Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/ToGHCxRVdFUWnpGdnrfbMKzlvxg.roa
File:                     ToGHCxRVdFUWnpGdnrfbMKzlvxg.roa (raw, json)
Hash identifier:          tGNnd8wkvpVJROheC5j7tf9Q1+mWYOeLk8U5qdNDhTU=
Subject key identifier:   4E:81:87:0B:14:55:74:55:16:9E:91:9D:9E:B7:DB:30:AC:E5:BF:18
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       018FE3D0DEAF85FABC69F1F29AD5416F12F2
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/ToGHCxRVdFUWnpGdnrfbMKzlvxg.roa
Signing time:             Tue 04 Jun 2024 15:14:27 +0000
ROA not before:           Tue 04 Jun 2024 15:14:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10104
IP address blocks:        2a12:f8c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:d0:de:af:85:fa:bc:69:f1:f2:9a:d5:41:6f:12:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Jun  4 15:14:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e81870b14557455169e919d9eb7db30ace5bf18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:37:85:e6:b4:60:1a:65:3a:f8:d6:15:44:65:
                    e6:a4:07:3b:fe:df:cc:e7:46:aa:24:a6:9f:80:d8:
                    30:53:cc:ff:3f:9f:65:24:0d:fb:c7:93:8b:e2:16:
                    78:71:3e:b5:18:dd:32:38:42:f9:97:91:1d:48:09:
                    68:37:6b:92:44:4c:00:a9:4e:26:15:e4:ff:02:c0:
                    8b:8e:64:97:ea:fc:c2:27:88:9b:0d:6d:eb:f9:7b:
                    71:1d:70:db:eb:3c:e9:46:19:f2:16:9f:6e:1d:41:
                    ea:6a:c5:00:a3:90:e1:84:52:34:4d:8c:f9:ca:37:
                    86:05:49:15:6b:db:ff:20:65:8b:7f:bb:94:55:53:
                    be:4c:19:de:dd:76:17:40:da:ff:c9:84:95:b9:c3:
                    02:a2:90:75:c7:f5:b3:70:ac:19:b0:05:bf:e1:97:
                    99:f6:a9:d4:14:63:df:a8:09:04:55:3f:41:ec:34:
                    3b:3f:98:f2:8d:3f:15:41:b9:ef:58:75:e9:f9:08:
                    1f:a8:e1:f8:40:ea:a4:67:89:2b:3f:0e:98:95:41:
                    52:47:ae:22:05:31:fd:c1:db:b2:8f:e5:5b:c9:ff:
                    c8:15:12:66:ad:93:50:2a:68:0a:2e:c5:a9:bb:db:
                    65:09:6a:49:bb:cf:4d:a2:84:65:92:c6:af:37:96:
                    5c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:81:87:0B:14:55:74:55:16:9E:91:9D:9E:B7:DB:30:AC:E5:BF:18
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/ToGHCxRVdFUWnpGdnrfbMKzlvxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:9b:76:b0:e1:68:4f:56:f8:63:58:1e:4a:3d:d2:65:0e:14:
         a1:a7:2a:6b:74:1a:3d:72:c3:fa:e1:7b:7f:dd:f0:49:39:83:
         4c:79:15:b0:42:34:ed:a0:07:18:54:a8:02:58:3f:17:3f:3c:
         d6:d2:0c:bd:ec:0c:ca:02:d5:74:2e:c7:76:4e:43:27:bd:4a:
         d9:5c:83:ce:78:2e:17:1d:57:80:d9:5d:8a:85:32:02:ea:d5:
         9a:e7:04:8b:90:8d:2a:e1:3b:07:66:a5:f7:69:cb:ff:7f:96:
         df:22:ce:73:14:18:49:61:de:c2:46:d3:35:c9:6c:60:5e:e5:
         aa:49:d1:d2:1b:ff:e6:5f:90:62:2a:64:44:88:be:78:db:c8:
         ad:e0:81:df:79:77:a5:a8:77:59:3c:bf:63:eb:21:e3:da:43:
         f7:44:b4:62:f7:61:80:b6:5a:e0:7a:d6:89:49:b0:56:36:f5:
         71:5e:fd:48:6b:e4:bc:c2:53:7d:f5:4e:38:33:89:27:96:1d:
         87:27:59:ef:72:df:05:61:2a:96:15:80:a4:af:5e:5e:87:0b:
         32:76:b4:a4:92:69:57:11:ef:14:31:27:3d:2e:96:db:93:a7:
         6f:4f:a4:c1:dc:f2:6c:e2:03:84:89:5f:b3:fc:ba:1e:48:4a:
         f7:0f:26:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/j0N6vhfq8afHymtVBbxLyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjQwNjA0MTUxNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTgxODcwYjE0NTU3NDU1MTY5ZTkxOWQ5ZWI3ZGIzMGFjZTViZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTeF5rRgGmU6+NYVRGXmpAc7/t/M
50aqJKafgNgwU8z/P59lJA37x5OL4hZ4cT61GN0yOEL5l5EdSAloN2uSREwAqU4m
FeT/AsCLjmSX6vzCJ4ibDW3r+XtxHXDb6zzpRhnyFp9uHUHqasUAo5DhhFI0TYz5
yjeGBUkVa9v/IGWLf7uUVVO+TBne3XYXQNr/yYSVucMCopB1x/WzcKwZsAW/4ZeZ
9qnUFGPfqAkEVT9B7DQ7P5jyjT8VQbnvWHXp+QgfqOH4QOqkZ4krPw6YlUFSR64i
BTH9wduyj+Vbyf/IFRJmrZNQKmgKLsWpu9tlCWpJu89NooRlksavN5ZchwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE6BhwsUVXRVFp6RnZ632zCs5b8YMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvVG9HSEN4UlZkRlVXbnBHZG5yZmJNS3psdnhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhL4wDAN
BgkqhkiG9w0BAQsFAAOCAQEAeJt2sOFoT1b4Y1geSj3SZQ4Uoacqa3QaPXLD+uF7
f93wSTmDTHkVsEI07aAHGFSoAlg/Fz881tIMvewMygLVdC7Hdk5DJ71K2VyDzngu
Fx1XgNldioUyAurVmucEi5CNKuE7B2al92nL/3+W3yLOcxQYSWHewkbTNclsYF7l
qknR0hv/5l+QYipkRIi+eNvIreCB33l3pah3WTy/Y+sh49pD90S0YvdhgLZa4HrW
iUmwVjb1cV79SGvkvMJTffVOODOJJ5YdhydZ73LfBWEqlhWApK9eXocLMna0pJJp
VxHvFDEnPS6W25Onb0+kwdzybOIDhIlfs/y6HkhK9w8m/Q==
-----END CERTIFICATE-----