Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/VrugHnhXW4HLsQ7euHSkBP3N2lA.roa
File:                     VrugHnhXW4HLsQ7euHSkBP3N2lA.roa (raw, json)
Hash identifier:          cNNkOHuTHA76ZnPJC/E6tzWZFdDsX3267DE/lXJO5NE=
Subject key identifier:   56:BB:A0:1E:78:57:5B:81:CB:B1:0E:DE:B8:74:A4:04:FD:CD:DA:50
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       018FE3D0DF335139E83A5BE9F0EB0E2FA944
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/VrugHnhXW4HLsQ7euHSkBP3N2lA.roa
Signing time:             Tue 04 Jun 2024 15:14:27 +0000
ROA not before:           Tue 04 Jun 2024 15:14:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211481
IP address blocks:        2a12:f8c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:d0:df:33:51:39:e8:3a:5b:e9:f0:eb:0e:2f:a9:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Jun  4 15:14:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56bba01e78575b81cbb10edeb874a404fdcdda50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a9:77:90:fb:eb:eb:9b:50:ba:99:73:85:32:
                    dd:a5:a8:a5:e7:65:7e:14:7f:c5:ef:2e:52:80:5b:
                    60:76:6f:3e:54:47:55:72:32:99:68:34:0b:e5:0d:
                    ce:1e:a9:c3:58:22:ea:9e:70:fd:83:ad:2c:de:05:
                    58:46:29:68:e5:40:3b:c6:94:f3:af:1e:c0:29:aa:
                    88:66:f9:79:f0:8a:2b:ae:8b:e5:4b:45:7f:c1:e1:
                    2c:27:cb:79:a1:ef:f4:1c:22:c7:bd:9a:5a:c3:e3:
                    75:70:ec:59:ac:df:b2:53:37:6a:a8:f7:0c:89:83:
                    fd:cb:b7:9f:6d:b2:c7:44:4a:fb:a8:7f:ab:a4:05:
                    d4:03:c0:55:32:49:0f:c3:c7:d0:4f:de:22:9e:44:
                    2e:ab:36:89:17:01:3b:68:eb:22:73:1b:eb:a1:a3:
                    75:9f:b2:ac:b9:e5:68:93:74:e3:00:33:f2:b4:95:
                    50:2c:ee:6a:56:c8:d5:9b:86:f8:cb:e9:49:62:b8:
                    a6:b0:b8:bd:77:3a:15:72:33:f1:e7:8c:a6:92:3a:
                    03:18:fb:ab:2d:e7:b1:0e:c1:76:a5:a8:6d:8c:a3:
                    9e:2f:9f:8a:06:5a:86:ed:e4:6a:1b:a7:ea:70:0e:
                    74:15:b1:c4:16:42:4c:ca:34:73:38:de:02:06:f7:
                    7a:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:BB:A0:1E:78:57:5B:81:CB:B1:0E:DE:B8:74:A4:04:FD:CD:DA:50
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/VrugHnhXW4HLsQ7euHSkBP3N2lA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:57:3d:48:f9:37:3b:24:b4:b0:86:8b:11:5e:5c:37:81:87:
         7b:7d:fc:f1:33:fe:4c:a2:78:2b:95:fb:4d:35:ba:d8:43:be:
         89:cf:af:03:bd:08:22:e7:68:69:39:5d:76:1f:a1:09:b9:1e:
         bd:c7:4b:b3:f5:13:4e:7d:e2:3a:cb:57:a5:57:f8:21:c2:78:
         df:8c:5c:f2:b4:7b:72:f3:30:83:c6:ee:e3:ca:60:2b:40:ba:
         f7:73:ea:2b:e1:f2:29:34:fb:79:e3:8b:39:f4:e6:2f:78:ba:
         c0:15:f9:10:f1:a0:14:09:bc:57:3c:5e:3a:6b:62:cf:50:d2:
         e2:d3:a4:e7:2e:82:37:17:9c:2e:ef:ac:3a:6a:27:dc:d8:44:
         8e:cf:8a:3a:2d:6a:0d:b9:12:b8:88:b5:72:76:e7:4b:f3:97:
         72:41:fe:80:af:09:c1:61:d7:b2:61:b9:ab:5f:a4:27:33:8a:
         72:55:5b:f0:ca:27:2e:e4:a1:f9:7b:b7:06:c7:6e:e9:7e:e6:
         0e:be:02:2b:03:66:05:78:53:c7:f2:2e:3d:af:1e:df:e5:04:
         52:56:1f:b0:65:b6:0d:9e:a6:be:8f:68:ba:d4:3c:c3:7d:e3:
         e8:19:f5:d9:58:e2:da:b6:e3:e5:0a:14:af:72:c9:82:37:fe:
         33:a1:da:03
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/j0N8zUTnoOlvp8OsOL6lEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjQwNjA0MTUxNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmJiYTAxZTc4NTc1YjgxY2JiMTBlZGViODc0YTQwNGZkY2RkYTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmal3kPvr65tQuplzhTLdpail52V+
FH/F7y5SgFtgdm8+VEdVcjKZaDQL5Q3OHqnDWCLqnnD9g60s3gVYRilo5UA7xpTz
rx7AKaqIZvl58IorrovlS0V/weEsJ8t5oe/0HCLHvZpaw+N1cOxZrN+yUzdqqPcM
iYP9y7efbbLHREr7qH+rpAXUA8BVMkkPw8fQT94inkQuqzaJFwE7aOsicxvroaN1
n7KsueVok3TjADPytJVQLO5qVsjVm4b4y+lJYrimsLi9dzoVcjPx54ymkjoDGPur
LeexDsF2pahtjKOeL5+KBlqG7eRqG6fqcA50FbHEFkJMyjRzON4CBvd6jQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFa7oB54V1uBy7EO3rh0pAT9zdpQMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvVnJ1Z0huaFhXNEhMc1E3ZXVIU2tCUDNOMmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhL4wDAN
BgkqhkiG9w0BAQsFAAOCAQEAIlc9SPk3OyS0sIaLEV5cN4GHe3388TP+TKJ4K5X7
TTW62EO+ic+vA70IIudoaTlddh+hCbkevcdLs/UTTn3iOstXpVf4IcJ434xc8rR7
cvMwg8bu48pgK0C693PqK+HyKTT7eeOLOfTmL3i6wBX5EPGgFAm8VzxeOmtiz1DS
4tOk5y6CNxecLu+sOmon3NhEjs+KOi1qDbkSuIi1cnbnS/OXckH+gK8JwWHXsmG5
q1+kJzOKclVb8MonLuSh+Xu3Bsdu6X7mDr4CKwNmBXhTx/IuPa8e3+UEUlYfsGW2
DZ6mvo9outQ8w33j6Bn12Vji2rbj5QoUr3LJgjf+M6HaAw==
-----END CERTIFICATE-----