Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/J16kp0dolEOcPzZi0oKr2BD75BI.roa
File:                     J16kp0dolEOcPzZi0oKr2BD75BI.roa (raw, json)
Hash identifier:          mBVv2zMp/NRzR+bYpY82u+arKMz/jM+I0mvUD0HUt84=
Subject key identifier:   27:5E:A4:A7:47:68:94:43:9C:3F:36:62:D2:82:AB:D8:10:FB:E4:12
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       01959EF23AB0BF7901817633278564EA6DA5
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/J16kp0dolEOcPzZi0oKr2BD75BI.roa
Signing time:             Sun 16 Mar 2025 12:33:49 +0000
ROA not before:           Sun 16 Mar 2025 12:33:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     27010
IP address blocks:        2a12:f8c3:6000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:9e:f2:3a:b0:bf:79:01:81:76:33:27:85:64:ea:6d:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Mar 16 12:33:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=275ea4a7476894439c3f3662d282abd810fbe412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:34:bb:b9:da:33:c8:2c:09:d9:fe:0b:c3:59:
                    bd:bb:bb:90:9d:18:e5:2a:06:d3:1c:b9:5b:64:c9:
                    57:3f:48:1b:74:28:d8:c0:c4:02:70:7e:d7:be:f3:
                    b4:90:bc:fb:2e:57:65:65:63:c1:43:ce:1f:0f:bc:
                    0c:f7:52:89:ae:a9:41:f5:ee:0a:18:5a:20:3d:b7:
                    50:47:5e:81:01:5e:f2:b3:1d:ed:d1:f2:20:17:34:
                    bb:7e:ec:88:ea:6e:79:ca:48:1e:88:6b:69:ab:74:
                    f4:ce:57:dd:1f:f2:c8:ee:82:b9:23:22:10:36:40:
                    d6:dc:c5:eb:5d:34:24:2a:8c:73:e1:a9:de:d7:b2:
                    9c:62:94:15:c4:c3:9b:d5:0b:98:99:0c:b2:e3:dd:
                    07:9e:92:c4:7a:76:fe:fb:05:c5:f4:da:76:08:c4:
                    79:2e:49:c4:d8:51:d8:d6:7e:1a:f6:21:70:9e:72:
                    11:d8:84:bb:35:0a:ff:a7:dc:d7:52:e4:16:e6:9f:
                    c9:cb:70:a2:7c:74:68:6c:fd:72:49:be:30:cd:18:
                    a9:3d:f6:b2:b4:03:89:e3:23:b9:62:db:95:fa:21:
                    34:a5:06:7f:f5:7b:73:e0:16:fe:26:ff:d3:40:30:
                    3e:c3:9a:c1:92:1a:3b:8f:a4:93:b3:36:7a:92:e4:
                    c9:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:5E:A4:A7:47:68:94:43:9C:3F:36:62:D2:82:AB:D8:10:FB:E4:12
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/J16kp0dolEOcPzZi0oKr2BD75BI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c3:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         59:1c:82:24:5e:b3:b9:e7:9a:a2:36:6d:55:f9:eb:19:d7:46:
         98:15:e9:7b:7b:55:fb:3f:70:1b:6f:cf:17:35:7e:73:c7:7f:
         01:17:69:97:be:5b:94:0f:55:06:74:28:8e:3b:32:97:42:c8:
         b4:a4:7b:23:23:e4:25:4f:f1:ae:9e:c5:58:63:28:87:d1:b6:
         1c:85:9c:08:99:21:20:18:47:86:96:28:30:2c:3d:22:8a:ee:
         e0:82:3b:03:39:b5:78:dd:29:e0:a6:79:a7:0a:0c:65:7a:c2:
         de:e5:15:b5:99:ef:69:73:b5:c5:2f:73:45:ad:f8:41:7d:5a:
         a2:4b:75:ec:e3:8c:ae:c4:40:a3:62:1e:40:2d:0d:6b:f7:b5:
         fd:a0:f3:24:26:84:21:d0:85:b2:14:5b:65:df:7f:52:3a:9e:
         be:49:28:61:a1:ee:85:1a:58:27:fb:12:59:c2:24:14:94:fb:
         db:5a:79:5a:1f:ea:6a:97:b6:9d:9e:f0:94:d6:45:84:92:e6:
         4b:da:86:bb:7e:c8:57:db:8b:ca:25:2e:ee:97:ff:3a:e4:2b:
         0c:64:69:65:fc:f4:f2:26:c3:cb:a9:1e:ab:cf:7e:7b:7c:79:
         f8:dd:b2:e9:4e:de:f8:88:9e:1a:16:18:73:de:eb:41:b7:95:
         07:f7:c1:22
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZWe8jqwv3kBgXYzJ4Vk6m2lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjUwMzE2MTIzMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzVlYTRhNzQ3Njg5NDQzOWMzZjM2NjJkMjgyYWJkODEwZmJlNDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTS7udozyCwJ2f4Lw1m9u7uQnRjl
KgbTHLlbZMlXP0gbdCjYwMQCcH7XvvO0kLz7LldlZWPBQ84fD7wM91KJrqlB9e4K
GFogPbdQR16BAV7ysx3t0fIgFzS7fuyI6m55ykgeiGtpq3T0zlfdH/LI7oK5IyIQ
NkDW3MXrXTQkKoxz4ane17KcYpQVxMOb1QuYmQyy490HnpLEenb++wXF9Np2CMR5
LknE2FHY1n4a9iFwnnIR2IS7NQr/p9zXUuQW5p/Jy3CifHRobP1ySb4wzRipPfay
tAOJ4yO5YtuV+iE0pQZ/9Xtz4Bb+Jv/TQDA+w5rBkho7j6STszZ6kuTJnQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCdepKdHaJRDnD82YtKCq9gQ++QSMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvSjE2a3AwZG9sRU9jUHpaaTBvS3IyQkQ3NUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhL4w2Aw
DQYJKoZIhvcNAQELBQADggEBAFkcgiRes7nnmqI2bVX56xnXRpgV6Xt7Vfs/cBtv
zxc1fnPHfwEXaZe+W5QPVQZ0KI47MpdCyLSkeyMj5CVP8a6exVhjKIfRthyFnAiZ
ISAYR4aWKDAsPSKK7uCCOwM5tXjdKeCmeacKDGV6wt7lFbWZ72lztcUvc0Wt+EF9
WqJLdezjjK7EQKNiHkAtDWv3tf2g8yQmhCHQhbIUW2Xff1I6nr5JKGGh7oUaWCf7
ElnCJBSU+9taeVof6mqXtp2e8JTWRYSS5kvahrt+yFfbi8olLu6X/zrkKwxkaWX8
9PImw8upHqvPfnt8efjdsulO3viInhoWGHPe60G3lQf3wSI=
-----END CERTIFICATE-----