Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/2lGxO5S6N5JzdFz5fqL2YbXetjg.roa
File:                     2lGxO5S6N5JzdFz5fqL2YbXetjg.roa (raw, json)
Hash identifier:          kOHb7SOrDYaEoIK89xPYc307qiAp8kj27AdSjzk7Rzw=
Subject key identifier:   DA:51:B1:3B:94:BA:37:92:73:74:5C:F9:7E:A2:F6:61:B5:DE:B6:38
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       0190B7B07A7715B94EA1010C157714830800
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/2lGxO5S6N5JzdFz5fqL2YbXetjg.roa
Signing time:             Mon 15 Jul 2024 18:38:34 +0000
ROA not before:           Mon 15 Jul 2024 18:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212128
IP address blocks:        2a12:1240::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b7:b0:7a:77:15:b9:4e:a1:01:0c:15:77:14:83:08:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Jul 15 18:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da51b13b94ba379273745cf97ea2f661b5deb638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0a:12:6a:44:93:c3:88:ec:45:ac:3c:6f:f8:
                    c5:fa:a1:9b:39:a4:99:75:f6:00:51:58:c3:77:7e:
                    e9:50:60:fd:ec:82:a0:b0:b0:a6:1e:c4:9a:cc:5a:
                    59:be:82:9a:57:05:07:ac:de:03:55:b0:a4:8a:30:
                    65:ad:62:a3:d8:af:42:e7:3f:2f:cb:b1:1a:85:79:
                    23:8e:7a:d1:b0:f4:12:f4:ae:d3:72:90:66:a4:34:
                    c4:27:e3:50:f2:44:c7:e0:67:ce:e7:58:22:3e:31:
                    00:b9:7b:1a:e7:b9:d5:89:24:03:57:28:b7:57:35:
                    76:00:8d:90:60:54:c9:9b:3f:92:45:cc:ab:06:2c:
                    5b:f6:62:1d:0d:44:b2:96:39:72:60:dd:e0:88:57:
                    7e:0c:3e:a7:09:ba:a2:68:6e:a0:ed:aa:c3:96:3b:
                    52:76:f8:dd:5b:c7:a1:c2:21:83:2a:5c:99:88:74:
                    f7:65:9e:9c:37:ba:6b:f2:75:7f:56:a4:16:d5:72:
                    b7:2e:61:dd:07:6b:36:84:0e:65:5d:f5:0a:79:fb:
                    3c:93:c8:2d:00:2b:3c:82:18:91:12:ad:f4:73:f7:
                    7d:e8:05:8f:3b:d7:5a:ba:d0:74:1a:dd:56:48:d1:
                    07:a6:91:30:56:87:7f:6c:0a:e7:91:1d:64:2c:23:
                    8b:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:51:B1:3B:94:BA:37:92:73:74:5C:F9:7E:A2:F6:61:B5:DE:B6:38
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/2lGxO5S6N5JzdFz5fqL2YbXetjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1240::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:05:3e:1d:25:17:66:91:d9:14:15:8b:28:6c:a6:ff:2e:b1:
         57:af:0f:7e:0f:45:d3:80:b8:7d:33:0c:ac:db:30:25:89:5e:
         5b:ea:f8:e5:bc:8c:d4:bd:34:ab:f3:2e:b8:f1:13:76:37:36:
         0c:37:3f:09:40:00:00:b6:e9:e4:4f:32:ee:91:8a:4a:0e:fb:
         bd:c5:c2:8b:b1:21:7d:9c:d2:9f:1d:88:eb:85:d1:dc:1f:f9:
         b9:e7:20:84:1f:1c:f0:d6:0d:04:b4:f4:8f:ca:6b:fc:3c:51:
         7b:19:48:b5:46:99:c8:24:b3:7a:5a:cf:14:5e:12:39:67:f2:
         70:0a:a0:04:15:cf:73:6e:84:27:b2:69:40:3a:7e:05:dc:6b:
         6c:12:c9:3f:f5:27:83:87:6a:a5:65:56:ba:74:6a:48:36:53:
         36:33:da:73:2f:ac:45:1f:7a:93:af:b4:b7:73:c9:18:d9:8a:
         df:a5:ba:f7:84:2f:d5:7e:df:e8:2e:ad:4e:0a:b0:b3:41:47:
         29:15:8e:9c:89:ee:4f:1e:8c:f1:e4:9d:9a:b7:b3:9a:de:8b:
         e8:ab:81:90:9e:e4:19:53:a0:2d:b2:e5:0c:bb:f1:25:f0:49:
         ae:9c:83:50:be:5f:b9:df:1f:7e:6f:81:31:d5:d9:97:f6:78:
         c4:61:be:b6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZC3sHp3FblOoQEMFXcUgwgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwNzE1MTgzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTUxYjEzYjk0YmEzNzkyNzM3NDVjZjk3ZWEyZjY2MWI1ZGViNjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgoSakSTw4jsRaw8b/jF+qGbOaSZ
dfYAUVjDd37pUGD97IKgsLCmHsSazFpZvoKaVwUHrN4DVbCkijBlrWKj2K9C5z8v
y7EahXkjjnrRsPQS9K7TcpBmpDTEJ+NQ8kTH4GfO51giPjEAuXsa57nViSQDVyi3
VzV2AI2QYFTJmz+SRcyrBixb9mIdDUSyljlyYN3giFd+DD6nCbqiaG6g7arDljtS
dvjdW8ehwiGDKlyZiHT3ZZ6cN7pr8nV/VqQW1XK3LmHdB2s2hA5lXfUKefs8k8gt
ACs8ghiREq30c/d96AWPO9dautB0Gt1WSNEHppEwVod/bArnkR1kLCOLeQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNpRsTuUujeSc3Rc+X6i9mG13rY4MB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvMmxHeE81UzZONUp6ZEZ6NWZxTDJZYlhldGpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhISQDAN
BgkqhkiG9w0BAQsFAAOCAQEAXwU+HSUXZpHZFBWLKGym/y6xV68Pfg9F04C4fTMM
rNswJYleW+r45byM1L00q/MuuPETdjc2DDc/CUAAALbp5E8y7pGKSg77vcXCi7Eh
fZzSnx2I64XR3B/5uecghB8c8NYNBLT0j8pr/DxRexlItUaZyCSzelrPFF4SOWfy
cAqgBBXPc26EJ7JpQDp+BdxrbBLJP/Ung4dqpWVWunRqSDZTNjPacy+sRR96k6+0
t3PJGNmK36W694Qv1X7f6C6tTgqws0FHKRWOnInuTx6M8eSdmrezmt6L6KuBkJ7k
GVOgLbLlDLvxJfBJrpyDUL5fud8ffm+BMdXZl/Z4xGG+tg==
-----END CERTIFICATE-----