Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/ZtBVD_gU9JHOidmFecie_EQftRo.roa
File:                     ZtBVD_gU9JHOidmFecie_EQftRo.roa (raw, json)
Hash identifier:          TATv9KEl0G9zS/KJs9wWiYzEnpI8uOZdyHODf/h2Zv8=
Subject key identifier:   66:D0:55:0F:F8:14:F4:91:CE:89:D9:85:79:C8:9E:FC:44:1F:B5:1A
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       0194266B4C365AB4C1DB82819A7E9AC89969
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/ZtBVD_gU9JHOidmFecie_EQftRo.roa
Signing time:             Thu 02 Jan 2025 09:49:13 +0000
ROA not before:           Thu 02 Jan 2025 09:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216447
IP address blocks:        2a12:f8c2:900::/40 maxlen: 40
                          2a12:f8c2:900::/44 maxlen: 44
                          2a12:f8c2:9e0::/44 maxlen: 44
                          2a12:f8c2:9f0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:4c:36:5a:b4:c1:db:82:81:9a:7e:9a:c8:99:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Jan  2 09:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66d0550ff814f491ce89d98579c89efc441fb51a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e4:5d:61:46:89:e7:d1:20:d4:83:2d:6b:ac:
                    17:e9:44:ae:6b:61:8f:14:b4:94:58:74:8e:5f:d6:
                    fd:14:0b:5c:65:c4:da:bb:9a:ad:f3:a3:4f:8c:f2:
                    40:29:80:19:0b:b7:3a:f7:e5:29:c0:f3:5f:8c:e0:
                    41:89:2c:ef:7c:01:d1:f5:23:75:d8:25:10:26:f4:
                    a2:11:ac:12:86:ca:3d:28:d8:4e:55:3f:ff:61:8f:
                    84:69:b4:30:66:c3:bc:f6:1c:4c:5d:7c:e8:a6:af:
                    70:4a:77:6c:89:20:80:58:87:b7:6c:4a:6f:a8:6b:
                    4e:bf:b4:10:be:4b:af:d3:f8:4c:dc:71:f2:b7:e0:
                    09:a7:bb:6d:7f:cc:51:44:71:ac:36:1c:78:20:d8:
                    51:0e:2b:31:51:97:00:d1:ff:fd:f1:75:3b:91:3e:
                    cc:a3:2a:91:2b:bd:ee:20:b3:a0:be:ee:53:34:0a:
                    40:f8:16:2d:df:17:96:07:c9:ba:fb:65:75:89:08:
                    df:1a:b4:3b:be:5f:ba:c3:6b:5b:6a:63:89:a2:64:
                    ec:38:eb:56:5f:dc:bc:f7:68:04:8d:12:26:d5:b1:
                    84:7b:de:09:9b:aa:81:82:a5:35:95:62:ab:16:37:
                    04:cf:45:6c:a6:a2:f0:82:2d:dc:e6:d7:ec:00:67:
                    e1:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D0:55:0F:F8:14:F4:91:CE:89:D9:85:79:C8:9E:FC:44:1F:B5:1A
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/ZtBVD_gU9JHOidmFecie_EQftRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c2:900::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:19:af:1a:77:c5:cf:11:fa:66:4f:97:da:40:7d:13:89:e3:
         8b:e2:6e:9c:cc:0a:c5:45:82:c6:be:30:fe:15:2b:58:3d:05:
         fb:a4:bc:df:9e:7e:c0:5f:30:4c:4a:aa:c9:ab:b6:07:7b:ca:
         0c:c8:90:48:cf:fe:36:7a:78:63:08:d6:5f:0c:6b:03:9f:d4:
         b0:ee:15:fb:4a:45:e5:fd:4c:22:f7:dc:71:5d:63:77:7e:b8:
         73:fa:b3:57:54:b2:97:61:9b:03:9a:6b:79:81:bf:2f:42:e0:
         22:85:e5:db:53:30:be:6c:ed:23:5e:b0:3a:a8:a7:09:78:cf:
         de:84:ad:49:bc:d3:97:c5:ea:63:ec:cc:9d:cf:97:ea:0f:09:
         79:79:f3:be:e5:65:79:bd:eb:0b:8a:9a:20:b1:11:54:60:40:
         0a:3c:ba:d8:cd:ad:6b:5a:45:12:48:f5:ca:02:0b:ff:8e:2c:
         fe:c0:74:f8:0f:71:9f:d8:96:be:39:e8:ba:7b:e4:7e:7d:f0:
         48:e1:df:1a:82:2e:55:c9:14:47:ef:37:3c:46:ae:6c:ed:08:
         20:65:59:60:76:08:07:c9:7b:95:8a:1b:58:c3:c2:f5:b5:92:
         36:33:a4:49:8b:03:03:b8:74:30:7c:bf:35:7f:8c:c4:cb:c2:
         e5:8d:e8:e9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQma0w2WrTB24KBmn6ayJlpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjUwMTAyMDk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmQwNTUwZmY4MTRmNDkxY2U4OWQ5ODU3OWM4OWVmYzQ0MWZiNTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheRdYUaJ59Eg1IMta6wX6USua2GP
FLSUWHSOX9b9FAtcZcTau5qt86NPjPJAKYAZC7c69+UpwPNfjOBBiSzvfAHR9SN1
2CUQJvSiEawShso9KNhOVT//YY+EabQwZsO89hxMXXzopq9wSndsiSCAWIe3bEpv
qGtOv7QQvkuv0/hM3HHyt+AJp7ttf8xRRHGsNhx4INhRDisxUZcA0f/98XU7kT7M
oyqRK73uILOgvu5TNApA+BYt3xeWB8m6+2V1iQjfGrQ7vl+6w2tbamOJomTsOOtW
X9y892gEjRIm1bGEe94Jm6qBgqU1lWKrFjcEz0VspqLwgi3c5tfsAGfhswIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGbQVQ/4FPSRzonZhXnInvxEH7UaMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvWnRCVkRfZ1U5SkhPaWRtRmVjaWVfRVFmdFJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhL4wgkw
DQYJKoZIhvcNAQELBQADggEBACQZrxp3xc8R+mZPl9pAfROJ44vibpzMCsVFgsa+
MP4VK1g9BfukvN+efsBfMExKqsmrtgd7ygzIkEjP/jZ6eGMI1l8MawOf1LDuFftK
ReX9TCL33HFdY3d+uHP6s1dUspdhmwOaa3mBvy9C4CKF5dtTML5s7SNesDqopwl4
z96ErUm805fF6mPszJ3Pl+oPCXl5877lZXm96wuKmiCxEVRgQAo8utjNrWtaRRJI
9coCC/+OLP7AdPgPcZ/Ylr456Lp75H598Ejh3xqCLlXJFEfvNzxGrmztCCBlWWB2
CAfJe5WKG1jDwvW1kjYzpEmLAwO4dDB8vzV/jMTLwuWN6Ok=
-----END CERTIFICATE-----