Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/fihZfVnTeQMn73dbr9_D4k6VLoc.roa
File:                     fihZfVnTeQMn73dbr9_D4k6VLoc.roa (raw, json)
Hash identifier:          Fr8opbiol5TgDDvilniMN/W7s0cIFYKldFNvQR20Cmw=
Subject key identifier:   7E:28:59:7D:59:D3:79:03:27:EF:77:5B:AF:DF:C3:E2:4E:95:2E:87
Certificate issuer:       /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial:       018CC64B2737AAB4E5242C52177AB6C40A9C
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/fihZfVnTeQMn73dbr9_D4k6VLoc.roa
Signing time:             Mon 01 Jan 2024 18:31:03 +0000
ROA not before:           Mon 01 Jan 2024 18:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     150006
IP address blocks:        2a12:f8c3:1000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:27:37:aa:b4:e5:24:2c:52:17:7a:b6:c4:0a:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
        Validity
            Not Before: Jan  1 18:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e28597d59d3790327ef775bafdfc3e24e952e87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:79:63:25:8a:5d:ca:f0:86:b4:70:ac:48:db:
                    13:27:41:38:7f:31:f4:49:7a:a6:6e:71:0c:c2:d9:
                    83:15:c2:34:90:24:78:d2:85:63:e4:6d:c1:c2:fb:
                    6e:13:0e:11:da:0e:af:83:08:06:14:73:e7:8d:92:
                    ba:98:9d:41:a8:c3:c3:dd:f6:be:68:9a:39:e3:6a:
                    a4:1b:42:fc:86:90:1f:e4:cf:c7:aa:e0:ea:d2:4e:
                    35:aa:c3:73:dd:07:78:5a:dd:0e:7f:c2:65:56:37:
                    36:d0:a7:4c:9b:9d:91:c2:96:4f:67:f9:55:84:01:
                    57:e7:67:4c:fe:d8:d5:9c:d0:fc:8b:7f:1c:6a:fe:
                    b5:50:d4:b7:f5:39:9d:10:e8:ca:8c:b6:9d:31:56:
                    4f:3c:d6:15:26:46:69:7d:69:a6:75:b9:c5:df:d3:
                    de:06:dd:61:fc:b5:07:13:7d:3e:eb:9e:c8:23:a1:
                    f0:e1:e6:e9:69:24:e5:81:ae:03:72:41:57:52:1f:
                    e0:d3:d7:37:25:e9:58:bb:05:08:6e:7d:7b:ab:7f:
                    09:25:fe:4d:ce:cf:19:df:ce:af:f0:fc:1a:92:cb:
                    3d:14:36:13:81:ba:40:e1:5b:49:2e:8e:c8:19:3f:
                    28:4c:52:e1:db:cf:7d:d0:42:c2:4c:0d:ac:7a:fe:
                    c5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:28:59:7D:59:D3:79:03:27:EF:77:5B:AF:DF:C3:E2:4E:95:2E:87
            X509v3 Authority Key Identifier:
                keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/fihZfVnTeQMn73dbr9_D4k6VLoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c3:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         80:0a:29:5b:c4:7e:ab:be:db:40:98:9a:aa:cb:07:c3:b2:ab:
         6e:5d:9e:7a:da:11:bd:d7:e7:be:d3:0f:26:69:d5:cf:8b:2a:
         80:92:f2:9a:c5:82:05:f1:18:fd:d9:70:ba:01:e6:47:b8:11:
         e5:f4:ca:2a:38:07:61:20:90:79:be:da:f6:d4:3e:34:f2:2e:
         88:8d:7f:7e:ff:d8:00:4b:f5:15:75:68:99:2e:62:e0:a3:8b:
         ce:e4:4b:6a:d1:cb:ea:4b:63:48:2e:a2:90:8b:08:0f:8d:a4:
         7d:1d:cb:b3:b5:44:dd:51:c0:a5:58:57:30:9f:cf:09:e2:30:
         17:2a:d4:a6:17:08:53:ec:16:fb:76:ac:33:a4:35:ab:7c:85:
         98:09:6a:33:c5:19:30:fb:14:2b:69:9c:86:b4:49:28:1f:bf:
         65:ff:17:61:4c:25:eb:2b:c2:0d:a3:a0:8d:8a:a8:75:a9:90:
         d3:8b:ab:88:ca:44:87:51:94:24:e2:4f:58:c1:06:f9:bc:04:
         51:89:97:2f:76:13:67:a2:d3:f0:7c:f3:56:7b:40:89:07:33:
         85:65:d6:4a:88:84:26:38:60:03:db:07:0d:e7:03:f9:98:fc:
         a8:e0:97:80:0a:66:fb:09:4a:c1:f2:1d:79:1b:7e:f3:1f:0e:
         51:61:4f:c2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSyc3qrTlJCxSF3q2xAqcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTI4NTk3ZDU5ZDM3OTAzMjdlZjc3NWJhZmRmYzNlMjRlOTUyZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHljJYpdyvCGtHCsSNsTJ0E4fzH0
SXqmbnEMwtmDFcI0kCR40oVj5G3BwvtuEw4R2g6vgwgGFHPnjZK6mJ1BqMPD3fa+
aJo542qkG0L8hpAf5M/HquDq0k41qsNz3Qd4Wt0Of8JlVjc20KdMm52RwpZPZ/lV
hAFX52dM/tjVnND8i38cav61UNS39TmdEOjKjLadMVZPPNYVJkZpfWmmdbnF39Pe
Bt1h/LUHE30+657II6Hw4ebpaSTlga4DckFXUh/g09c3JelYuwUIbn17q38JJf5N
zs8Z386v8Pwakss9FDYTgbpA4VtJLo7IGT8oTFLh28990ELCTA2sev7FoQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFH4oWX1Z03kDJ+93W6/fw+JOlS6HMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvZmloWmZWblRlUU1uNzNkYnI5X0Q0azZWTG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhL4wxAw
DQYJKoZIhvcNAQELBQADggEBAIAKKVvEfqu+20CYmqrLB8Oyq25dnnraEb3X577T
DyZp1c+LKoCS8prFggXxGP3ZcLoB5ke4EeX0yio4B2EgkHm+2vbUPjTyLoiNf37/
2ABL9RV1aJkuYuCji87kS2rRy+pLY0guopCLCA+NpH0dy7O1RN1RwKVYVzCfzwni
MBcq1KYXCFPsFvt2rDOkNat8hZgJajPFGTD7FCtpnIa0SSgfv2X/F2FMJesrwg2j
oI2KqHWpkNOLq4jKRIdRlCTiT1jBBvm8BFGJly92E2ei0/B881Z7QIkHM4Vl1kqI
hCY4YAPbBw3nA/mY/Kjgl4AKZvsJSsHyHXkbfvMfDlFhT8I=
-----END CERTIFICATE-----