Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/jmQbzN1n5vNJfqIg6TS1BfIphoY.roa
File:                     jmQbzN1n5vNJfqIg6TS1BfIphoY.roa (raw, json)
Hash identifier:          y+FBfFHbRZXtqBw859tF/IM/aozMONRZt3b+w+wHC3M=
Subject key identifier:   8E:64:1B:CC:DD:67:E6:F3:49:7E:A2:20:E9:34:B5:05:F2:29:86:86
Certificate issuer:       /CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
Certificate serial:       019420D6169B6F08655E01BD5E3C9453C4A0
Authority key identifier: 6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/jmQbzN1n5vNJfqIg6TS1BfIphoY.roa
Signing time:             Wed 01 Jan 2025 07:48:08 +0000
ROA not before:           Wed 01 Jan 2025 07:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212786
IP address blocks:        2a12:f9c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:16:9b:6f:08:65:5e:01:bd:5e:3c:94:53:c4:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
        Validity
            Not Before: Jan  1 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e641bccdd67e6f3497ea220e934b505f2298686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f9:18:f1:da:09:83:98:40:61:23:89:69:cc:
                    f3:32:8a:90:15:92:52:ad:8e:bd:1e:fa:a4:e5:1b:
                    19:da:ed:03:65:b9:c5:cf:f5:f2:3c:f7:fb:0c:b6:
                    e0:95:b3:50:f3:46:3f:17:84:b0:f6:db:d6:d2:fc:
                    4b:89:80:76:b8:0a:20:20:6c:33:d9:1f:a0:a0:77:
                    31:b6:bb:a3:a5:45:9d:90:8b:d3:fb:3a:08:87:ef:
                    3a:a8:22:80:fa:64:f0:dd:f2:be:5c:bc:2e:e1:3c:
                    bc:da:d8:53:11:79:62:85:b3:9c:94:92:77:b0:ac:
                    19:0c:a3:60:b1:fa:9e:9d:7d:fa:e3:4d:0d:fb:1d:
                    1f:71:d9:07:ea:24:e8:9e:68:82:db:4d:5c:ec:c3:
                    86:c0:42:e4:04:fe:a7:33:04:66:96:28:e4:4b:55:
                    65:d9:63:9d:db:f6:73:f4:12:9c:20:6c:8e:06:a9:
                    9a:f9:6c:46:75:67:c6:e1:0e:e6:1a:48:0d:56:d3:
                    22:34:6b:2a:39:c4:b9:9d:18:4e:ba:79:59:17:92:
                    c0:28:af:9f:d6:72:d7:d9:94:33:2d:af:a8:fd:8d:
                    a3:20:90:4b:fe:cd:b4:1b:af:f3:cf:bf:93:4c:f8:
                    9a:07:4b:c4:95:00:a7:1b:b9:8a:3d:7e:ff:1f:ed:
                    b4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:64:1B:CC:DD:67:E6:F3:49:7E:A2:20:E9:34:B5:05:F2:29:86:86
            X509v3 Authority Key Identifier:
                keyid:6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/jmQbzN1n5vNJfqIg6TS1BfIphoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:01:73:f0:fb:09:ab:35:e0:9b:f9:d3:77:12:88:52:fe:4c:
         a3:79:4e:ad:aa:4a:e2:91:52:7d:6a:3e:6d:19:c9:06:b5:1c:
         cc:55:6c:a6:aa:d2:6c:74:4e:a3:5c:ba:cb:d2:19:31:80:ab:
         17:a1:ba:99:86:e6:af:16:6b:5e:88:42:31:04:a1:f5:63:f6:
         3c:1d:d7:55:96:87:6a:d0:66:20:29:87:95:a8:0e:22:a2:3e:
         19:58:8b:67:67:4d:fe:78:54:ef:43:42:48:68:1d:c7:96:46:
         ef:18:37:f8:02:8b:e9:31:7f:b3:5e:c4:25:de:ad:d7:7a:5e:
         30:3c:81:2c:0c:02:88:4b:fc:57:76:8d:79:75:1f:d2:08:96:
         87:1c:cf:92:e3:c3:4b:64:80:8c:30:62:a0:13:dc:ce:cc:85:
         02:31:4e:8f:86:b1:d9:02:af:93:c3:28:9e:ab:72:c8:69:78:
         36:9f:da:3b:f5:c0:0f:c5:10:07:67:90:30:27:e8:18:72:08:
         70:1e:93:4c:8d:f8:40:ef:14:8f:fa:ca:d3:46:8e:75:37:cd:
         6a:73:09:f8:e7:8d:1d:2c:fa:b6:1a:0e:9b:3c:c8:0f:c5:21:
         28:d3:d7:40:6b:23:20:f2:bc:a9:72:76:ce:23:bc:1e:d1:26:
         cb:37:87:dc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQg1habbwhlXgG9XjyUU8SgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMTA0ZjFlNGFiYWVjMWVmZjgwZjI2MmM2MmY5NmMyNTQz
OGM4ZTEwHhcNMjUwMTAxMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTY0MWJjY2RkNjdlNmYzNDk3ZWEyMjBlOTM0YjUwNWYyMjk4Njg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvkY8doJg5hAYSOJaczzMoqQFZJS
rY69Hvqk5RsZ2u0DZbnFz/XyPPf7DLbglbNQ80Y/F4Sw9tvW0vxLiYB2uAogIGwz
2R+goHcxtrujpUWdkIvT+zoIh+86qCKA+mTw3fK+XLwu4Ty82thTEXlihbOclJJ3
sKwZDKNgsfqenX36400N+x0fcdkH6iTonmiC201c7MOGwELkBP6nMwRmlijkS1Vl
2WOd2/Zz9BKcIGyOBqma+WxGdWfG4Q7mGkgNVtMiNGsqOcS5nRhOunlZF5LAKK+f
1nLX2ZQzLa+o/Y2jIJBL/s20G6/zz7+TTPiaB0vElQCnG7mKPX7/H+20GwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFI5kG8zdZ+bzSX6iIOk0tQXyKYaGMB8GA1UdIwQY
MBaAFGsQTx5Kuuwe/4DyYsYvlsJUOMjhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMt
MzBjOWRlMjA1YWZjLzEvam1RYnpOMW41dk5KZnFJZzZUUzFCZklwaG9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMtMzBjOWRlMjA1YWZj
LzEvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhL5wDAN
BgkqhkiG9w0BAQsFAAOCAQEAewFz8PsJqzXgm/nTdxKIUv5Mo3lOrapK4pFSfWo+
bRnJBrUczFVspqrSbHROo1y6y9IZMYCrF6G6mYbmrxZrXohCMQSh9WP2PB3XVZaH
atBmICmHlagOIqI+GViLZ2dN/nhU70NCSGgdx5ZG7xg3+AKL6TF/s17EJd6t13pe
MDyBLAwCiEv8V3aNeXUf0giWhxzPkuPDS2SAjDBioBPczsyFAjFOj4ax2QKvk8Mo
nqtyyGl4Np/aO/XAD8UQB2eQMCfoGHIIcB6TTI34QO8Uj/rK00aOdTfNanMJ+OeN
HSz6thoOmzzID8UhKNPXQGsjIPK8qXJ2ziO8HtEmyzeH3A==
-----END CERTIFICATE-----