Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/3JwmBGKnjUoG4q53CyghuumO_sM.roa
File:                     3JwmBGKnjUoG4q53CyghuumO_sM.roa (raw, json)
Hash identifier:          CvpBZNt85wYGgDpDNYzIThDRWthapFbLa+ijrpt5Qug=
Subject key identifier:   DC:9C:26:04:62:A7:8D:4A:06:E2:AE:77:0B:28:21:BA:E9:8E:FE:C3
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B3ED98084D8781866B9F9C53AC3E4
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/3JwmBGKnjUoG4q53CyghuumO_sM.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209988
IP address blocks:        2a12:3fc2:1200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3e:d9:80:84:d8:78:18:66:b9:f9:c5:3a:c3:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc9c260462a78d4a06e2ae770b2821bae98efec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:96:a7:31:e0:7c:71:02:02:c9:04:16:2b:0d:
                    45:f0:38:71:5e:9b:1c:95:73:af:81:4a:9a:50:15:
                    27:94:4d:5d:d5:d4:c2:e4:f6:e2:96:1c:42:d1:8d:
                    20:93:5e:db:15:4f:39:36:9e:a6:b3:f6:f4:21:37:
                    00:69:69:1d:42:e0:aa:e1:80:52:b7:68:fe:c6:cf:
                    0b:fd:bd:24:bc:5e:7a:93:06:76:2b:ab:a3:1b:d0:
                    a5:9e:dd:17:dc:de:3e:47:ba:39:06:da:f0:12:c1:
                    52:25:b0:63:24:c1:fd:80:16:f0:88:61:b8:6c:35:
                    db:ff:d1:72:20:ad:7f:5e:f1:d6:8d:0c:cc:9c:44:
                    e9:42:25:f2:52:78:85:9e:69:64:2d:05:7c:cb:25:
                    68:32:42:b2:80:5d:71:84:db:9f:b3:15:cd:43:de:
                    4e:c2:5e:3a:a8:b5:0c:2e:dd:74:91:a0:52:a2:a1:
                    ba:7f:97:f3:21:b6:56:e9:7d:ea:af:9e:e5:bd:0a:
                    41:65:8b:ec:d1:26:69:72:c8:6f:2f:7a:83:74:87:
                    b3:1e:c0:3a:cd:98:fc:9b:27:d2:f6:a9:95:68:d2:
                    da:9a:20:e7:79:0e:e7:94:4a:df:ab:dc:b2:a6:6a:
                    27:20:a4:55:9e:3b:e4:db:45:1a:24:11:48:fb:71:
                    eb:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:9C:26:04:62:A7:8D:4A:06:E2:AE:77:0B:28:21:BA:E9:8E:FE:C3
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/3JwmBGKnjUoG4q53CyghuumO_sM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         8c:88:5e:d0:b4:00:2b:d1:d9:19:53:6e:f8:35:df:1a:f2:df:
         99:26:f3:73:48:d5:2d:43:98:ae:67:2e:b7:70:29:7d:e1:d0:
         8e:fc:29:1e:d9:78:e5:9c:2e:5d:e7:5c:39:1f:7c:8d:69:3a:
         c1:a0:e3:39:fc:c9:80:3e:5d:f8:71:fa:3b:d5:73:12:47:b2:
         2a:9a:24:04:18:9a:6b:f1:4b:af:dc:9b:65:4c:81:4f:5d:0d:
         ea:19:f7:f9:72:09:bc:77:47:3a:ec:71:fb:82:6a:69:1a:b5:
         be:8d:78:91:4f:c7:05:78:f0:1a:24:f6:9e:4f:39:70:2b:05:
         89:c3:c2:3f:7f:1c:40:a1:94:56:e8:5a:50:6d:01:92:42:36:
         cc:58:45:ce:a1:71:2a:23:ef:f7:b9:bb:19:55:9e:64:41:b4:
         78:26:04:89:ad:71:6a:0d:91:f6:de:71:7d:54:56:4f:23:eb:
         ff:c0:7b:a9:18:5c:ac:93:f9:3f:4b:e8:a2:4b:f6:7f:cd:b0:
         27:4a:79:fd:3e:0a:b1:d4:02:99:3c:2c:07:ac:6b:4c:04:30:
         79:11:e9:c8:3d:24:ed:e0:da:51:07:bc:b0:b7:9f:ae:e6:ec:
         d3:66:af:bc:62:21:57:c8:cc:b3:e5:9b:77:50:70:1e:c1:95:
         c3:99:8a:46
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSz7ZgITYeBhmufnFOsPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzljMjYwNDYyYTc4ZDRhMDZlMmFlNzcwYjI4MjFiYWU5OGVmZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppanMeB8cQICyQQWKw1F8DhxXpsc
lXOvgUqaUBUnlE1d1dTC5PbilhxC0Y0gk17bFU85Np6ms/b0ITcAaWkdQuCq4YBS
t2j+xs8L/b0kvF56kwZ2K6ujG9Clnt0X3N4+R7o5BtrwEsFSJbBjJMH9gBbwiGG4
bDXb/9FyIK1/XvHWjQzMnETpQiXyUniFnmlkLQV8yyVoMkKygF1xhNufsxXNQ95O
wl46qLUMLt10kaBSoqG6f5fzIbZW6X3qr57lvQpBZYvs0SZpcshvL3qDdIezHsA6
zZj8myfS9qmVaNLamiDneQ7nlErfq9yypmonIKRVnjvk20UaJBFI+3HrIwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNycJgRip41KBuKudwsoIbrpjv7DMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvM0p3bUJHS25qVW9HNHE1M0N5Z2h1dW1PX3NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI/whIw
DQYJKoZIhvcNAQELBQADggEBAIyIXtC0ACvR2RlTbvg13xry35km83NI1S1DmK5n
LrdwKX3h0I78KR7ZeOWcLl3nXDkffI1pOsGg4zn8yYA+Xfhx+jvVcxJHsiqaJAQY
mmvxS6/cm2VMgU9dDeoZ9/lyCbx3RzrscfuCamkatb6NeJFPxwV48Bok9p5POXAr
BYnDwj9/HEChlFboWlBtAZJCNsxYRc6hcSoj7/e5uxlVnmRBtHgmBImtcWoNkfbe
cX1UVk8j6//Ae6kYXKyT+T9L6KJL9n/NsCdKef0+CrHUApk8LAesa0wEMHkR6cg9
JO3g2lEHvLC3n67m7NNmr7xiIVfIzLPlm3dQcB7BlcOZikY=
-----END CERTIFICATE-----
Generated at Mon Nov 25 13:57:20 2024 by rpki-client on console-fra.rpki-client.org