+S5vMtW8uofkc0pt2giBo2opappTOEgXHOMGGw08XmY6oJgOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE4hisbpijTnaZhRMtJxUHgfkpeUMB8GA1UdIwQY
MBaAFA5k+BueNrhJkXeHZ40BTbS/zvMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTct
YzhmMTgyZTk1ZWE1LzEvVGlHS3h1bUtOT2RwbUZFeTBuRlFlQi1TbDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTctYzhmMTgyZTk1ZWE1
LzEvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKjBwAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBlZFlNBj2lZpiEvfu5IJQpU9/lGxFkgW33MdTZ
zurFZmDPnTp16Mj0v3TAc6O/dgK+q7r2fhqu121weQ2icGCzhKbz3MzaghrlB/ur
Sexp0pH0ac8v2jPWzv+19bJoBR7WR0nx4S0SgqrNly+6XNPdAipB53oEvgV1CnlF
z8tFhwS+51wMxv1tjFkankSztTlHf09uzVttOL/D5QY9pny+Gv9QY5pGPK8SthlW
cOtxg6bbkFOprdCbLoPSjILnO7e23ZMnH2rQkfW+fiFklLrOmK4WjxMcL+Vts1py
fDHGfzeUGHjK6L0wHkhFku4RnuTwK1ffxfj4qa5+A6pXGSKm
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:50:51 2024 by rpki-client on console-fra.rpki-client.org