Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/N1WF0ztDOU5mGuKVt7QGoNLKHkY.roa
File:                     N1WF0ztDOU5mGuKVt7QGoNLKHkY.roa (raw, json)
Hash identifier:          qP3bs3pVKTvXWKKNrIacLrQUPSjbBULCzsxK8VH/jlM=
Subject key identifier:   37:55:85:D3:3B:43:39:4E:66:1A:E2:95:B7:B4:06:A0:D2:CA:1E:46
Certificate issuer:       /CN=b9e6c41a2b04fcd8f8e95718fa7d2e12cc44ac1f
Certificate serial:       018D506C1FF68FB1B29CB25FC2EE2722B3AF
Authority key identifier: B9:E6:C4:1A:2B:04:FC:D8:F8:E9:57:18:FA:7D:2E:12:CC:44:AC:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/N1WF0ztDOU5mGuKVt7QGoNLKHkY.roa
Signing time:             Sun 28 Jan 2024 14:14:39 +0000
ROA not before:           Sun 28 Jan 2024 14:14:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53667
IP address blocks:        2a12:de41::/32 maxlen: 32
                          2a12:de42::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:50:6c:1f:f6:8f:b1:b2:9c:b2:5f:c2:ee:27:22:b3:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9e6c41a2b04fcd8f8e95718fa7d2e12cc44ac1f
        Validity
            Not Before: Jan 28 14:14:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=375585d33b43394e661ae295b7b406a0d2ca1e46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:36:a0:9d:70:1d:ac:a6:7c:b1:21:fd:b7:05:
                    28:c7:4d:19:b6:19:c2:09:29:30:00:ce:08:41:8d:
                    da:81:8f:94:46:35:f6:36:0f:b1:1c:2f:c1:6e:fa:
                    6b:6a:44:e5:14:8c:04:c2:47:36:96:c2:b5:85:94:
                    f9:52:a6:00:8b:52:24:c7:18:8f:53:dd:58:d3:96:
                    cb:4d:c7:0a:5f:90:3c:ec:d9:45:94:e8:70:61:1d:
                    68:16:94:cf:34:bf:a8:82:1d:54:a5:75:e0:c2:5f:
                    a3:51:90:41:84:ce:e2:b8:88:86:65:52:33:2c:76:
                    8b:ea:97:1f:85:af:e8:8b:75:d1:6b:c6:8e:76:c9:
                    6a:55:9a:f6:76:25:aa:bf:f6:29:0b:a2:99:dd:c7:
                    27:4f:9b:34:85:c4:76:2f:f2:8b:00:32:10:b3:f6:
                    f8:b2:11:9d:60:b8:07:25:f6:79:1b:78:9a:ed:d1:
                    22:c9:d8:29:d0:1a:66:bc:ee:f7:63:45:b6:ba:9d:
                    3a:5f:6b:6d:b6:42:82:64:a1:fe:90:97:5a:8b:0f:
                    33:ca:d3:18:a8:36:ff:19:c7:69:cf:1a:15:8f:5e:
                    17:69:f5:83:ed:a4:48:4d:bc:f6:6f:5d:b0:eb:fe:
                    3b:54:79:e5:73:d5:75:27:8d:bf:a9:64:87:e2:82:
                    41:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:55:85:D3:3B:43:39:4E:66:1A:E2:95:B7:B4:06:A0:D2:CA:1E:46
            X509v3 Authority Key Identifier:
                keyid:B9:E6:C4:1A:2B:04:FC:D8:F8:E9:57:18:FA:7D:2E:12:CC:44:AC:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/N1WF0ztDOU5mGuKVt7QGoNLKHkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:de41::-2a12:de42:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         af:58:61:1e:55:6e:08:59:67:21:25:3d:51:fa:d3:49:01:1f:
         2e:6a:8f:b1:2e:15:86:7b:65:cb:eb:e3:09:b8:a3:20:54:2c:
         d4:bf:7d:ee:e6:9e:f8:d7:fc:ad:5f:ea:df:bb:ac:3e:ba:03:
         31:e4:18:64:f4:66:1b:1f:30:34:b8:43:42:cf:ed:40:11:c2:
         9b:ad:9e:9e:b8:73:6d:1a:f5:f7:4f:ce:43:ba:73:54:9a:d4:
         01:b1:5f:3b:55:3d:84:66:18:5e:f7:cd:80:64:ee:d0:98:0d:
         d4:26:e5:56:d1:e9:6d:cc:cd:f0:40:95:19:36:24:74:94:bc:
         eb:da:f3:d7:9f:27:af:29:7e:c4:9f:92:7c:e2:d0:79:28:48:
         0a:a9:81:4f:e1:3a:bc:10:3e:10:78:b8:21:d6:b6:a1:25:dd:
         e8:5d:c9:16:25:db:77:a5:86:9c:26:27:72:fe:54:e6:c3:15:
         95:2e:c0:df:25:d1:c5:21:17:ef:49:a2:b6:94:79:11:3f:0a:
         a4:b9:f3:c6:9b:8d:0e:f6:b4:25:cd:ff:e6:06:37:12:45:34:
         2b:cb:13:19:ce:be:5b:36:f4:5f:a8:42:e5:d9:28:f6:9f:53:
         1b:ca:5a:45:63:db:e3:9a:fa:8e:4a:31:74:70:02:ee:93:26:
         d5:53:05:e9
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAY1QbB/2j7GynLJfwu4nIrOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZTZjNDFhMmIwNGZjZDhmOGU5NTcxOGZhN2QyZTEyY2M0
NGFjMWYwHhcNMjQwMTI4MTQxNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzU1ODVkMzNiNDMzOTRlNjYxYWUyOTViN2I0MDZhMGQyY2ExZTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljagnXAdrKZ8sSH9twUox00ZthnC
CSkwAM4IQY3agY+URjX2Ng+xHC/BbvprakTlFIwEwkc2lsK1hZT5UqYAi1IkxxiP
U91Y05bLTccKX5A87NlFlOhwYR1oFpTPNL+ogh1UpXXgwl+jUZBBhM7iuIiGZVIz
LHaL6pcfha/oi3XRa8aOdslqVZr2diWqv/YpC6KZ3ccnT5s0hcR2L/KLADIQs/b4
shGdYLgHJfZ5G3ia7dEiydgp0BpmvO73Y0W2up06X2tttkKCZKH+kJdaiw8zytMY
qDb/GcdpzxoVj14XafWD7aRITbz2b12w6/47VHnlc9V1J42/qWSH4oJBzwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFDdVhdM7QzlOZhrilbe0BqDSyh5GMB8GA1UdIwQY
MBaAFLnmxBorBPzY+OlXGPp9LhLMRKwfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWViRUdpc0VfTmo0NlZjWS1uMHVFc3hFckI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMjYxYmYtNmM2Yi00YjA3LWI1YWEt
YzA4YzA0NDZkNjEzLzEvTjFXRjB6dERPVTVtR3VLVnQ3UUdvTkxLSGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMjYxYmYtNmM2Yi00YjA3LWI1YWEtYzA4YzA0NDZkNjEz
LzEvdWViRUdpc0VfTmo0NlZjWS1uMHVFc3hFckI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqEt5B
AwUAKhLeQjANBgkqhkiG9w0BAQsFAAOCAQEAr1hhHlVuCFlnISU9UfrTSQEfLmqP
sS4Vhntly+vjCbijIFQs1L997uae+Nf8rV/q37usProDMeQYZPRmGx8wNLhDQs/t
QBHCm62enrhzbRr190/OQ7pzVJrUAbFfO1U9hGYYXvfNgGTu0JgN1CblVtHpbczN
8ECVGTYkdJS869rz158nryl+xJ+SfOLQeShICqmBT+E6vBA+EHi4Ida2oSXd6F3J
FiXbd6WGnCYncv5U5sMVlS7A3yXRxSEX70mitpR5ET8KpLnzxpuNDva0Jc3/5gY3
EkU0K8sTGc6+Wzb0X6hC5dko9p9TG8paRWPb45r6jkoxdHAC7pMm1VMF6Q==
-----END CERTIFICATE-----