Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/NeeW1a3OUAE3Ua5ADXdv_S3lRQE.roa
File:                     NeeW1a3OUAE3Ua5ADXdv_S3lRQE.roa (raw, json)
Hash identifier:          33Cf2uaphAIB6YphxBLYGntEtiim3urfAS0w6mYeqhc=
Subject key identifier:   35:E7:96:D5:AD:CE:50:01:37:51:AE:40:0D:77:6F:FD:2D:E5:45:01
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       01942746FE8B8B915356AF90CFEC8A0F9DD7
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/NeeW1a3OUAE3Ua5ADXdv_S3lRQE.roa
Signing time:             Thu 02 Jan 2025 13:49:11 +0000
ROA not before:           Thu 02 Jan 2025 13:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216300
IP address blocks:        2a12:b3c0::/48 maxlen: 48
                          2a12:b3c0:2::/48 maxlen: 48
                          2a12:b3c0:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:fe:8b:8b:91:53:56:af:90:cf:ec:8a:0f:9d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Jan  2 13:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35e796d5adce50013751ae400d776ffd2de54501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:70:77:46:0f:93:b0:7f:c6:13:99:00:a8:3d:
                    55:a5:53:3e:78:8f:62:90:99:40:60:01:7c:4e:49:
                    4c:c8:b3:74:5a:0e:f2:73:46:ec:63:4a:a5:c9:cc:
                    5f:be:83:c4:3d:6d:e9:cd:9d:5b:93:74:10:04:a8:
                    80:7e:99:04:db:72:da:0a:5c:97:b6:81:c2:ec:18:
                    c3:08:80:e7:1d:f9:a5:d1:8a:e0:38:5f:3a:fc:f5:
                    b0:11:4e:44:56:02:18:ec:9d:c1:47:5a:65:12:51:
                    6b:d5:15:6b:4f:48:01:36:c4:a0:bf:dc:9b:22:9f:
                    8d:21:e4:e6:b1:14:d1:ff:59:98:92:6a:c2:8f:97:
                    bf:01:a3:dc:c6:cc:41:b8:cf:40:d7:ea:c3:31:b1:
                    83:2a:ed:11:f2:be:ac:53:fb:6e:76:73:62:9b:bc:
                    dd:10:e6:b7:a7:1c:a4:77:cb:b8:52:41:4f:eb:1d:
                    9b:04:50:61:59:4b:c4:9a:32:b3:44:33:fd:22:61:
                    d8:cc:4e:30:37:6c:d2:6b:85:71:aa:c8:41:2e:c6:
                    95:5d:bd:7a:2c:36:ab:89:54:18:ec:35:bc:72:c8:
                    b4:0b:1d:b7:e7:2e:d4:c2:43:a9:34:84:6a:fa:99:
                    f9:64:ec:a7:d3:88:a8:90:f8:21:72:fa:f5:cc:d7:
                    fe:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:E7:96:D5:AD:CE:50:01:37:51:AE:40:0D:77:6F:FD:2D:E5:45:01
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/NeeW1a3OUAE3Ua5ADXdv_S3lRQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:b3c0::/48
                  2a12:b3c0:2::/47

    Signature Algorithm: sha256WithRSAEncryption
         7e:d1:a0:ae:29:e7:f6:17:dc:72:65:35:9f:ed:86:6a:d1:eb:
         7d:c5:7e:2e:7d:27:8d:cd:86:2d:40:4f:fe:af:05:53:fe:ae:
         5e:58:c7:c7:14:a3:c1:35:5a:68:0e:fd:01:dc:52:30:fd:0e:
         b7:2b:67:3c:39:9a:a7:8f:ef:b3:3e:22:8c:07:5e:a9:66:40:
         8e:aa:56:fb:4f:19:e9:60:d1:fd:49:24:09:1d:6b:b4:41:a7:
         e0:64:8f:d0:2e:79:84:e1:d6:84:8b:34:b4:cd:aa:f2:ee:fb:
         57:1e:52:b7:13:13:b6:f1:76:cc:cc:c7:16:de:02:96:87:0c:
         20:a5:fc:e0:06:b4:09:29:53:4f:27:7e:2b:3f:01:da:2d:65:
         15:d5:1a:5d:93:35:86:29:d3:27:71:df:59:50:12:35:15:68:
         dd:01:33:9f:cb:a4:3b:03:40:e3:09:f8:06:26:e6:47:a3:b9:
         1b:dc:93:59:3b:07:29:8d:9c:1f:53:fd:c1:7f:1a:2c:b9:92:
         b1:5f:b2:55:ef:f9:5e:91:9e:00:6a:89:65:80:b2:a4:60:3e:
         ce:96:be:10:f4:47:0a:f1:8c:b9:7f:c3:76:51:b7:ef:3e:88:
         ac:5c:bd:b4:df:5c:07:94:e9:bc:f1:86:a0:f3:3b:a2:6e:b3:
         2d:02:b1:64
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQnRv6Li5FTVq+Qz+yKD53XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwMTAyMTM0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWU3OTZkNWFkY2U1MDAxMzc1MWFlNDAwZDc3NmZmZDJkZTU0NTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3B3Rg+TsH/GE5kAqD1VpVM+eI9i
kJlAYAF8TklMyLN0Wg7yc0bsY0qlycxfvoPEPW3pzZ1bk3QQBKiAfpkE23LaClyX
toHC7BjDCIDnHfml0YrgOF86/PWwEU5EVgIY7J3BR1plElFr1RVrT0gBNsSgv9yb
Ip+NIeTmsRTR/1mYkmrCj5e/AaPcxsxBuM9A1+rDMbGDKu0R8r6sU/tudnNim7zd
EOa3pxykd8u4UkFP6x2bBFBhWUvEmjKzRDP9ImHYzE4wN2zSa4VxqshBLsaVXb16
LDariVQY7DW8csi0Cx235y7UwkOpNIRq+pn5ZOyn04iokPghcvr1zNf+LwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDXnltWtzlABN1GuQA13b/0t5UUBMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvTmVlVzFhM09VQUUzVWE1QURYZHZfUzNsUlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhKzwAAA
AwcBKhKzwAACMA0GCSqGSIb3DQEBCwUAA4IBAQB+0aCuKef2F9xyZTWf7YZq0et9
xX4ufSeNzYYtQE/+rwVT/q5eWMfHFKPBNVpoDv0B3FIw/Q63K2c8OZqnj++zPiKM
B16pZkCOqlb7TxnpYNH9SSQJHWu0QafgZI/QLnmE4daEizS0zary7vtXHlK3ExO2
8XbMzMcW3gKWhwwgpfzgBrQJKVNPJ34rPwHaLWUV1RpdkzWGKdMncd9ZUBI1FWjd
ATOfy6Q7A0DjCfgGJuZHo7kb3JNZOwcpjZwfU/3BfxosuZKxX7JV7/lekZ4Aaoll
gLKkYD7Olr4Q9EcK8Yy5f8N2UbfvPoisXL2031wHlOm88Yag8zuibrMtArFk
-----END CERTIFICATE-----