Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/IPTTKvXpdy0CPqf2u2BJ6Qp9Bzg.roa
File:                     IPTTKvXpdy0CPqf2u2BJ6Qp9Bzg.roa (raw, json)
Hash identifier:          ubM2CKedk506uRA8pvLXa+sz21Ij6MHmdc3cWnuhy2w=
Subject key identifier:   20:F4:D3:2A:F5:E9:77:2D:02:3E:A7:F6:BB:60:49:E9:0A:7D:07:38
Certificate issuer:       /CN=855be74d09d9b05251dad2c9696793c04b40f241
Certificate serial:       018D48BCA71340D37F83EDE9FA5B3957C250
Authority key identifier: 85:5B:E7:4D:09:D9:B0:52:51:DA:D2:C9:69:67:93:C0:4B:40:F2:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/IPTTKvXpdy0CPqf2u2BJ6Qp9Bzg.roa
Signing time:             Sat 27 Jan 2024 02:25:39 +0000
ROA not before:           Sat 27 Jan 2024 02:25:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     945
IP address blocks:        2a12:7c7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:48:bc:a7:13:40:d3:7f:83:ed:e9:fa:5b:39:57:c2:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=855be74d09d9b05251dad2c9696793c04b40f241
        Validity
            Not Before: Jan 27 02:25:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20f4d32af5e9772d023ea7f6bb6049e90a7d0738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ff:22:ae:b6:75:52:be:d9:af:8c:a0:94:32:
                    d9:44:ca:93:a0:1b:91:ab:73:14:a7:09:92:e4:14:
                    b3:5b:1e:c3:81:4b:2c:ac:05:f0:02:6e:b8:ff:75:
                    32:01:6e:3a:d7:37:b3:e0:6d:46:51:ce:6b:5f:53:
                    eb:60:d4:a3:7a:08:dc:fd:9a:d2:62:77:e5:38:57:
                    9d:71:70:24:aa:66:59:f7:70:0b:c5:8d:89:5c:ca:
                    b4:e8:8d:10:5e:01:f8:b6:04:75:c5:bc:dd:f3:06:
                    0b:07:a0:69:6c:a3:59:9f:c2:22:f0:db:76:50:86:
                    33:be:10:0f:0a:65:81:bd:0d:77:4e:2f:f9:a2:fe:
                    43:da:5a:6e:db:6b:e6:65:c5:4a:1c:72:75:48:fe:
                    11:16:88:dc:9b:84:3c:ef:7b:af:8e:f0:dd:9d:ee:
                    22:20:96:38:5e:51:9b:df:91:a6:28:e5:00:02:22:
                    4c:7f:bf:5f:c3:be:f9:30:0f:c4:43:b6:ca:0a:3b:
                    93:45:e5:0b:c6:06:bf:4c:51:84:38:f6:5e:95:d3:
                    59:ea:15:d8:67:c0:af:78:6c:d1:4e:08:e3:98:75:
                    08:ac:71:87:b3:d0:1f:5c:e0:2d:ba:1d:4e:cf:d2:
                    1a:26:29:3a:c6:91:12:fb:87:05:11:f4:a3:30:58:
                    81:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F4:D3:2A:F5:E9:77:2D:02:3E:A7:F6:BB:60:49:E9:0A:7D:07:38
            X509v3 Authority Key Identifier:
                keyid:85:5B:E7:4D:09:D9:B0:52:51:DA:D2:C9:69:67:93:C0:4B:40:F2:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/IPTTKvXpdy0CPqf2u2BJ6Qp9Bzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:7c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         a8:9b:33:8d:5e:9d:46:98:33:ed:8a:7b:7e:13:d6:51:1d:ba:
         40:c8:99:0f:dc:c7:b0:a3:b7:55:8a:94:36:e0:48:bb:44:b6:
         d3:96:b1:63:da:93:be:97:5f:8c:71:79:ef:9d:66:64:79:30:
         ee:ae:65:96:55:68:27:b3:95:54:d4:c2:d1:d5:e8:85:25:f6:
         9f:f0:f6:1a:1d:2b:7e:47:7c:b7:8a:8a:fc:07:e1:45:0d:51:
         96:f5:28:64:bd:b6:d7:cb:de:68:78:a8:ad:ad:b5:50:42:bd:
         fe:f0:c7:d1:27:95:9d:ac:b4:7a:b8:33:81:23:49:00:bb:04:
         30:64:8b:70:46:74:b4:c0:15:fc:30:a6:6d:51:d0:0d:78:24:
         06:b3:3f:97:96:16:05:46:fa:38:44:70:92:db:fd:2c:49:d5:
         11:5b:e5:1e:f7:6e:69:fd:81:cf:42:72:01:a6:2e:ac:05:4b:
         55:d6:2b:69:8b:97:e9:0c:6e:80:4d:ef:71:be:7b:d3:bb:14:
         ba:e5:c1:39:76:cf:2a:d1:8b:25:cd:68:b5:a7:5f:06:27:fe:
         d3:4c:dd:96:9d:48:2b:5b:5a:88:67:11:0b:e4:5c:6f:c6:57:
         92:f1:bd:82:ee:a3:6e:b0:ef:f8:db:00:ca:84:7c:53:fb:04:
         1c:e5:18:4f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY1IvKcTQNN/g+3p+ls5V8JQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NWJlNzRkMDlkOWIwNTI1MWRhZDJjOTY5Njc5M2MwNGI0
MGYyNDEwHhcNMjQwMTI3MDIyNTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGY0ZDMyYWY1ZTk3NzJkMDIzZWE3ZjZiYjYwNDllOTBhN2QwNzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArv8irrZ1Ur7Zr4yglDLZRMqToBuR
q3MUpwmS5BSzWx7DgUssrAXwAm64/3UyAW461zez4G1GUc5rX1PrYNSjegjc/ZrS
YnflOFedcXAkqmZZ93ALxY2JXMq06I0QXgH4tgR1xbzd8wYLB6BpbKNZn8Ii8Nt2
UIYzvhAPCmWBvQ13Ti/5ov5D2lpu22vmZcVKHHJ1SP4RFojcm4Q873uvjvDdne4i
IJY4XlGb35GmKOUAAiJMf79fw775MA/EQ7bKCjuTReULxga/TFGEOPZeldNZ6hXY
Z8CveGzRTgjjmHUIrHGHs9AfXOAtuh1Oz9IaJik6xpES+4cFEfSjMFiBvQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCD00yr16XctAj6n9rtgSekKfQc4MB8GA1UdIwQY
MBaAFIVb500J2bBSUdrSyWlnk8BLQPJBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFZ2blRRblpzRkpSMnRMSmFXZVR3RXRBOGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC80OGQwOTItYTc2Yy00YzI4LWI4NGIt
MzlhZDgwZjU0MmEwLzEvSVBUVEt2WHBkeTBDUHFmMnUyQko2UXA5QnpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC80OGQwOTItYTc2Yy00YzI4LWI4NGItMzlhZDgwZjU0MmEw
LzEvaFZ2blRRblpzRkpSMnRMSmFXZVR3RXRBOGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhIHxzAN
BgkqhkiG9w0BAQsFAAOCAQEAqJszjV6dRpgz7Yp7fhPWUR26QMiZD9zHsKO3VYqU
NuBIu0S205axY9qTvpdfjHF5751mZHkw7q5lllVoJ7OVVNTC0dXohSX2n/D2Gh0r
fkd8t4qK/AfhRQ1RlvUoZL2218veaHiora21UEK9/vDH0SeVnay0ergzgSNJALsE
MGSLcEZ0tMAV/DCmbVHQDXgkBrM/l5YWBUb6OERwktv9LEnVEVvlHvduaf2Bz0Jy
AaYurAVLVdYraYuX6QxugE3vcb5707sUuuXBOXbPKtGLJc1otadfBif+00zdlp1I
K1taiGcRC+Rcb8ZXkvG9gu6jbrDv+NsAyoR8U/sEHOUYTw==
-----END CERTIFICATE-----