Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/BH1qEokqqzS6QZQI0vKu4oCRwq0.roa
File:                     BH1qEokqqzS6QZQI0vKu4oCRwq0.roa (raw, json)
Hash identifier:          FAUeRE2dz1nIQh6oaxPr0ilW7qqs+jlIqjguVCoEOyM=
Subject key identifier:   04:7D:6A:12:89:2A:AB:34:BA:41:94:08:D2:F2:AE:E2:80:91:C2:AD
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       01941FFA29DFB9F75D9A0E545D0E20E3C00A
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/BH1qEokqqzS6QZQI0vKu4oCRwq0.roa
Signing time:             Wed 01 Jan 2025 03:47:55 +0000
ROA not before:           Wed 01 Jan 2025 03:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2a06:4c00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:29:df:b9:f7:5d:9a:0e:54:5d:0e:20:e3:c0:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Jan  1 03:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=047d6a12892aab34ba419408d2f2aee28091c2ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:89:99:98:b3:34:1d:a5:7e:fe:98:21:72:82:
                    3f:e4:80:df:0a:56:0b:df:08:b0:c2:10:d0:37:21:
                    3c:4b:f7:e9:6d:18:b3:55:d9:6f:f3:43:b1:83:5b:
                    3f:1b:c9:08:a4:da:92:50:3f:9b:30:ba:5f:1e:a1:
                    3b:4e:c8:ee:70:04:eb:77:c3:b3:92:fc:f4:cd:32:
                    d2:41:b1:18:49:95:ed:79:ff:20:8a:e8:7d:56:bd:
                    57:0f:2e:8c:95:91:6f:d2:4a:f2:d4:8b:14:9f:22:
                    b8:95:2a:e4:1d:84:1b:61:17:03:1d:20:0c:b5:20:
                    30:4d:c5:28:dd:53:8e:5f:80:da:11:5a:8a:2e:c1:
                    20:75:ea:f4:e3:2f:1f:81:c7:47:01:3f:c0:1f:62:
                    ed:b8:fa:f0:c4:60:ea:e6:7b:e6:a3:d2:02:e7:cf:
                    6d:6f:73:cd:5b:8c:70:33:64:21:51:b6:84:e2:97:
                    f5:44:1d:74:3e:40:da:b1:5f:77:ab:c4:d1:a1:3d:
                    b4:58:1a:40:90:95:d6:6d:2d:14:b0:1d:8f:e5:0d:
                    ca:6b:19:dc:02:c6:59:87:c6:1e:04:b3:a1:09:fb:
                    2d:e8:a9:23:b9:37:1f:d5:f0:b8:17:f3:64:8e:b6:
                    ad:eb:48:29:74:89:e5:3e:f9:01:fc:c7:0b:e0:53:
                    c6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:7D:6A:12:89:2A:AB:34:BA:41:94:08:D2:F2:AE:E2:80:91:C2:AD
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/BH1qEokqqzS6QZQI0vKu4oCRwq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:4c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:dd:d2:04:11:5d:cc:cd:ae:18:91:6b:0b:56:ca:c8:8d:d5:
         9e:1a:50:91:19:c8:97:15:bb:e8:9b:3a:7d:a4:a4:26:a5:2e:
         98:10:4b:e0:fd:32:ba:65:75:da:b3:66:20:6a:b5:ec:d4:16:
         79:15:54:37:38:f6:cd:f2:85:d3:5e:2a:dc:b9:c6:72:26:e8:
         2e:fb:01:f4:51:5c:5f:84:ad:43:5c:f7:26:23:91:ee:6b:3d:
         52:69:cc:cb:15:f0:3e:7a:7d:d8:a9:9b:e0:ce:64:b5:d1:29:
         af:08:85:8a:84:eb:54:ae:35:3c:56:3d:5f:f5:88:2f:3f:fb:
         93:2b:d5:f7:84:24:c5:fd:ad:f5:1e:be:55:f3:bf:c5:bb:3d:
         e4:91:a0:46:9d:c2:bc:cf:01:1f:6e:80:48:81:e4:39:62:92:
         2e:d6:61:9d:e7:7c:ac:d1:5a:34:5d:78:1d:0f:89:fd:9e:53:
         11:d0:15:98:38:e3:45:e7:6e:f2:ba:81:7e:81:55:54:14:aa:
         1b:de:92:a2:4d:4d:41:2b:5c:56:2f:42:dd:69:0a:40:e0:b6:
         16:f3:a4:25:ed:4e:8e:f6:fc:06:81:39:0b:61:3b:b5:e4:f3:
         1d:4a:38:a0:d0:fd:93:42:20:dd:5b:ca:68:4f:ff:e8:4e:d5:
         45:8a:f9:a5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQf+infufddmg5UXQ4g48AKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjUwMTAxMDM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDdkNmExMjg5MmFhYjM0YmE0MTk0MDhkMmYyYWVlMjgwOTFjMmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4mZmLM0HaV+/pghcoI/5IDfClYL
3wiwwhDQNyE8S/fpbRizVdlv80Oxg1s/G8kIpNqSUD+bMLpfHqE7TsjucATrd8Oz
kvz0zTLSQbEYSZXtef8giuh9Vr1XDy6MlZFv0kry1IsUnyK4lSrkHYQbYRcDHSAM
tSAwTcUo3VOOX4DaEVqKLsEgder04y8fgcdHAT/AH2LtuPrwxGDq5nvmo9IC589t
b3PNW4xwM2QhUbaE4pf1RB10PkDasV93q8TRoT20WBpAkJXWbS0UsB2P5Q3Kaxnc
AsZZh8YeBLOhCfst6KkjuTcf1fC4F/Nkjrat60gpdInlPvkB/McL4FPGQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAR9ahKJKqs0ukGUCNLyruKAkcKtMB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvQkgxcUVva3FxelM2UVpRSTB2S3U0b0NSd3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgZMADAN
BgkqhkiG9w0BAQsFAAOCAQEAUt3SBBFdzM2uGJFrC1bKyI3VnhpQkRnIlxW76Js6
faSkJqUumBBL4P0yumV12rNmIGq17NQWeRVUNzj2zfKF014q3LnGciboLvsB9FFc
X4StQ1z3JiOR7ms9UmnMyxXwPnp92Kmb4M5ktdEprwiFioTrVK41PFY9X/WILz/7
kyvV94Qkxf2t9R6+VfO/xbs95JGgRp3CvM8BH26ASIHkOWKSLtZhned8rNFaNF14
HQ+J/Z5TEdAVmDjjRedu8rqBfoFVVBSqG96Sok1NQStcVi9C3WkKQOC2FvOkJe1O
jvb8BoE5C2E7teTzHUo4oND9k0Ig3VvKaE//6E7VRYr5pQ==
-----END CERTIFICATE-----