Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/lMwdxLB2aYNUiUDzPIrGiTLw6o0.roa
File:                     lMwdxLB2aYNUiUDzPIrGiTLw6o0.roa (raw, json)
Hash identifier:          +e941d5JqkU73awJvrX/JDw/R6fViyjAoFYp/d21f4U=
Subject key identifier:   94:CC:1D:C4:B0:76:69:83:54:89:40:F3:3C:8A:C6:89:32:F0:EA:8D
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       018CC3B742B060947BF763DEABDBA76E6CEB
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/lMwdxLB2aYNUiUDzPIrGiTLw6o0.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35543
IP address blocks:        2a12:a4c1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:42:b0:60:94:7b:f7:63:de:ab:db:a7:6e:6c:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94cc1dc4b0766983548940f33c8ac68932f0ea8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d4:68:2c:01:88:34:4a:cb:44:13:9f:5a:c4:
                    af:0a:d5:02:6b:6a:0b:9d:1a:85:71:47:f0:ef:40:
                    cf:0d:d0:a3:56:ac:93:06:be:32:61:c8:42:c9:31:
                    46:8b:a5:11:46:09:c2:9d:68:8b:48:4b:c2:cc:62:
                    63:76:0d:db:67:b2:96:e2:6e:07:d7:36:e8:f5:d3:
                    47:a8:7a:39:30:7e:15:d0:e0:50:5d:a9:90:0b:c3:
                    39:31:0c:ad:dd:e7:b3:60:81:dd:b0:6d:5c:55:41:
                    aa:06:78:f9:62:72:a5:58:5e:23:39:96:a1:25:17:
                    cc:8f:94:6a:ff:60:eb:58:71:b0:ea:a5:27:f3:80:
                    f2:ea:86:de:91:e0:ee:3d:81:62:13:d6:19:54:b3:
                    c0:c9:91:7c:fb:99:1d:9f:55:75:62:62:3c:c6:d1:
                    89:57:b7:cc:52:27:f6:b1:2e:d7:47:3a:04:81:e5:
                    37:2e:cd:2a:ce:3c:19:7a:20:21:8f:6f:95:1a:f4:
                    69:4b:38:dd:cb:35:fb:dd:c3:5e:f3:fe:c1:5c:1b:
                    85:5d:39:77:c5:76:4f:06:0c:96:cd:89:49:bf:84:
                    2c:d4:81:2b:bd:14:3c:ba:92:d0:90:4a:4e:76:e9:
                    3a:97:a0:05:8a:5f:a5:e7:0b:b9:44:ff:62:05:ea:
                    2a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:CC:1D:C4:B0:76:69:83:54:89:40:F3:3C:8A:C6:89:32:F0:EA:8D
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/lMwdxLB2aYNUiUDzPIrGiTLw6o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a4c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:38:6d:8d:25:1c:b2:ea:57:2e:03:81:d8:82:37:8e:d7:ae:
         22:51:a2:0d:01:e1:79:00:d2:18:f1:5a:ce:fd:57:79:66:e2:
         71:66:95:3d:2e:c9:09:70:f6:a4:19:31:e9:a2:7a:ca:35:c4:
         2d:64:ee:b3:f0:55:86:f2:cc:27:7f:26:e7:81:bd:5d:1b:27:
         b0:c8:0d:bc:a4:bc:7f:ba:1a:23:62:97:a3:a3:09:9c:9e:5d:
         08:10:42:9b:75:7b:f6:20:fd:eb:d1:8c:a5:7e:b2:67:2a:4c:
         45:b6:2f:b2:54:32:fa:d9:14:27:86:6f:37:a7:f3:68:89:36:
         95:55:f3:f6:68:22:40:a5:b3:c9:94:8f:10:d1:89:e0:b9:e2:
         08:3d:8a:4b:36:1c:8e:e9:82:f5:bc:3c:b1:df:d9:01:ef:96:
         b1:65:73:d9:9a:84:72:9a:54:48:92:c4:87:f6:cc:f1:07:1b:
         10:47:99:cb:ef:84:2b:26:c9:4c:78:54:de:67:48:d2:7f:c9:
         08:1a:1d:7f:13:26:ad:6a:29:ab:16:22:55:ad:07:95:65:74:
         eb:a4:48:10:28:72:f9:ab:f7:31:28:66:f0:43:36:9b:22:51:
         b2:9f:3e:a8:fb:0a:b6:aa:3c:1a:37:ef:7e:97:4c:f8:d3:2d:
         a4:d4:d4:f0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDt0KwYJR792Peq9unbmzrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGNjMWRjNGIwNzY2OTgzNTQ4OTQwZjMzYzhhYzY4OTMyZjBlYThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9RoLAGINErLRBOfWsSvCtUCa2oL
nRqFcUfw70DPDdCjVqyTBr4yYchCyTFGi6URRgnCnWiLSEvCzGJjdg3bZ7KW4m4H
1zbo9dNHqHo5MH4V0OBQXamQC8M5MQyt3eezYIHdsG1cVUGqBnj5YnKlWF4jOZah
JRfMj5Rq/2DrWHGw6qUn84Dy6obekeDuPYFiE9YZVLPAyZF8+5kdn1V1YmI8xtGJ
V7fMUif2sS7XRzoEgeU3Ls0qzjwZeiAhj2+VGvRpSzjdyzX73cNe8/7BXBuFXTl3
xXZPBgyWzYlJv4Qs1IErvRQ8upLQkEpOduk6l6AFil+l5wu5RP9iBeoqhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJTMHcSwdmmDVIlA8zyKxoky8OqNMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvbE13ZHhMQjJhWU5VaVVEelBJckdpVEx3Nm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhKkwTAN
BgkqhkiG9w0BAQsFAAOCAQEADzhtjSUcsupXLgOB2II3jteuIlGiDQHheQDSGPFa
zv1XeWbicWaVPS7JCXD2pBkx6aJ6yjXELWTus/BVhvLMJ38m54G9XRsnsMgNvKS8
f7oaI2KXo6MJnJ5dCBBCm3V79iD969GMpX6yZypMRbYvslQy+tkUJ4ZvN6fzaIk2
lVXz9mgiQKWzyZSPENGJ4LniCD2KSzYcjumC9bw8sd/ZAe+WsWVz2ZqEcppUSJLE
h/bM8QcbEEeZy++EKybJTHhU3mdI0n/JCBodfxMmrWopqxYiVa0HlWV066RIEChy
+av3MShm8EM2myJRsp8+qPsKtqo8GjfvfpdM+NMtpNTU8A==
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:49:29 2024 by rpki-client on console-fra.rpki-client.org