Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/P5xJaKikIrjV-ZzHyFgy6Tw8ULM.roa
File:                     P5xJaKikIrjV-ZzHyFgy6Tw8ULM.roa (raw, json)
Hash identifier:          1csOcsKYd9rrxJoxT61da4AHESk5SLHKiH9j8gMvzeY=
Subject key identifier:   3F:9C:49:68:A8:A4:22:B8:D5:F9:9C:C7:C8:58:32:E9:3C:3C:50:B3
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       018FA553B1CF9BEBD2B93728526D1BE2BACC
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/P5xJaKikIrjV-ZzHyFgy6Tw8ULM.roa
Signing time:             Thu 23 May 2024 12:01:16 +0000
ROA not before:           Thu 23 May 2024 12:01:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215158
IP address blocks:        2a12:1940::/29 maxlen: 29
                          2a12:2c40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:53:b1:cf:9b:eb:d2:b9:37:28:52:6d:1b:e2:ba:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: May 23 12:01:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f9c4968a8a422b8d5f99cc7c85832e93c3c50b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:d8:27:c0:f6:3c:3a:3b:69:be:64:9e:fd:02:
                    46:8e:5d:21:59:63:df:68:7c:ba:cb:f9:12:e2:58:
                    0f:f5:42:f0:ec:59:40:1d:85:3a:9f:13:5e:41:e3:
                    bd:21:9f:fc:21:e4:4d:80:89:24:8a:99:2b:91:0c:
                    6b:bd:29:18:2e:23:fa:42:ff:19:7f:1e:90:54:b3:
                    d9:5c:ae:e3:d8:8c:4e:74:25:74:bc:f0:bb:e7:38:
                    57:db:d4:56:62:ed:dc:71:29:41:bc:81:6b:6e:c7:
                    be:61:d0:b4:fb:4e:ef:52:36:cf:ca:c5:88:c2:08:
                    14:0f:cb:ca:8b:25:3a:92:17:bf:f1:86:bd:ab:29:
                    e8:0d:2c:92:8c:e7:8e:af:9d:6c:fe:21:ca:98:02:
                    17:5c:87:77:fb:e7:25:76:94:d7:a2:e8:46:6e:c9:
                    cf:a8:4e:8c:6f:46:e2:df:6e:db:80:e9:42:e0:ef:
                    e2:34:17:a4:80:0d:dd:eb:7f:5e:b9:99:a1:d1:ef:
                    66:a1:c9:d4:87:33:da:d2:b8:d2:73:bf:0e:b3:a6:
                    0f:a1:c3:72:1e:f3:29:49:c2:29:ff:c2:d7:d4:40:
                    0c:85:16:98:50:ee:c3:1f:b4:b6:31:18:c4:1d:5e:
                    e7:ed:9d:ec:d5:ca:df:42:ba:0e:a9:bf:d8:31:06:
                    bd:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:9C:49:68:A8:A4:22:B8:D5:F9:9C:C7:C8:58:32:E9:3C:3C:50:B3
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/P5xJaKikIrjV-ZzHyFgy6Tw8ULM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1940::/29
                  2a12:2c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:5e:cd:fd:39:61:a5:aa:40:b0:a2:fc:91:c0:ef:5a:f9:ce:
         28:8e:4a:22:bd:3b:86:3b:69:ad:a5:c7:48:5e:0f:04:b9:3e:
         84:fb:f4:d7:5f:b2:f4:7b:82:ae:29:6c:f5:00:19:0f:74:25:
         13:20:0e:09:7b:a0:9d:c7:d1:20:fc:b9:90:a7:07:68:de:d4:
         24:f3:a7:d7:9b:32:07:31:d2:19:b5:70:c7:66:13:b9:65:29:
         f4:3e:f4:d4:8f:04:91:a5:9a:0b:9b:d5:a3:78:76:36:a7:90:
         7a:8e:27:3f:42:49:26:39:d5:17:7b:6a:f4:96:c9:02:92:ce:
         0c:41:f7:cf:47:a0:ef:9b:fc:9d:c3:cc:de:27:84:15:2d:06:
         ca:6b:92:dc:c8:c6:c8:7b:4d:9c:3c:46:eb:66:f2:9d:57:56:
         68:89:b1:ee:8b:4b:ef:57:ba:fe:ed:4b:4f:af:9e:0a:fd:27:
         44:61:41:d5:8c:56:28:8f:da:d6:d4:88:87:23:e0:67:cf:84:
         50:fe:84:ee:61:cf:2e:7e:81:30:14:da:6b:04:b4:ed:ee:7d:
         03:1f:2a:70:68:9b:f7:3e:e3:97:01:40:b8:44:98:31:53:ff:
         5f:f4:68:c9:4e:a6:ec:6e:65:49:bb:cc:2d:96:44:4e:50:4d:
         df:aa:00:f7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY+lU7HPm+vSuTcoUm0b4rrMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQwNTIzMTIwMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjljNDk2OGE4YTQyMmI4ZDVmOTljYzdjODU4MzJlOTNjM2M1MGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA89gnwPY8OjtpvmSe/QJGjl0hWWPf
aHy6y/kS4lgP9ULw7FlAHYU6nxNeQeO9IZ/8IeRNgIkkipkrkQxrvSkYLiP6Qv8Z
fx6QVLPZXK7j2IxOdCV0vPC75zhX29RWYu3ccSlBvIFrbse+YdC0+07vUjbPysWI
wggUD8vKiyU6khe/8Ya9qynoDSySjOeOr51s/iHKmAIXXId3++cldpTXouhGbsnP
qE6Mb0bi327bgOlC4O/iNBekgA3d639euZmh0e9mocnUhzPa0rjSc78Os6YPocNy
HvMpScIp/8LX1EAMhRaYUO7DH7S2MRjEHV7n7Z3s1crfQroOqb/YMQa9XQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD+cSWiopCK41fmcx8hYMuk8PFCzMB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvUDV4SmFLaWtJcmpWLVp6SHlGZ3k2VHc4VUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhIZQAMF
AyoSLEAwDQYJKoZIhvcNAQELBQADggEBADtezf05YaWqQLCi/JHA71r5ziiOSiK9
O4Y7aa2lx0heDwS5PoT79NdfsvR7gq4pbPUAGQ90JRMgDgl7oJ3H0SD8uZCnB2je
1CTzp9ebMgcx0hm1cMdmE7llKfQ+9NSPBJGlmgub1aN4djankHqOJz9CSSY51Rd7
avSWyQKSzgxB989HoO+b/J3DzN4nhBUtBsprktzIxsh7TZw8Rutm8p1XVmiJse6L
S+9Xuv7tS0+vngr9J0RhQdWMViiP2tbUiIcj4GfPhFD+hO5hzy5+gTAU2msEtO3u
fQMfKnBom/c+45cBQLhEmDFT/1/0aMlOpuxuZUm7zC2WRE5QTd+qAPc=
-----END CERTIFICATE-----