Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/QqkudKunMUKBthjTbfxH6DvLTeo.roa
File:                     QqkudKunMUKBthjTbfxH6DvLTeo.roa (raw, json)
Hash identifier:          f0YNgsRujKdG0pFUSU1Y3CVAMiNy2Rlk/0FRlMcC0PU=
Subject key identifier:   42:A9:2E:74:AB:A7:31:42:81:B6:18:D3:6D:FC:47:E8:3B:CB:4D:EA
Certificate issuer:       /CN=b9e6c41a2b04fcd8f8e95718fa7d2e12cc44ac1f
Certificate serial:       018CC94E63B1A7661D7BBD6670778C38BF83
Authority key identifier: B9:E6:C4:1A:2B:04:FC:D8:F8:E9:57:18:FA:7D:2E:12:CC:44:AC:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/QqkudKunMUKBthjTbfxH6DvLTeo.roa
Signing time:             Tue 02 Jan 2024 08:33:26 +0000
ROA not before:           Tue 02 Jan 2024 08:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        2a12:de43::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:63:b1:a7:66:1d:7b:bd:66:70:77:8c:38:bf:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9e6c41a2b04fcd8f8e95718fa7d2e12cc44ac1f
        Validity
            Not Before: Jan  2 08:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42a92e74aba7314281b618d36dfc47e83bcb4dea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ef:ba:51:6a:67:66:3a:3b:3a:35:b1:67:fd:
                    85:0e:d1:f7:9e:c0:8c:fe:20:8b:36:52:b7:d5:63:
                    3d:61:ac:74:e5:07:f5:ff:8e:08:5b:d6:59:c3:72:
                    af:14:b3:b3:69:23:b9:b9:84:9b:47:34:ce:a4:29:
                    70:d8:75:fe:b2:25:ab:6b:8b:a6:88:d6:96:1f:b1:
                    22:f2:f7:31:36:7f:25:af:a4:2d:17:7e:b6:65:72:
                    a3:bd:93:34:4a:7e:0b:1b:fb:a7:fa:6a:b6:9d:07:
                    df:53:9c:cd:b4:ad:06:0e:78:8d:10:90:74:ef:a9:
                    c4:40:97:10:80:39:81:84:3c:df:77:0d:2c:4e:8b:
                    7a:f9:dc:69:5f:ca:60:89:b0:e3:ed:00:bf:7c:5c:
                    b9:e3:cb:5f:69:bb:3f:ed:b8:32:cc:02:f0:da:a0:
                    22:ef:c3:8a:18:68:73:6f:eb:bf:1f:e3:1a:74:a7:
                    4b:1e:b8:5a:69:5e:69:72:b2:48:05:fb:79:a2:14:
                    3f:17:e2:e4:b0:be:e2:bc:9f:5a:c5:f9:59:be:38:
                    78:d5:b8:68:9c:d2:ef:bc:9d:19:94:62:5b:bb:cf:
                    22:8b:55:bb:11:0f:21:74:10:32:84:3f:38:03:89:
                    2a:94:fb:3e:66:bd:1b:14:34:9d:d1:35:72:73:2b:
                    2a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:A9:2E:74:AB:A7:31:42:81:B6:18:D3:6D:FC:47:E8:3B:CB:4D:EA
            X509v3 Authority Key Identifier:
                keyid:B9:E6:C4:1A:2B:04:FC:D8:F8:E9:57:18:FA:7D:2E:12:CC:44:AC:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/QqkudKunMUKBthjTbfxH6DvLTeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:de43::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:88:76:26:ae:33:f2:f4:a3:00:09:e9:35:3d:d0:7e:a6:c3:
         da:ec:f0:c3:17:6c:a7:d9:59:b1:26:52:32:78:8f:e8:01:31:
         07:eb:d3:46:b8:75:3a:1b:cf:7a:cb:5b:fd:06:ae:4e:ae:0c:
         d7:3a:0d:33:4e:49:26:6e:7d:1b:06:8b:f8:77:e5:c0:4e:e7:
         43:62:b0:8a:9d:8b:35:67:fa:63:85:6d:a5:0b:67:62:2f:7e:
         1d:42:24:13:f4:dd:4b:b8:7d:7f:70:9e:85:dd:49:2c:ab:91:
         34:5a:6a:7a:b9:9f:55:23:0e:2a:49:31:7d:d3:b3:ed:d0:ef:
         56:f2:4d:3d:4c:b8:b4:0e:26:3f:c6:64:82:88:ff:c9:8f:70:
         32:3e:a0:9a:9c:87:93:8f:53:f2:af:33:46:6d:cf:11:46:51:
         e6:12:6d:5d:e6:ec:d2:52:5f:b8:4e:e6:1b:29:7f:a7:a0:4f:
         06:af:30:2f:0a:f8:e3:80:9f:8d:03:d1:2d:46:19:8c:9e:06:
         16:55:c6:fe:ec:92:dc:52:74:99:57:87:7e:33:a9:41:34:aa:
         3b:9a:5e:56:2e:37:9f:3b:52:9b:60:9e:3f:41:39:a4:51:92:
         4b:79:8e:4c:12:d9:a6:7c:a7:5e:2b:a2:f8:68:2b:ca:92:b0:
         70:ce:0e:7b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTmOxp2Yde71mcHeMOL+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZTZjNDFhMmIwNGZjZDhmOGU5NTcxOGZhN2QyZTEyY2M0
NGFjMWYwHhcNMjQwMTAyMDgzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmE5MmU3NGFiYTczMTQyODFiNjE4ZDM2ZGZjNDdlODNiY2I0ZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkO+6UWpnZjo7OjWxZ/2FDtH3nsCM
/iCLNlK31WM9Yax05Qf1/44IW9ZZw3KvFLOzaSO5uYSbRzTOpClw2HX+siWra4um
iNaWH7Ei8vcxNn8lr6QtF362ZXKjvZM0Sn4LG/un+mq2nQffU5zNtK0GDniNEJB0
76nEQJcQgDmBhDzfdw0sTot6+dxpX8pgibDj7QC/fFy548tfabs/7bgyzALw2qAi
78OKGGhzb+u/H+MadKdLHrhaaV5pcrJIBft5ohQ/F+LksL7ivJ9axflZvjh41bho
nNLvvJ0ZlGJbu88ii1W7EQ8hdBAyhD84A4kqlPs+Zr0bFDSd0TVycysq2QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEKpLnSrpzFCgbYY0238R+g7y03qMB8GA1UdIwQY
MBaAFLnmxBorBPzY+OlXGPp9LhLMRKwfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWViRUdpc0VfTmo0NlZjWS1uMHVFc3hFckI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMjYxYmYtNmM2Yi00YjA3LWI1YWEt
YzA4YzA0NDZkNjEzLzEvUXFrdWRLdW5NVUtCdGhqVGJmeEg2RHZMVGVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMjYxYmYtNmM2Yi00YjA3LWI1YWEtYzA4YzA0NDZkNjEz
LzEvdWViRUdpc0VfTmo0NlZjWS1uMHVFc3hFckI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhLeQzAN
BgkqhkiG9w0BAQsFAAOCAQEACYh2Jq4z8vSjAAnpNT3QfqbD2uzwwxdsp9lZsSZS
MniP6AExB+vTRrh1OhvPestb/QauTq4M1zoNM05JJm59GwaL+HflwE7nQ2Kwip2L
NWf6Y4VtpQtnYi9+HUIkE/TdS7h9f3Cehd1JLKuRNFpqermfVSMOKkkxfdOz7dDv
VvJNPUy4tA4mP8Zkgoj/yY9wMj6gmpyHk49T8q8zRm3PEUZR5hJtXebs0lJfuE7m
Gyl/p6BPBq8wLwr444CfjQPRLUYZjJ4GFlXG/uyS3FJ0mVeHfjOpQTSqO5peVi43
nztSm2CeP0E5pFGSS3mOTBLZpnynXiui+GgrypKwcM4Oew==
-----END CERTIFICATE-----