Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/7RaN415Q_vyZCQaHZE1qpwIxZCI.roa
File:                     7RaN415Q_vyZCQaHZE1qpwIxZCI.roa (raw, json)
Hash identifier:          eeS3BLVnmid9RvaQxw2I3Qj4g9ylUHzmUcNSTxnF708=
Subject key identifier:   ED:16:8D:E3:5E:50:FE:FC:99:09:06:87:64:4D:6A:A7:02:31:64:22
Certificate issuer:       /CN=a0df7f5b6618bda23c83bed11b442041f1fb456d
Certificate serial:       018CC26D13EE761ED25568BB317AE97C6817
Authority key identifier: A0:DF:7F:5B:66:18:BD:A2:3C:83:BE:D1:1B:44:20:41:F1:FB:45:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oN9_W2YYvaI8g77RG0QgQfH7RW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/7RaN415Q_vyZCQaHZE1qpwIxZCI.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9384
IP address blocks:        2a12:e100:100::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/oN9_W2YYvaI8g77RG0QgQfH7RW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/oN9_W2YYvaI8g77RG0QgQfH7RW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oN9_W2YYvaI8g77RG0QgQfH7RW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:13:ee:76:1e:d2:55:68:bb:31:7a:e9:7c:68:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0df7f5b6618bda23c83bed11b442041f1fb456d
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed168de35e50fefc99090687644d6aa702316422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:32:c8:55:59:ea:8b:da:e4:93:0c:b3:bd:d4:
                    ce:fc:ec:8b:cf:ea:2f:04:2a:69:89:c8:33:2b:25:
                    d5:f3:cf:6c:b4:87:d6:72:3c:8f:eb:1f:6f:07:95:
                    f3:07:d6:4b:97:da:dd:f2:a4:fb:2c:ed:28:02:e1:
                    56:cc:3c:11:c6:13:d6:6c:e9:b7:d4:43:83:98:38:
                    c1:d2:ce:6b:f6:97:69:be:c8:e5:1f:08:18:3f:88:
                    8f:9b:26:cd:65:f4:6e:6d:0d:34:c6:2b:ba:0a:3e:
                    84:9f:1e:1b:e4:b2:35:d0:75:6a:91:22:c6:7f:e7:
                    d5:85:9e:2b:68:86:18:91:66:b7:c6:7c:9c:11:2c:
                    92:a2:54:cb:72:12:c8:a2:af:f5:fb:51:75:c1:29:
                    cb:25:34:2f:bd:a2:c7:b1:3e:25:ed:9e:1a:6a:50:
                    84:eb:cf:97:73:99:ac:4f:98:54:78:50:8a:db:9f:
                    40:4a:83:23:7c:25:60:87:ee:42:61:30:c5:6e:e6:
                    1b:68:9d:b6:25:6b:a4:82:aa:32:14:93:53:51:88:
                    7f:14:96:03:2d:e6:a0:de:df:15:b8:c6:21:22:73:
                    d0:80:b5:02:5c:6c:6a:87:b1:e1:cb:a6:30:bf:95:
                    1c:e7:82:3f:d9:00:8a:f0:16:38:9a:f7:f3:26:b9:
                    42:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:16:8D:E3:5E:50:FE:FC:99:09:06:87:64:4D:6A:A7:02:31:64:22
            X509v3 Authority Key Identifier:
                keyid:A0:DF:7F:5B:66:18:BD:A2:3C:83:BE:D1:1B:44:20:41:F1:FB:45:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oN9_W2YYvaI8g77RG0QgQfH7RW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/7RaN415Q_vyZCQaHZE1qpwIxZCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/oN9_W2YYvaI8g77RG0QgQfH7RW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:e100:100::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:ab:ff:81:91:76:cf:a0:0d:ab:29:4b:af:5f:ae:a5:ed:5b:
         14:9f:d7:0a:64:78:58:a8:cf:2e:90:c5:2a:b6:d0:fb:cd:b3:
         c4:55:eb:46:3d:6d:b4:01:1c:d7:63:a4:40:e7:3f:3b:9d:6c:
         a5:ed:3b:b7:27:fa:7d:86:1c:46:cf:4b:91:e7:84:86:94:a6:
         f4:8e:2a:dc:64:00:27:4b:7b:cd:fb:70:94:fe:ab:9f:7f:f4:
         72:07:20:f7:54:3e:25:3d:fa:b5:cd:ab:11:40:91:72:ca:3a:
         22:d7:91:e8:9a:f3:74:8d:05:fa:9b:fa:48:82:8a:cc:1a:c3:
         61:f6:4d:dc:c8:9f:61:d7:db:9d:d3:56:13:ad:cc:22:eb:df:
         52:28:cd:4c:3c:42:79:de:ba:87:e0:0f:c4:8f:77:a0:07:55:
         3a:94:3d:27:24:9a:59:fe:29:4d:62:c5:06:b4:08:13:7a:92:
         16:d0:d0:61:0c:be:eb:56:10:a7:f5:ca:ae:58:27:5f:b5:10:
         88:80:88:48:2b:e0:f9:94:7b:94:7d:b5:b0:20:8e:29:e5:c3:
         61:1d:2a:1c:8e:ab:3e:f7:b2:b0:dc:d9:53:82:66:06:4b:d8:
         39:72:e1:ef:69:74:59:6c:8c:c9:ba:10:da:08:a5:24:d4:51:
         1d:a8:db:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbRPudh7SVWi7MXrpfGgXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZGY3ZjViNjYxOGJkYTIzYzgzYmVkMTFiNDQyMDQxZjFm
YjQ1NmQwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDE2OGRlMzVlNTBmZWZjOTkwOTA2ODc2NDRkNmFhNzAyMzE2NDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDLIVVnqi9rkkwyzvdTO/OyLz+ov
BCppicgzKyXV889stIfWcjyP6x9vB5XzB9ZLl9rd8qT7LO0oAuFWzDwRxhPWbOm3
1EODmDjB0s5r9pdpvsjlHwgYP4iPmybNZfRubQ00xiu6Cj6Enx4b5LI10HVqkSLG
f+fVhZ4raIYYkWa3xnycESySolTLchLIoq/1+1F1wSnLJTQvvaLHsT4l7Z4aalCE
68+Xc5msT5hUeFCK259ASoMjfCVgh+5CYTDFbuYbaJ22JWukgqoyFJNTUYh/FJYD
Leag3t8VuMYhInPQgLUCXGxqh7Hhy6Ywv5Uc54I/2QCK8BY4mvfzJrlCQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO0WjeNeUP78mQkGh2RNaqcCMWQiMB8GA1UdIwQY
MBaAFKDff1tmGL2iPIO+0RtEIEHx+0VtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb045X1cyWVl2YUk4Zzc3UkcwUWdRZkg3UlcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hNTcyOGItYTM2ZC00ZmJhLTkzYWEt
NWY0YmM5MDBjMDNkLzEvN1JhTjQxNVFfdnlaQ1FhSFpFMXFwd0l4WkNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hNTcyOGItYTM2ZC00ZmJhLTkzYWEtNWY0YmM5MDBjMDNk
LzEvb045X1cyWVl2YUk4Zzc3UkcwUWdRZkg3UlcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhLhAAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQBlq/+BkXbPoA2rKUuvX66l7VsUn9cKZHhYqM8u
kMUqttD7zbPEVetGPW20ARzXY6RA5z87nWyl7Tu3J/p9hhxGz0uR54SGlKb0jirc
ZAAnS3vN+3CU/quff/RyByD3VD4lPfq1zasRQJFyyjoi15HomvN0jQX6m/pIgorM
GsNh9k3cyJ9h19ud01YTrcwi699SKM1MPEJ53rqH4A/Ej3egB1U6lD0nJJpZ/ilN
YsUGtAgTepIW0NBhDL7rVhCn9cquWCdftRCIgIhIK+D5lHuUfbWwII4p5cNhHSoc
jqs+97Kw3NlTgmYGS9g5cuHvaXRZbIzJuhDaCKUk1FEdqNsq
-----END CERTIFICATE-----