Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/25HLN9vKJbOORa344qm-LI0nEQA.roa
File:                     25HLN9vKJbOORa344qm-LI0nEQA.roa (raw, json)
Hash identifier:          TQyp0sF1bl/gzF7J2QBW5i0BGuTI+enCR5Mfur9x5VU=
Subject key identifier:   DB:91:CB:37:DB:CA:25:B3:8E:45:AD:F8:E2:A9:BE:2C:8D:27:11:00
Certificate issuer:       /CN=f6af433974df373b70abd76b13e1c70c775f554b
Certificate serial:       018CCA2A1D35FCD6F16BD2515A1A58995648
Authority key identifier: F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/25HLN9vKJbOORa344qm-LI0nEQA.roa
Signing time:             Tue 02 Jan 2024 12:33:26 +0000
ROA not before:           Tue 02 Jan 2024 12:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216081
IP address blocks:        2a12:3e80:600::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1d:35:fc:d6:f1:6b:d2:51:5a:1a:58:99:56:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6af433974df373b70abd76b13e1c70c775f554b
        Validity
            Not Before: Jan  2 12:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db91cb37dbca25b38e45adf8e2a9be2c8d271100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:43:61:ce:de:ba:2a:57:20:98:fc:11:eb:d2:
                    ef:c9:1e:1d:0b:65:86:2b:29:55:3a:2c:b2:17:06:
                    ca:f0:89:be:b8:2c:ab:dc:ce:c9:2a:50:71:64:c2:
                    c7:4c:43:e5:97:02:5d:44:5d:9e:a1:fe:22:c4:0a:
                    15:97:f8:eb:63:bf:e3:34:0f:33:eb:03:0b:62:fe:
                    03:cc:33:e1:a4:3b:ba:6f:c9:94:e5:45:54:82:3e:
                    ad:a2:5b:f4:34:49:6f:72:64:20:db:34:c5:9e:59:
                    44:e4:55:3f:45:fb:5c:a7:70:92:83:1f:a3:f5:2b:
                    be:3c:10:d1:5e:f9:77:59:ee:a3:06:45:32:23:51:
                    d6:c2:f0:77:d3:d2:c6:56:42:f3:7a:01:f7:36:07:
                    bb:fd:8d:9c:ec:20:41:f0:87:ac:06:f9:59:61:0f:
                    51:c9:0b:82:bd:11:50:c6:6d:04:3c:7a:12:b2:71:
                    8c:1b:9e:99:8c:d1:28:02:b1:09:34:24:af:88:c5:
                    40:67:52:2f:db:c3:4f:61:26:22:49:5b:92:a5:69:
                    46:ab:82:b0:c3:00:3c:a0:b8:50:b2:e3:1c:e7:53:
                    94:21:16:94:9f:45:61:ad:53:9f:ec:d7:04:45:5d:
                    c5:a6:82:83:4e:49:19:19:4e:b6:33:33:41:c5:9f:
                    71:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:91:CB:37:DB:CA:25:B3:8E:45:AD:F8:E2:A9:BE:2C:8D:27:11:00
            X509v3 Authority Key Identifier:
                keyid:F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/25HLN9vKJbOORa344qm-LI0nEQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3e80:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         63:e1:e3:2b:bd:76:6c:bd:24:08:b4:5d:61:6e:69:ef:65:00:
         f6:49:c1:d7:69:b9:c6:4c:ba:7a:07:93:17:5c:4d:bf:79:7a:
         14:bf:2f:e8:88:6d:a2:3c:8e:73:22:7f:32:6f:06:85:3c:a5:
         28:47:66:c5:8b:d3:e9:63:86:cd:89:ff:d0:f6:90:ad:6f:99:
         10:e2:96:f8:95:bd:3e:1b:36:fa:c7:28:a0:f0:44:6f:0c:ab:
         b4:a5:a3:64:9a:32:d2:2c:4a:1a:67:08:d1:d6:9e:3a:ff:ae:
         19:07:6c:9e:c9:8c:2f:43:9b:16:f1:21:c2:07:1a:15:9a:dd:
         8e:09:68:4c:3d:a1:89:04:e5:13:4e:e8:f8:a6:0d:77:bd:41:
         72:c2:14:e9:e7:cd:b2:79:1e:69:d1:c7:16:27:17:74:dc:4f:
         e1:a0:b1:27:13:fe:95:2a:5d:2f:9e:6c:fa:b0:48:bc:f1:f5:
         39:1a:4d:3c:5f:5b:32:06:36:13:67:10:52:cd:34:01:5a:97:
         34:9e:cc:a9:27:4e:2a:59:99:09:f1:3e:11:6e:25:8f:70:6a:
         f7:f6:64:96:3f:f1:a0:4b:e9:a5:ed:1b:ba:56:49:87:e5:24:
         df:b1:c5:d6:89:ea:8d:1a:a9:ab:e8:04:d7:ce:26:17:f1:8f:
         78:14:af:0e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKh01/Nbxa9JRWhpYmVZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YWY0MzM5NzRkZjM3M2I3MGFiZDc2YjEzZTFjNzBjNzc1
ZjU1NGIwHhcNMjQwMTAyMTIzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjkxY2IzN2RiY2EyNWIzOGU0NWFkZjhlMmE5YmUyYzhkMjcxMTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkNhzt66KlcgmPwR69LvyR4dC2WG
KylVOiyyFwbK8Im+uCyr3M7JKlBxZMLHTEPllwJdRF2eof4ixAoVl/jrY7/jNA8z
6wMLYv4DzDPhpDu6b8mU5UVUgj6tolv0NElvcmQg2zTFnllE5FU/Rftcp3CSgx+j
9Su+PBDRXvl3We6jBkUyI1HWwvB309LGVkLzegH3Nge7/Y2c7CBB8IesBvlZYQ9R
yQuCvRFQxm0EPHoSsnGMG56ZjNEoArEJNCSviMVAZ1Iv28NPYSYiSVuSpWlGq4Kw
wwA8oLhQsuMc51OUIRaUn0VhrVOf7NcERV3FpoKDTkkZGU62MzNBxZ9xBwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNuRyzfbyiWzjkWt+OKpviyNJxEAMB8GA1UdIwQY
MBaAFPavQzl03zc7cKvXaxPhxwx3X1VLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2It
YTI2YmM2NTNiMDZiLzEvMjVITE45dktKYk9PUmEzNDRxbS1MSTBuRVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2ItYTI2YmM2NTNiMDZi
LzEvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI+gAYw
DQYJKoZIhvcNAQELBQADggEBAGPh4yu9dmy9JAi0XWFuae9lAPZJwddpucZMunoH
kxdcTb95ehS/L+iIbaI8jnMifzJvBoU8pShHZsWL0+ljhs2J/9D2kK1vmRDilviV
vT4bNvrHKKDwRG8Mq7Slo2SaMtIsShpnCNHWnjr/rhkHbJ7JjC9DmxbxIcIHGhWa
3Y4JaEw9oYkE5RNO6PimDXe9QXLCFOnnzbJ5HmnRxxYnF3TcT+GgsScT/pUqXS+e
bPqwSLzx9TkaTTxfWzIGNhNnEFLNNAFalzSezKknTipZmQnxPhFuJY9wavf2ZJY/
8aBL6aXtG7pWSYflJN+xxdaJ6o0aqavoBNfOJhfxj3gUrw4=
-----END CERTIFICATE-----