Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/8J-FU06U4iSVHn2GLwJ_fapRIhc.roa
File:                     8J-FU06U4iSVHn2GLwJ_fapRIhc.roa (raw, json)
Hash identifier:          EptZfA4Slap3QxNN+2t2lhInkEoxrUZ74Biuq3g6Vrg=
Subject key identifier:   F0:9F:85:53:4E:94:E2:24:95:1E:7D:86:2F:02:7F:7D:AA:51:22:17
Certificate issuer:       /CN=9e1533c4702c2ccb5a9e0e87ab27ad56b15f2c76
Certificate serial:       018CC8DEDECB623C3CBA9A338BF939D146E0
Authority key identifier: 9E:15:33:C4:70:2C:2C:CB:5A:9E:0E:87:AB:27:AD:56:B1:5F:2C:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/8J-FU06U4iSVHn2GLwJ_fapRIhc.roa
Signing time:             Tue 02 Jan 2024 06:31:38 +0000
ROA not before:           Tue 02 Jan 2024 06:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49772
IP address blocks:        2a12:e6c0:f001::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:de:cb:62:3c:3c:ba:9a:33:8b:f9:39:d1:46:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e1533c4702c2ccb5a9e0e87ab27ad56b15f2c76
        Validity
            Not Before: Jan  2 06:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f09f85534e94e224951e7d862f027f7daa512217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:05:55:dd:e4:f3:f7:1e:1d:a4:51:6a:93:8d:
                    77:2a:e8:dc:23:44:d7:9d:77:19:1b:fc:99:24:a6:
                    69:01:87:d3:b4:6e:d1:8c:be:2c:b8:43:4c:e2:79:
                    3d:41:9b:cf:f1:4a:0c:a0:fd:3d:92:d7:01:ec:b5:
                    4f:a2:61:3d:0c:cc:f8:0d:49:f5:81:a6:9d:40:c9:
                    fd:00:e1:c5:d5:ac:dd:28:e6:6b:b1:ef:ce:e2:6f:
                    bc:cf:77:98:c9:8e:c6:c5:61:35:11:dc:33:52:61:
                    f2:14:cb:9d:55:4b:af:8b:2c:44:2b:9e:13:78:ed:
                    cd:c3:ef:96:e8:f8:cf:d9:2d:93:c0:dc:1d:40:92:
                    3f:cb:84:92:20:46:fd:b6:4c:32:e4:ba:51:4c:65:
                    67:1e:9d:56:2f:18:b6:f7:41:c1:a1:09:fb:e1:f8:
                    bb:07:de:2d:85:28:03:e7:20:74:f9:48:30:0e:c6:
                    a0:6f:fa:a4:da:43:21:42:77:fe:b4:13:17:47:26:
                    df:e8:c2:a4:00:51:05:9e:16:48:37:c6:85:9c:b6:
                    99:2b:0d:7e:88:6f:bb:ad:63:bd:b7:b4:14:f1:a3:
                    52:cd:5b:b3:c6:d9:6b:14:1b:30:f1:cf:7a:c4:a2:
                    6a:ca:97:c9:43:2e:f3:c0:c9:37:25:a3:52:dc:99:
                    73:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:9F:85:53:4E:94:E2:24:95:1E:7D:86:2F:02:7F:7D:AA:51:22:17
            X509v3 Authority Key Identifier:
                keyid:9E:15:33:C4:70:2C:2C:CB:5A:9E:0E:87:AB:27:AD:56:B1:5F:2C:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/8J-FU06U4iSVHn2GLwJ_fapRIhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:e6c0:f001::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:fe:10:d6:a5:2f:97:71:4d:b5:91:c9:8d:be:dd:8d:69:b1:
         e1:19:80:81:15:37:56:71:4c:e1:22:8b:0e:03:43:59:29:47:
         36:e9:cb:8a:46:af:22:d0:e7:a3:17:f4:66:07:fb:f3:81:22:
         c6:ad:17:df:4e:7b:9b:a8:89:51:82:d7:26:a8:6c:e5:03:25:
         a0:8b:65:7c:3d:4d:2f:1d:ae:62:68:b3:08:a1:87:de:04:fe:
         42:8c:1b:05:13:18:2c:f0:b1:52:1f:c5:2c:24:2f:15:fd:ce:
         1c:12:c9:33:9b:f8:17:f5:32:1c:ec:ad:9c:82:d9:d6:9e:5f:
         9f:65:62:3e:92:b2:52:ea:8d:81:6e:36:4c:f8:1a:b3:e6:d0:
         4b:d6:0a:08:0a:0e:17:a2:39:1c:5b:80:9a:b0:29:ea:9f:d9:
         17:5f:08:f2:14:fb:25:7f:d0:ef:d0:c3:36:b9:9c:16:79:b4:
         96:88:d7:35:e1:b5:c1:27:8e:e6:20:bf:a5:43:15:c1:1c:80:
         9c:ed:37:ee:50:e2:a3:34:b0:ec:35:51:7d:ac:c9:70:10:df:
         6c:97:27:89:fb:07:c8:61:bd:30:8b:cd:c2:b9:2f:8a:35:03:
         bb:f4:dc:d4:15:89:16:c9:15:c0:73:85:56:51:7f:be:6a:a5:
         68:24:fa:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3t7LYjw8upozi/k50UbgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMTUzM2M0NzAyYzJjY2I1YTllMGU4N2FiMjdhZDU2YjE1
ZjJjNzYwHhcNMjQwMTAyMDYzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDlmODU1MzRlOTRlMjI0OTUxZTdkODYyZjAyN2Y3ZGFhNTEyMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQVV3eTz9x4dpFFqk413KujcI0TX
nXcZG/yZJKZpAYfTtG7RjL4suENM4nk9QZvP8UoMoP09ktcB7LVPomE9DMz4DUn1
gaadQMn9AOHF1azdKOZrse/O4m+8z3eYyY7GxWE1EdwzUmHyFMudVUuviyxEK54T
eO3Nw++W6PjP2S2TwNwdQJI/y4SSIEb9tkwy5LpRTGVnHp1WLxi290HBoQn74fi7
B94thSgD5yB0+UgwDsagb/qk2kMhQnf+tBMXRybf6MKkAFEFnhZIN8aFnLaZKw1+
iG+7rWO9t7QU8aNSzVuzxtlrFBsw8c96xKJqypfJQy7zwMk3JaNS3JlzSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPCfhVNOlOIklR59hi8Cf32qUSIXMB8GA1UdIwQY
MBaAFJ4VM8RwLCzLWp4Oh6snrVaxXyx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhVenhIQXNMTXRhbmc2SHF5ZXRWckZmTEhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8yNjg4YjYtZGE3MC00YWJkLThmNTkt
MWE4MzFiNTk5YzE4LzEvOEotRlUwNlU0aVNWSG4yR0x3Sl9mYXBSSWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8yNjg4YjYtZGE3MC00YWJkLThmNTktMWE4MzFiNTk5YzE4
LzEvbmhVenhIQXNMTXRhbmc2SHF5ZXRWckZmTEhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLmwPAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAz/hDWpS+XcU21kcmNvt2NabHhGYCBFTdWcUzh
IosOA0NZKUc26cuKRq8i0OejF/RmB/vzgSLGrRffTnubqIlRgtcmqGzlAyWgi2V8
PU0vHa5iaLMIoYfeBP5CjBsFExgs8LFSH8UsJC8V/c4cEskzm/gX9TIc7K2cgtnW
nl+fZWI+krJS6o2BbjZM+Bqz5tBL1goICg4XojkcW4CasCnqn9kXXwjyFPslf9Dv
0MM2uZwWebSWiNc14bXBJ47mIL+lQxXBHICc7TfuUOKjNLDsNVF9rMlwEN9slyeJ
+wfIYb0wi83CuS+KNQO79NzUFYkWyRXAc4VWUX++aqVoJPrH
-----END CERTIFICATE-----