Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/tym2DkYzuCYNpAl7mBWafB4t6BI.roa
File:                     tym2DkYzuCYNpAl7mBWafB4t6BI.roa (raw, json)
Hash identifier:          h2zqs4nM2STj9S0wPlKIObolQv/WNf3hG3HA1hJbVA0=
Subject key identifier:   B7:29:B6:0E:46:33:B8:26:0D:A4:09:7B:98:15:9A:7C:1E:2D:E8:12
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB686719A141370721600392CCC950
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/tym2DkYzuCYNpAl7mBWafB4t6BI.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204490
IP address blocks:        2a12:a340::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:68:67:19:a1:41:37:07:21:60:03:92:cc:c9:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b729b60e4633b8260da4097b98159a7c1e2de812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:df:ce:17:2d:dc:0d:f8:6f:75:5c:c0:05:46:
                    dc:87:eb:61:7a:1e:67:06:20:93:01:87:04:92:b3:
                    a4:1d:94:3a:e1:08:6c:cc:fc:9c:94:0d:3e:53:16:
                    df:bb:b8:b6:23:69:f8:9c:81:76:7d:1e:e2:0f:73:
                    ad:bf:64:6c:3a:8d:1f:21:c8:6b:e2:e3:26:a5:64:
                    48:c8:99:ff:b9:bd:52:2a:6e:d6:3e:07:cf:98:26:
                    1d:71:cb:0d:53:fe:63:0a:da:a6:e0:a8:42:f5:61:
                    b4:bd:9e:6f:61:57:4c:7d:14:07:68:7e:9e:b3:99:
                    69:a7:4f:3f:c6:3a:ef:33:da:56:b7:79:d5:4c:b1:
                    0a:b1:f2:e8:74:a9:fc:e7:bf:a1:fd:14:76:a5:20:
                    4f:22:f4:cd:0b:85:be:6e:0c:4b:9a:5f:02:39:bc:
                    a3:94:eb:fb:6e:b8:06:12:ef:bd:bf:9e:15:b4:02:
                    6b:48:58:32:27:05:66:bd:8a:f9:bd:97:87:45:c9:
                    ef:a3:98:db:16:fb:ac:44:a0:8a:9b:07:e7:80:c9:
                    ad:38:80:e4:24:76:1e:81:e0:17:54:f4:64:0a:d2:
                    8b:d5:d0:f1:79:fc:ff:24:28:a6:90:74:ef:e6:fb:
                    ad:f3:f0:c4:c0:fd:cb:51:b1:23:d4:8b:6b:f0:ec:
                    dc:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:29:B6:0E:46:33:B8:26:0D:A4:09:7B:98:15:9A:7C:1E:2D:E8:12
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/tym2DkYzuCYNpAl7mBWafB4t6BI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a340::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:cf:e9:55:08:91:74:f9:4e:55:b3:0f:4e:59:06:82:5d:09:
         38:f7:86:8e:b1:4e:98:5a:88:a7:f9:8e:27:05:34:c9:aa:71:
         3e:37:e2:53:32:8b:3d:e7:41:41:ad:7d:a0:5b:0a:17:f5:cf:
         16:98:b3:e4:ef:25:23:a5:39:23:0b:4a:82:b6:77:19:e9:5a:
         0a:ba:e8:39:e0:14:f9:d9:ae:6b:c8:40:30:22:ad:0c:99:e0:
         53:7c:8e:13:7e:50:66:a7:d3:01:d3:d3:59:b9:b1:9a:a3:e7:
         18:00:44:32:50:98:de:b8:03:79:14:3e:a7:5c:88:e0:4e:13:
         80:6d:3d:a1:73:71:7a:65:12:16:7f:94:31:ef:b6:3c:fb:c5:
         8f:53:82:1d:e5:6c:17:e9:56:13:20:1e:98:f5:b8:5b:3a:ab:
         43:9b:bc:1a:17:e8:a9:e8:23:92:5d:e9:77:5f:6c:f9:13:ac:
         44:e2:7f:ec:55:ad:d1:6c:ee:3e:36:7f:12:6b:59:81:0c:dd:
         00:d3:01:c3:92:56:49:df:50:9d:94:60:06:e4:9d:9a:c4:67:
         28:f2:cf:2a:67:cb:f7:c3:07:91:c2:4f:c3:8e:1d:c6:ad:06:
         bc:58:95:21:47:22:05:3c:79:c2:b5:55:c1:05:b7:e1:d0:d9:
         a0:f5:3a:97
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC22hnGaFBNwchYAOSzMlQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzI5YjYwZTQ2MzNiODI2MGRhNDA5N2I5ODE1OWE3YzFlMmRlODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAit/OFy3cDfhvdVzABUbch+theh5n
BiCTAYcEkrOkHZQ64QhszPyclA0+Uxbfu7i2I2n4nIF2fR7iD3Otv2RsOo0fIchr
4uMmpWRIyJn/ub1SKm7WPgfPmCYdccsNU/5jCtqm4KhC9WG0vZ5vYVdMfRQHaH6e
s5lpp08/xjrvM9pWt3nVTLEKsfLodKn857+h/RR2pSBPIvTNC4W+bgxLml8CObyj
lOv7brgGEu+9v54VtAJrSFgyJwVmvYr5vZeHRcnvo5jbFvusRKCKmwfngMmtOIDk
JHYegeAXVPRkCtKL1dDxefz/JCimkHTv5vut8/DEwP3LUbEj1Itr8OzcMQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLcptg5GM7gmDaQJe5gVmnweLegSMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvdHltMkRrWXp1Q1lOcEFsN21CV2FmQjR0NkJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhKjQDAN
BgkqhkiG9w0BAQsFAAOCAQEAMc/pVQiRdPlOVbMPTlkGgl0JOPeGjrFOmFqIp/mO
JwU0yapxPjfiUzKLPedBQa19oFsKF/XPFpiz5O8lI6U5IwtKgrZ3GelaCrroOeAU
+dmua8hAMCKtDJngU3yOE35QZqfTAdPTWbmxmqPnGABEMlCY3rgDeRQ+p1yI4E4T
gG09oXNxemUSFn+UMe+2PPvFj1OCHeVsF+lWEyAemPW4WzqrQ5u8Ghfoqegjkl3p
d19s+ROsROJ/7FWt0WzuPjZ/EmtZgQzdANMBw5JWSd9QnZRgBuSdmsRnKPLPKmfL
98MHkcJPw44dxq0GvFiVIUciBTx5wrVVwQW34dDZoPU6lw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:43:30 2024 by rpki-client on console-fra.rpki-client.org