Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/NC3sYzNFN8i9TVh_eV39SZ2eWXQ.roa
File:                     NC3sYzNFN8i9TVh_eV39SZ2eWXQ.roa (raw, json)
Hash identifier:          qoo2VyZd8G5q1Eou5/sqdXMXTU3awvOCuRoUXpV/5kg=
Subject key identifier:   34:2D:EC:63:33:45:37:C8:BD:4D:58:7F:79:5D:FD:49:9D:9E:59:74
Certificate issuer:       /CN=a802b73ef4a8b6b0e0883a9c8bc6e7f012db93a0
Certificate serial:       0191D3566EA5F75CEB682586DE2C7627DDDF
Authority key identifier: A8:02:B7:3E:F4:A8:B6:B0:E0:88:3A:9C:8B:C6:E7:F0:12:DB:93:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qAK3PvSotrDgiDqci8bn8BLbk6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/NC3sYzNFN8i9TVh_eV39SZ2eWXQ.roa
Signing time:             Sun 08 Sep 2024 20:32:22 +0000
ROA not before:           Sun 08 Sep 2024 20:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62403
IP address blocks:        2a12:8641:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/qAK3PvSotrDgiDqci8bn8BLbk6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/qAK3PvSotrDgiDqci8bn8BLbk6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qAK3PvSotrDgiDqci8bn8BLbk6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d3:56:6e:a5:f7:5c:eb:68:25:86:de:2c:76:27:dd:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a802b73ef4a8b6b0e0883a9c8bc6e7f012db93a0
        Validity
            Not Before: Sep  8 20:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=342dec63334537c8bd4d587f795dfd499d9e5974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c1:c1:23:d8:c6:06:ec:f1:a1:d5:62:56:ee:
                    2a:8d:67:89:7c:b3:e6:e9:10:8d:d5:5f:d9:de:11:
                    d7:9f:cf:1a:ca:10:59:1d:82:57:22:95:6f:b1:7e:
                    aa:28:a7:e8:eb:95:bf:23:19:3a:32:7a:ce:19:c4:
                    95:51:64:44:d5:90:3f:7e:69:d9:7a:9e:bb:a8:10:
                    ed:d0:3a:39:43:56:6f:7a:bc:90:ec:3e:90:b3:e0:
                    94:6b:12:be:25:91:11:ca:8a:02:e7:ff:cc:68:80:
                    3d:9d:d2:cc:36:a7:d4:dc:10:4b:ae:3c:aa:52:47:
                    a1:de:bf:54:e6:7a:65:34:ce:d1:9d:4a:67:9d:9a:
                    72:e0:0e:db:8b:13:65:ba:b3:3e:c5:76:0a:3e:7d:
                    95:e7:47:0d:d0:fb:3a:f4:df:9a:83:d7:1e:72:8d:
                    46:48:9b:0c:54:5b:54:f6:cb:41:cb:ef:d2:d1:7f:
                    3f:32:ec:21:59:59:e6:9b:19:ef:a0:c9:00:6d:0e:
                    82:43:94:56:0e:a9:87:e9:8e:dd:73:5f:d8:b2:98:
                    48:0a:1d:45:ff:5f:d8:f6:3c:09:59:51:f4:54:83:
                    fb:ca:47:c2:73:4e:de:e4:88:8f:05:c7:fc:2c:ac:
                    06:72:0a:b3:c1:ec:ae:00:80:f8:54:57:4b:ab:a5:
                    be:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:2D:EC:63:33:45:37:C8:BD:4D:58:7F:79:5D:FD:49:9D:9E:59:74
            X509v3 Authority Key Identifier:
                keyid:A8:02:B7:3E:F4:A8:B6:B0:E0:88:3A:9C:8B:C6:E7:F0:12:DB:93:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qAK3PvSotrDgiDqci8bn8BLbk6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/NC3sYzNFN8i9TVh_eV39SZ2eWXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/qAK3PvSotrDgiDqci8bn8BLbk6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8641:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:d2:3c:28:1f:06:80:ab:83:7f:04:b5:2a:9a:7f:ef:e1:0c:
         dc:8e:f0:22:62:f7:d0:8a:e6:bf:6c:b6:56:9d:7f:fc:13:b2:
         e3:41:75:81:7c:40:19:1a:73:b9:37:ce:a4:14:61:26:c2:5b:
         e8:25:76:71:27:31:8e:71:38:4b:bd:6b:3d:9e:fc:74:8a:e9:
         98:95:12:45:06:3f:7d:c3:f8:0d:86:55:8d:0e:92:b3:64:ff:
         52:be:a1:ae:7f:49:0a:51:17:88:64:fc:78:79:5f:36:0f:75:
         e7:c6:ef:b8:e4:11:82:b1:d1:0d:a2:e8:36:c4:f1:69:c4:25:
         b0:9a:aa:80:9e:99:d4:6b:ea:47:a2:77:c4:84:24:2f:ad:90:
         f3:c3:32:b0:18:dd:fc:b7:0d:b8:e3:e4:f0:91:06:ed:ae:c6:
         9e:28:8d:dc:63:e9:6a:52:86:82:e6:6b:ce:a0:5a:ff:65:10:
         d0:a6:d5:2e:89:d1:2f:63:f2:3e:f8:cf:ab:72:f8:4a:4d:de:
         e8:d0:6d:4b:97:98:dd:18:24:a0:dc:43:4e:f4:c7:01:9c:78:
         e2:b4:51:d5:34:d6:89:fb:fc:6c:df:1b:62:30:5a:76:8e:82:
         ee:73:d4:b7:a9:b0:50:88:60:67:22:36:9e:5a:0a:32:a3:ef:
         bf:e1:e3:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHTVm6l91zraCWG3ix2J93fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MDJiNzNlZjRhOGI2YjBlMDg4M2E5YzhiYzZlN2YwMTJk
YjkzYTAwHhcNMjQwOTA4MjAzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDJkZWM2MzMzNDUzN2M4YmQ0ZDU4N2Y3OTVkZmQ0OTlkOWU1OTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MHBI9jGBuzxodViVu4qjWeJfLPm
6RCN1V/Z3hHXn88ayhBZHYJXIpVvsX6qKKfo65W/Ixk6MnrOGcSVUWRE1ZA/fmnZ
ep67qBDt0Do5Q1ZveryQ7D6Qs+CUaxK+JZERyooC5//MaIA9ndLMNqfU3BBLrjyq
Ukeh3r9U5nplNM7RnUpnnZpy4A7bixNlurM+xXYKPn2V50cN0Ps69N+ag9ceco1G
SJsMVFtU9stBy+/S0X8/MuwhWVnmmxnvoMkAbQ6CQ5RWDqmH6Y7dc1/YsphICh1F
/1/Y9jwJWVH0VIP7ykfCc07e5IiPBcf8LKwGcgqzweyuAID4VFdLq6W+nQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDQt7GMzRTfIvU1Yf3ld/Umdnll0MB8GA1UdIwQY
MBaAFKgCtz70qLaw4Ig6nIvG5/AS25OgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUFLM1B2U290ckRnaURxY2k4Ym44QkxiazZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy83YzA3ZTgtM2I4Yy00YzkzLTlhMDgt
YTkwOWNiMGExMzhmLzEvTkMzc1l6TkZOOGk5VFZoX2VWMzlTWjJlV1hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy83YzA3ZTgtM2I4Yy00YzkzLTlhMDgtYTkwOWNiMGExMzhm
LzEvcUFLM1B2U290ckRnaURxY2k4Ym44QkxiazZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKGQQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCD0jwoHwaAq4N/BLUqmn/v4QzcjvAiYvfQiua/
bLZWnX/8E7LjQXWBfEAZGnO5N86kFGEmwlvoJXZxJzGOcThLvWs9nvx0iumYlRJF
Bj99w/gNhlWNDpKzZP9SvqGuf0kKUReIZPx4eV82D3Xnxu+45BGCsdENoug2xPFp
xCWwmqqAnpnUa+pHonfEhCQvrZDzwzKwGN38tw244+TwkQbtrsaeKI3cY+lqUoaC
5mvOoFr/ZRDQptUuidEvY/I++M+rcvhKTd7o0G1Ll5jdGCSg3ENO9McBnHjitFHV
NNaJ+/xs3xtiMFp2joLuc9S3qbBQiGBnIjaeWgoyo++/4eNC
-----END CERTIFICATE-----