Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/PwJePG2n4mhivtwcVSIbUFF1Ejs.roa
File:                     PwJePG2n4mhivtwcVSIbUFF1Ejs.roa (raw, json)
Hash identifier:          2KV2/DIkXsqX8IXnRV4lriIxGq0qfQk2+YFskJXgijE=
Subject key identifier:   3F:02:5E:3C:6D:A7:E2:68:62:BE:DC:1C:55:22:1B:50:51:75:12:3B
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       018FE3D0DEF3E803A7CD5519D85FAE789AE0
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/PwJePG2n4mhivtwcVSIbUFF1Ejs.roa
Signing time:             Tue 04 Jun 2024 15:14:27 +0000
ROA not before:           Tue 04 Jun 2024 15:14:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142418
IP address blocks:        2a12:f8c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:d0:de:f3:e8:03:a7:cd:55:19:d8:5f:ae:78:9a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Jun  4 15:14:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f025e3c6da7e26862bedc1c55221b505175123b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:30:52:07:5d:5b:6d:67:cf:1b:a4:6a:28:36:
                    78:bf:55:1b:6f:dd:77:b7:ce:b1:ba:cb:c9:8b:67:
                    9a:16:ed:2e:8e:50:f6:cb:b0:97:06:02:e9:67:0f:
                    c8:54:6e:d2:13:cd:62:4f:a2:68:6c:31:14:1d:36:
                    e5:7f:78:ab:b1:f1:ed:ce:94:f7:26:66:82:4d:c9:
                    02:cb:8a:e8:f8:8c:55:15:64:c8:77:05:89:26:7c:
                    f0:bd:0f:17:d2:a8:ac:6d:f0:8c:0c:dc:b8:4e:52:
                    a5:a8:cb:47:1a:52:90:cb:e5:fe:6b:3a:40:4e:1f:
                    85:2d:b0:8b:5e:9e:2a:58:c9:f5:bc:e2:d7:92:b0:
                    08:e4:07:50:18:d7:08:66:25:c8:22:90:e9:33:5d:
                    68:b8:e6:c1:79:a9:08:d7:0c:ed:e9:f6:20:cc:71:
                    a4:f5:d6:68:81:a3:c2:77:91:5c:f7:32:71:49:65:
                    f2:4d:57:d3:21:77:c4:c9:64:ef:cd:df:5e:59:c7:
                    ee:c4:d7:5c:fa:4c:73:fe:a7:dd:57:9e:f9:78:9c:
                    ca:a5:02:2d:33:66:a9:a8:50:20:5b:bd:71:d3:d3:
                    a2:f4:d1:c4:4b:58:99:18:f4:df:9b:ce:27:7c:ba:
                    b5:11:a1:9d:13:22:25:41:a5:7b:40:51:fd:36:09:
                    b9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:02:5E:3C:6D:A7:E2:68:62:BE:DC:1C:55:22:1B:50:51:75:12:3B
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/PwJePG2n4mhivtwcVSIbUFF1Ejs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:b9:8e:bd:c7:47:2d:09:3d:4f:d6:d0:8a:58:2d:33:6f:eb:
         c6:99:22:16:4b:81:5f:63:98:53:0e:f2:dd:42:25:22:06:fc:
         df:c6:62:71:1b:63:b4:3c:f5:13:58:e7:80:90:f6:32:d6:bb:
         38:61:44:09:30:22:16:71:ff:23:42:66:88:ab:e1:cf:78:b9:
         e0:c6:72:b9:1a:63:03:17:28:15:c5:d2:92:13:a5:90:5d:5b:
         ba:47:c5:8d:ab:f7:b9:5d:1b:0d:cf:62:e8:2e:6a:19:40:4c:
         f1:2f:8d:ce:f8:3e:1b:45:9a:77:98:74:23:26:1b:80:24:c2:
         b5:da:fe:29:2f:77:bd:cf:93:49:a2:b9:19:f1:56:f9:a8:39:
         0b:f9:b6:97:1d:88:3b:72:e6:7d:f9:92:f6:bc:2b:23:b2:3c:
         33:c0:99:aa:a5:2e:d0:4b:23:52:da:38:fe:4a:9f:a0:d7:8b:
         79:f0:2e:11:73:a7:fc:15:58:4e:c5:17:27:ff:48:0b:f7:75:
         f5:9a:4c:4c:2c:9a:04:d9:9b:ba:ad:0c:64:c7:1a:40:e6:8f:
         b8:a0:36:f7:78:86:57:dd:62:5d:33:23:d4:e9:95:c0:a8:f4:
         a5:1e:c8:95:ca:38:2c:32:07:a7:db:b8:8e:a2:3c:80:ea:db:
         17:38:cf:2f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/j0N7z6AOnzVUZ2F+ueJrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjQwNjA0MTUxNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjAyNWUzYzZkYTdlMjY4NjJiZWRjMWM1NTIyMWI1MDUxNzUxMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TBSB11bbWfPG6RqKDZ4v1Ubb913
t86xusvJi2eaFu0ujlD2y7CXBgLpZw/IVG7SE81iT6JobDEUHTblf3irsfHtzpT3
JmaCTckCy4ro+IxVFWTIdwWJJnzwvQ8X0qisbfCMDNy4TlKlqMtHGlKQy+X+azpA
Th+FLbCLXp4qWMn1vOLXkrAI5AdQGNcIZiXIIpDpM11ouObBeakI1wzt6fYgzHGk
9dZogaPCd5Fc9zJxSWXyTVfTIXfEyWTvzd9eWcfuxNdc+kxz/qfdV575eJzKpQIt
M2apqFAgW71x09Oi9NHES1iZGPTfm84nfLq1EaGdEyIlQaV7QFH9Ngm5CQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD8CXjxtp+JoYr7cHFUiG1BRdRI7MB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvUHdKZVBHMm40bWhpdnR3Y1ZTSWJVRkYxRWpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhL4wDAN
BgkqhkiG9w0BAQsFAAOCAQEAfrmOvcdHLQk9T9bQilgtM2/rxpkiFkuBX2OYUw7y
3UIlIgb838ZicRtjtDz1E1jngJD2Mta7OGFECTAiFnH/I0JmiKvhz3i54MZyuRpj
AxcoFcXSkhOlkF1bukfFjav3uV0bDc9i6C5qGUBM8S+Nzvg+G0Wad5h0IyYbgCTC
tdr+KS93vc+TSaK5GfFW+ag5C/m2lx2IO3LmffmS9rwrI7I8M8CZqqUu0EsjUto4
/kqfoNeLefAuEXOn/BVYTsUXJ/9IC/d19ZpMTCyaBNmbuq0MZMcaQOaPuKA293iG
V91iXTMj1OmVwKj0pR7Ilco4LDIHp9u4jqI8gOrbFzjPLw==
-----END CERTIFICATE-----