Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/149n__WzdkzcvdiXj75CSwt4Ke0.roa
File:                     149n__WzdkzcvdiXj75CSwt4Ke0.roa (raw, json)
Hash identifier:          oADfnpg1xyxZ/pO3JlbyLqogHqwwtBMcwMf9vhuxjOk=
Subject key identifier:   D7:8F:67:FF:F5:B3:76:4C:DC:BD:D8:97:8F:BE:42:4B:0B:78:29:ED
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       0194266B4A4FBAB2C6B44927A91D3C2E7D90
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/149n__WzdkzcvdiXj75CSwt4Ke0.roa
Signing time:             Thu 02 Jan 2025 09:49:13 +0000
ROA not before:           Thu 02 Jan 2025 09:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150296
IP address blocks:        2a12:f8c1:30::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:4a:4f:ba:b2:c6:b4:49:27:a9:1d:3c:2e:7d:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Jan  2 09:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d78f67fff5b3764cdcbdd8978fbe424b0b7829ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e8:25:7e:46:d6:66:0e:a8:12:84:2b:39:4d:
                    54:e0:85:3a:ed:24:51:94:ff:e3:29:33:38:1c:d2:
                    c7:45:f3:82:c4:26:f0:61:bc:47:03:8d:8a:d8:75:
                    38:e8:d4:d6:87:21:26:07:aa:9d:e0:6d:35:f5:c9:
                    72:02:2e:13:58:62:d9:43:0f:c1:52:3e:b8:e7:79:
                    1d:00:35:fe:61:df:0d:7b:c0:86:d7:85:fc:e7:f2:
                    f7:f8:eb:fc:64:1b:ef:dc:3e:8f:f8:19:4b:a6:f3:
                    7c:03:a6:cf:f1:de:5a:b3:1d:e0:d2:83:e1:ed:a9:
                    19:50:50:a9:64:13:64:ef:9b:4d:53:a3:a6:2a:4b:
                    43:bc:e9:a3:2a:ff:6d:74:a6:b5:b3:74:ab:eb:81:
                    6a:a4:18:92:df:eb:44:2a:01:8b:b5:f1:a6:3d:9e:
                    24:7c:e4:09:f4:a9:e1:ac:63:aa:23:06:7a:c9:16:
                    bb:6b:5c:b0:3b:ea:85:63:ef:8e:78:ca:34:02:52:
                    bf:5d:45:ad:6c:9e:99:6a:be:c6:03:1e:44:dc:1b:
                    0c:24:a3:dd:91:7c:32:7f:ed:db:a9:7a:ab:57:3e:
                    c2:98:cf:00:63:91:44:c2:a6:8d:8d:f7:82:fa:3e:
                    cc:9e:c4:7c:f9:73:86:2f:a0:5b:21:aa:a1:67:c1:
                    0e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:8F:67:FF:F5:B3:76:4C:DC:BD:D8:97:8F:BE:42:4B:0B:78:29:ED
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/149n__WzdkzcvdiXj75CSwt4Ke0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c1:30::/44

    Signature Algorithm: sha256WithRSAEncryption
         8a:67:78:4f:70:9b:a8:a9:21:ba:9b:31:83:24:70:f1:09:47:
         8b:ac:bf:0c:88:0d:76:57:58:64:39:5e:13:27:9c:10:3c:1f:
         03:79:71:43:31:fa:3c:7e:1c:2b:be:26:b3:e4:d8:b3:05:72:
         b2:1e:4f:49:74:be:43:6c:1f:80:bc:7a:cf:27:6c:cb:41:f2:
         b0:bc:d5:93:35:72:e2:2a:92:c7:e5:74:50:ba:44:23:27:16:
         8c:1c:c3:0c:47:b9:6c:18:c5:43:c3:2e:f2:e2:3e:c5:10:da:
         62:03:27:a9:1f:fc:82:41:a8:f8:ef:a2:b4:11:ad:e6:38:31:
         45:0f:30:81:13:54:e8:f5:1e:ae:85:5a:b9:02:01:32:93:83:
         c6:fd:84:27:59:a7:a8:36:47:f8:8e:80:bb:08:54:08:57:28:
         50:b3:bf:b0:24:fd:8e:3c:e7:81:bd:51:10:14:64:7b:c9:9c:
         ab:c0:33:55:48:3a:f5:bc:3c:a3:c5:1c:e3:49:dd:84:89:76:
         6e:f6:9a:e3:51:ba:3a:7d:91:9f:81:86:a8:ba:0e:62:fe:27:
         1b:b2:af:b0:c6:30:68:d2:3e:9a:09:57:c4:aa:c8:1b:d6:15:
         de:e5:9e:f9:cb:95:eb:bd:7b:9e:c2:c7:86:5a:a7:3d:0c:d1:
         7c:22:11:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma0pPurLGtEknqR08Ln2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjUwMTAyMDk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzhmNjdmZmY1YjM3NjRjZGNiZGQ4OTc4ZmJlNDI0YjBiNzgyOWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueglfkbWZg6oEoQrOU1U4IU67SRR
lP/jKTM4HNLHRfOCxCbwYbxHA42K2HU46NTWhyEmB6qd4G019clyAi4TWGLZQw/B
Uj6453kdADX+Yd8Ne8CG14X85/L3+Ov8ZBvv3D6P+BlLpvN8A6bP8d5asx3g0oPh
7akZUFCpZBNk75tNU6OmKktDvOmjKv9tdKa1s3Sr64FqpBiS3+tEKgGLtfGmPZ4k
fOQJ9KnhrGOqIwZ6yRa7a1ywO+qFY++OeMo0AlK/XUWtbJ6Zar7GAx5E3BsMJKPd
kXwyf+3bqXqrVz7CmM8AY5FEwqaNjfeC+j7MnsR8+XOGL6BbIaqhZ8EOIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNePZ//1s3ZM3L3Yl4++QksLeCntMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvMTQ5bl9fV3pka3pjdmRpWGo3NUNTd3Q0S2UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhL4wQAw
MA0GCSqGSIb3DQEBCwUAA4IBAQCKZ3hPcJuoqSG6mzGDJHDxCUeLrL8MiA12V1hk
OV4TJ5wQPB8DeXFDMfo8fhwrviaz5NizBXKyHk9JdL5DbB+AvHrPJ2zLQfKwvNWT
NXLiKpLH5XRQukQjJxaMHMMMR7lsGMVDwy7y4j7FENpiAyepH/yCQaj476K0Ea3m
ODFFDzCBE1To9R6uhVq5AgEyk4PG/YQnWaeoNkf4joC7CFQIVyhQs7+wJP2OPOeB
vVEQFGR7yZyrwDNVSDr1vDyjxRzjSd2EiXZu9prjUbo6fZGfgYaoug5i/icbsq+w
xjBo0j6aCVfEqsgb1hXe5Z75y5XrvXuewseGWqc9DNF8IhG2
-----END CERTIFICATE-----