Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/h2VmKIMp1HroEEE1oUFSsFJhCzE.roa
File:                     h2VmKIMp1HroEEE1oUFSsFJhCzE.roa (raw, json)
Hash identifier:          6aqIvVnLLrp+bN7ya/QMdon1TwWWpPEGWewv54riuDI=
Subject key identifier:   87:65:66:28:83:29:D4:7A:E8:10:41:35:A1:41:52:B0:52:61:0B:31
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B3884735D72BC67D34371A1720607
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/h2VmKIMp1HroEEE1oUFSsFJhCzE.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200949
IP address blocks:        2a12:3fc2:e500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:38:84:73:5d:72:bc:67:d3:43:71:a1:72:06:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=876566288329d47ae8104135a14152b052610b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:44:46:95:03:90:d6:a5:6d:c9:62:59:a1:ea:
                    b2:08:1a:7a:f3:e3:cd:53:b1:38:db:bb:43:61:b9:
                    71:9f:5e:d4:f6:be:c5:11:db:a3:62:3f:83:5d:35:
                    f5:3b:31:af:31:93:93:30:4a:bb:96:5e:34:6b:13:
                    b4:92:cb:3e:7f:fe:44:33:8b:00:9d:ea:f0:57:65:
                    c5:fd:83:73:6b:d9:1d:4b:1b:2c:2a:4a:f4:bb:f3:
                    03:3c:6d:16:c7:e0:e9:d2:3c:db:00:0e:8d:f8:36:
                    b1:42:5d:fe:9c:5e:d4:ee:38:04:8e:6b:d2:01:d3:
                    c6:3c:70:62:82:85:e7:56:5e:62:4a:67:a1:57:70:
                    24:51:59:47:37:4c:f6:eb:63:1f:00:71:68:cd:86:
                    f5:4c:6a:a3:a2:ca:eb:d4:98:4e:bc:2b:ff:9f:c6:
                    73:78:b0:e2:2d:69:5b:71:bc:68:ca:09:ed:d0:72:
                    81:1e:e4:57:d0:39:2e:ac:ad:43:91:42:e7:bf:d7:
                    c5:b0:57:18:29:fc:b7:b9:48:a6:e5:0e:77:e8:2c:
                    0a:d9:fe:8c:26:db:af:a0:2c:fb:1c:0f:7e:3f:48:
                    46:39:71:8e:3b:8b:ac:da:ff:21:ed:51:f0:e2:58:
                    eb:de:d4:2c:e2:20:78:d1:0b:54:d1:b0:73:69:e6:
                    58:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:65:66:28:83:29:D4:7A:E8:10:41:35:A1:41:52:B0:52:61:0B:31
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/h2VmKIMp1HroEEE1oUFSsFJhCzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:e500::/40

    Signature Algorithm: sha256WithRSAEncryption
         bc:e1:f7:49:56:ca:3e:dc:34:5a:6b:8d:ab:03:52:73:3a:c5:
         8c:8f:16:b3:e3:aa:d1:f4:8d:48:43:cc:7a:51:8f:64:e0:ed:
         70:bb:d8:11:ab:06:b2:34:b1:06:74:35:39:94:d9:e5:b7:f7:
         f5:b0:a6:f0:19:7d:a6:69:de:8e:b2:43:72:3f:5b:a3:f4:d9:
         a5:b0:d9:bc:de:3f:52:f6:74:72:37:56:df:4d:51:a7:0c:35:
         23:9c:76:d0:0b:79:9d:30:db:10:27:72:8b:8c:cb:a1:7b:60:
         d3:b8:77:48:2f:d7:31:64:ca:a3:64:37:8f:90:4e:2f:82:4b:
         59:88:72:20:86:54:03:48:46:64:2b:16:41:9b:54:c7:3b:c3:
         aa:2f:37:9f:f0:1a:10:31:80:5e:2b:cf:6c:39:0a:8a:75:25:
         eb:64:5e:99:a7:f7:12:d5:68:4d:17:e5:0d:a7:de:31:87:3a:
         c7:13:05:b7:fb:a7:ec:45:75:93:ea:40:66:c7:f6:21:1b:8d:
         e5:3b:16:3b:37:99:2b:5d:58:20:1e:d6:97:a3:a8:58:68:3d:
         a2:d4:4d:8e:bd:41:2c:08:3e:f7:df:02:94:dd:53:b5:8b:a1:
         fc:dc:af:84:c8:d9:0c:77:0e:12:23:52:b1:e5:3d:3c:c7:2f:
         e0:ca:11:5e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSziEc11yvGfTQ3GhcgYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzY1NjYyODgzMjlkNDdhZTgxMDQxMzVhMTQxNTJiMDUyNjEwYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuURGlQOQ1qVtyWJZoeqyCBp68+PN
U7E427tDYblxn17U9r7FEdujYj+DXTX1OzGvMZOTMEq7ll40axO0kss+f/5EM4sA
nerwV2XF/YNza9kdSxssKkr0u/MDPG0Wx+Dp0jzbAA6N+DaxQl3+nF7U7jgEjmvS
AdPGPHBigoXnVl5iSmehV3AkUVlHN0z262MfAHFozYb1TGqjosrr1JhOvCv/n8Zz
eLDiLWlbcbxoygnt0HKBHuRX0DkurK1DkULnv9fFsFcYKfy3uUim5Q536CwK2f6M
JtuvoCz7HA9+P0hGOXGOO4us2v8h7VHw4ljr3tQs4iB40QtU0bBzaeZYGQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIdlZiiDKdR66BBBNaFBUrBSYQsxMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvaDJWbUtJTXAxSHJvRUVFMW9VRlNzRkpoQ3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI/wuUw
DQYJKoZIhvcNAQELBQADggEBALzh90lWyj7cNFprjasDUnM6xYyPFrPjqtH0jUhD
zHpRj2Tg7XC72BGrBrI0sQZ0NTmU2eW39/WwpvAZfaZp3o6yQ3I/W6P02aWw2bze
P1L2dHI3Vt9NUacMNSOcdtALeZ0w2xAncouMy6F7YNO4d0gv1zFkyqNkN4+QTi+C
S1mIciCGVANIRmQrFkGbVMc7w6ovN5/wGhAxgF4rz2w5Cop1JetkXpmn9xLVaE0X
5Q2n3jGHOscTBbf7p+xFdZPqQGbH9iEbjeU7Fjs3mStdWCAe1pejqFhoPaLUTY69
QSwIPvffApTdU7WLofzcr4TI2Qx3DhIjUrHlPTzHL+DKEV4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:42:21 2024 by rpki-client on console-fra.rpki-client.org