Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/oTHEkOoYYZacGn2FxOyScc8IU14.roa
File:                     oTHEkOoYYZacGn2FxOyScc8IU14.roa (raw, json)
Hash identifier:          XNDSY1qbMI60p8s9RJaqLfw8DR3cJzPVc2iqo5pfca8=
Subject key identifier:   A1:31:C4:90:EA:18:61:96:9C:1A:7D:85:C4:EC:92:71:CF:08:53:5E
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       01942067E91B5EB5BEF93106D83E32AE690F
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/oTHEkOoYYZacGn2FxOyScc8IU14.roa
Signing time:             Wed 01 Jan 2025 05:47:48 +0000
ROA not before:           Wed 01 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201217
IP address blocks:        2a12:3fc2:ab70::/44 maxlen: 48
                          2a12:3fc3::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e9:1b:5e:b5:be:f9:31:06:d8:3e:32:ae:69:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a131c490ea1861969c1a7d85c4ec9271cf08535e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0f:c0:47:74:54:53:ae:0d:ff:b6:63:6c:80:
                    a6:c1:4b:da:2f:3b:32:08:3c:f9:8e:5a:d8:20:8b:
                    d6:7c:da:09:dd:ff:7b:27:6b:07:f1:ec:b7:4b:46:
                    30:75:e7:fb:0a:7e:01:17:fa:97:cf:33:3c:1c:05:
                    86:e6:46:39:10:2f:5c:8a:9a:61:1f:1f:a3:16:6c:
                    a8:6d:e4:27:5d:48:ec:65:78:92:00:29:27:62:2f:
                    88:2e:46:3e:4c:24:6d:13:85:c7:d8:d9:69:4a:61:
                    ec:81:0a:60:53:8c:3c:3f:1f:ef:f7:8d:cd:4c:75:
                    e3:09:76:8c:bd:2c:12:f8:1c:ba:02:dc:bc:95:9a:
                    d1:01:fc:91:b4:24:47:e7:ea:bc:21:7f:4d:3b:57:
                    f2:35:db:7c:5f:58:24:eb:c6:e6:f2:a8:d2:be:f4:
                    1e:7c:b5:56:b4:d0:45:19:1d:2d:3d:d2:c0:d0:fa:
                    d8:d9:a4:8a:6b:e7:5d:c9:2d:e4:c4:c7:3e:a5:f2:
                    25:10:5d:4f:77:45:aa:bb:5f:cb:8a:32:4c:1f:e0:
                    62:f3:88:a8:c7:b1:f7:cb:ca:fd:80:38:c9:26:34:
                    86:6f:4a:dd:77:cf:4c:b7:a9:f5:d8:3b:c2:50:6c:
                    a3:cd:80:29:5c:85:f3:14:45:40:86:f1:4e:b8:c7:
                    29:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:31:C4:90:EA:18:61:96:9C:1A:7D:85:C4:EC:92:71:CF:08:53:5E
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/oTHEkOoYYZacGn2FxOyScc8IU14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3fc2:ab70::/44
                  2a12:3fc3::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:4e:ef:16:75:eb:63:b2:63:fb:45:ea:62:65:b2:20:cb:2a:
         40:48:38:9b:87:7c:30:d7:78:6c:6e:ab:2b:e6:8c:f9:bc:05:
         0c:26:d5:49:15:eb:aa:83:4a:88:ea:7d:13:09:bd:62:ca:94:
         7f:b8:c4:0c:c4:e9:fa:c1:52:0c:e3:b2:82:69:d9:05:e7:f3:
         4c:62:f3:1d:da:41:32:6c:b0:7c:6f:4f:88:48:96:60:2e:34:
         fc:20:16:21:14:d6:ad:c4:2a:7b:c2:73:ec:12:df:59:05:be:
         7c:44:e1:87:75:ef:8c:29:ac:b3:bc:53:6e:9f:01:95:a0:86:
         20:52:d9:78:d7:fd:b0:70:94:26:44:98:70:e6:90:c8:70:cf:
         63:f9:fe:f8:7a:f9:2e:a0:aa:35:26:a5:75:07:d3:08:79:d6:
         e9:17:14:e0:11:10:28:20:b0:c4:cb:12:32:90:d6:0e:6d:b3:
         b5:d4:f7:12:2f:ad:d7:46:76:ff:9f:2a:8f:e9:19:ea:6b:8a:
         96:43:c0:e9:bb:67:0b:5d:96:52:f5:e0:20:89:44:26:b0:c4:
         4c:16:aa:f0:e7:c0:5a:02:22:41:e2:12:83:d6:f7:43:72:08:
         49:59:75:41:88:16:c8:f4:11:0b:82:0b:e4:90:c6:3d:19:f3:
         b8:57:58:9c
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQgZ+kbXrW++TEG2D4yrmkPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTMxYzQ5MGVhMTg2MTk2OWMxYTdkODVjNGVjOTI3MWNmMDg1MzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA/AR3RUU64N/7ZjbICmwUvaLzsy
CDz5jlrYIIvWfNoJ3f97J2sH8ey3S0Ywdef7Cn4BF/qXzzM8HAWG5kY5EC9cipph
Hx+jFmyobeQnXUjsZXiSACknYi+ILkY+TCRtE4XH2NlpSmHsgQpgU4w8Px/v943N
THXjCXaMvSwS+By6Aty8lZrRAfyRtCRH5+q8IX9NO1fyNdt8X1gk68bm8qjSvvQe
fLVWtNBFGR0tPdLA0PrY2aSKa+ddyS3kxMc+pfIlEF1Pd0Wqu1/LijJMH+Bi84io
x7H3y8r9gDjJJjSGb0rdd89Mt6n12DvCUGyjzYApXIXzFEVAhvFOuMcpcQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFKExxJDqGGGWnBp9hcTsknHPCFNeMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvb1RIRWtPb1lZWmFjR24yRnhPeVNjYzhJVTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcEKhI/wqtw
AwUAKhI/wzANBgkqhkiG9w0BAQsFAAOCAQEAQk7vFnXrY7Jj+0XqYmWyIMsqQEg4
m4d8MNd4bG6rK+aM+bwFDCbVSRXrqoNKiOp9Ewm9YsqUf7jEDMTp+sFSDOOygmnZ
BefzTGLzHdpBMmywfG9PiEiWYC40/CAWIRTWrcQqe8Jz7BLfWQW+fEThh3XvjCms
s7xTbp8BlaCGIFLZeNf9sHCUJkSYcOaQyHDPY/n++Hr5LqCqNSaldQfTCHnW6RcU
4BEQKCCwxMsSMpDWDm2ztdT3Ei+t10Z2/58qj+kZ6muKlkPA6btnC12WUvXgIIlE
JrDETBaq8OfAWgIiQeISg9b3Q3IISVl1QYgWyPQRC4IL5JDGPRnzuFdYnA==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:00:03 2025 by rpki-client