Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/Dy4pP12uhqZW97WTKT0u_K9gFT8.roa
File:                     Dy4pP12uhqZW97WTKT0u_K9gFT8.roa (raw, json)
Hash identifier:          FyUX75cxs/aeEGHEg7Q5eivx+XWrmeDwqDEgHK0f6sA=
Subject key identifier:   0F:2E:29:3F:5D:AE:86:A6:56:F7:B5:93:29:3D:2E:FC:AF:60:15:3F
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B3F8776AC185D2F75292365410A87
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/Dy4pP12uhqZW97WTKT0u_K9gFT8.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210320
IP address blocks:        2a12:3fc2:ee01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3f:87:76:ac:18:5d:2f:75:29:23:65:41:0a:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f2e293f5dae86a656f7b593293d2efcaf60153f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b1:20:cc:1b:4a:c4:07:7a:b1:cc:bf:f3:79:
                    7e:b0:5c:c4:33:9c:25:47:12:47:bb:82:21:71:8f:
                    10:84:57:d0:2d:7a:bb:17:55:75:b7:e2:1e:42:5f:
                    fb:9a:d7:df:f3:c9:99:10:3a:38:aa:64:b2:c2:b7:
                    c2:3d:b0:75:34:6a:88:c4:e1:95:7b:a7:30:fa:4d:
                    b5:45:32:14:66:68:5f:81:c0:2b:65:33:d7:54:c1:
                    ab:8a:58:5a:78:34:a7:55:1c:bc:2d:5b:41:6c:2e:
                    bc:30:21:8b:15:6d:a8:b3:a5:c9:e6:63:5c:7c:fc:
                    cf:e2:38:79:5f:16:53:21:5e:30:3d:12:df:38:b8:
                    71:4e:49:76:26:e1:dc:8a:bd:f8:e0:00:0f:1f:36:
                    5e:e8:65:da:5a:43:32:bc:5e:d8:be:be:d8:2c:e5:
                    f7:e1:58:8a:cb:1e:d3:b4:fb:80:77:5c:34:ba:27:
                    32:b8:35:f6:45:a0:69:1f:49:38:80:d7:1d:ea:df:
                    34:fc:6e:f2:b9:41:05:bd:eb:79:d5:a0:e0:35:46:
                    de:dd:e2:53:6c:29:1d:6a:99:8f:6a:96:da:8b:de:
                    9c:16:19:53:ec:67:05:3c:c8:9e:39:a3:0b:ac:cb:
                    ca:1a:52:9d:a2:ad:eb:bc:7e:3a:b3:96:38:37:3a:
                    c4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:2E:29:3F:5D:AE:86:A6:56:F7:B5:93:29:3D:2E:FC:AF:60:15:3F
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/Dy4pP12uhqZW97WTKT0u_K9gFT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:ee01::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:21:0f:73:db:7e:9d:d0:e2:4f:cb:66:05:45:b4:09:38:aa:
         b1:56:c7:ee:79:50:34:95:9e:5e:af:21:d9:8d:f6:57:79:84:
         f7:40:1b:0e:5b:e6:e4:4f:40:89:59:7e:ed:b3:95:b3:ad:81:
         b5:f2:a0:e3:b3:6e:d9:04:5c:94:57:07:5e:96:88:d6:c3:75:
         0b:12:c4:00:34:e4:82:de:6c:61:06:b4:1b:88:d4:c1:6a:49:
         64:2e:0f:8c:02:09:cd:dd:b9:48:6d:14:09:26:b2:52:24:68:
         c6:df:a2:d9:71:a4:4d:24:2e:69:db:24:07:b1:05:49:72:39:
         87:7d:7b:10:df:a7:36:74:ef:a5:96:71:ac:a4:2f:9e:0b:e5:
         dd:7b:50:49:10:be:58:53:05:de:3a:84:16:3c:df:46:ca:63:
         c8:32:ad:0b:ad:fb:2d:1a:f3:e6:d9:39:c8:8f:e7:15:c8:dc:
         4e:ba:be:1e:77:fc:2d:e5:6f:31:93:fb:e4:96:ec:54:be:3a:
         3c:b5:e9:bd:ed:d0:b7:f1:e4:58:48:0a:68:4f:7c:1d:e5:51:
         09:34:91:87:c4:bd:a1:f5:e1:c7:8c:58:d8:ee:a3:c4:2e:44:
         b7:db:92:54:f4:58:b7:a1:e1:07:14:07:77:ec:a3:69:48:98:
         89:e8:f1:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSz+HdqwYXS91KSNlQQqHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjJlMjkzZjVkYWU4NmE2NTZmN2I1OTMyOTNkMmVmY2FmNjAxNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbEgzBtKxAd6scy/83l+sFzEM5wl
RxJHu4IhcY8QhFfQLXq7F1V1t+IeQl/7mtff88mZEDo4qmSywrfCPbB1NGqIxOGV
e6cw+k21RTIUZmhfgcArZTPXVMGrilhaeDSnVRy8LVtBbC68MCGLFW2os6XJ5mNc
fPzP4jh5XxZTIV4wPRLfOLhxTkl2JuHcir344AAPHzZe6GXaWkMyvF7Yvr7YLOX3
4ViKyx7TtPuAd1w0uicyuDX2RaBpH0k4gNcd6t80/G7yuUEFvet51aDgNUbe3eJT
bCkdapmPapbai96cFhlT7GcFPMieOaMLrMvKGlKdoq3rvH46s5Y4NzrEJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA8uKT9droamVve1kyk9LvyvYBU/MB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvRHk0cFAxMnVocVpXOTdXVEtUMHVfSzlnRlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhI/wu4B
MA0GCSqGSIb3DQEBCwUAA4IBAQAiIQ9z236d0OJPy2YFRbQJOKqxVsfueVA0lZ5e
ryHZjfZXeYT3QBsOW+bkT0CJWX7ts5WzrYG18qDjs27ZBFyUVwdelojWw3ULEsQA
NOSC3mxhBrQbiNTBaklkLg+MAgnN3blIbRQJJrJSJGjG36LZcaRNJC5p2yQHsQVJ
cjmHfXsQ36c2dO+llnGspC+eC+Xde1BJEL5YUwXeOoQWPN9GymPIMq0LrfstGvPm
2TnIj+cVyNxOur4ed/wt5W8xk/vkluxUvjo8tem97dC38eRYSApoT3wd5VEJNJGH
xL2h9eHHjFjY7qPELkS325JU9Fi3oeEHFAd37KNpSJiJ6PFD
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:42:20 2024 by rpki-client on console-fra.rpki-client.org