Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/RcIKD73d5ujXW1-AkxDhayNtfVI.roa
File:                     RcIKD73d5ujXW1-AkxDhayNtfVI.roa (raw, json)
Hash identifier:          9/VGKZNbuvDtuY5QPyILGzD7v+5bfBrjF3UdfJhrKQM=
Subject key identifier:   45:C2:0A:0F:BD:DD:E6:E8:D7:5B:5F:80:93:10:E1:6B:23:6D:7D:52
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       01955C5B92AF403CCD124392342B191C3EC1
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/RcIKD73d5ujXW1-AkxDhayNtfVI.roa
Signing time:             Mon 03 Mar 2025 14:14:19 +0000
ROA not before:           Mon 03 Mar 2025 14:14:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        2a12:6b80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5c:5b:92:af:40:3c:cd:12:43:92:34:2b:19:1c:3e:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Mar  3 14:14:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45c20a0fbddde6e8d75b5f809310e16b236d7d52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f9:29:41:39:b1:3d:9e:b5:f0:64:c6:1b:bf:
                    50:dd:3c:8c:0b:63:b1:3b:7b:ee:e1:ec:c3:5e:05:
                    65:42:47:3e:96:63:3f:d4:46:6e:10:76:23:91:86:
                    88:47:f1:59:91:96:f4:7e:3c:9d:d2:56:25:c6:1c:
                    77:f1:0c:ea:0b:94:06:99:42:3e:35:21:9e:6d:b6:
                    1a:02:ec:e1:1d:7c:b0:44:15:bb:48:95:9d:d6:85:
                    42:3c:c0:74:1d:d6:a2:1a:d0:48:4a:c0:10:7a:af:
                    c7:35:e3:94:be:76:6e:2c:30:b7:48:11:28:6c:62:
                    db:ea:70:08:c0:37:f0:5e:2f:ad:36:2b:89:ab:1f:
                    54:08:cf:e6:1e:cc:03:4a:37:33:80:28:3c:ce:c8:
                    88:f2:ad:c2:ee:12:1a:2f:8e:c3:42:22:b2:a2:6b:
                    15:83:0b:7e:37:e6:32:a3:15:c7:8e:2c:da:13:6a:
                    95:62:4f:3f:1b:90:ee:84:5e:6a:d5:26:54:96:27:
                    40:2c:23:4b:77:92:ed:9c:79:5a:d0:34:7e:12:ed:
                    a4:58:58:eb:12:53:b3:05:39:22:c7:a9:bb:26:e1:
                    08:42:9b:a3:30:3f:c7:18:cc:64:10:ea:b5:05:96:
                    dc:e9:11:ab:c9:cb:dd:b3:e2:21:13:d4:19:f5:39:
                    b0:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:C2:0A:0F:BD:DD:E6:E8:D7:5B:5F:80:93:10:E1:6B:23:6D:7D:52
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/RcIKD73d5ujXW1-AkxDhayNtfVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:6b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:79:9f:21:8d:d5:0c:4c:fc:3d:b5:e9:5c:c0:57:e4:5a:5b:
         64:b2:6d:79:7e:e1:a4:59:1d:6e:c9:cf:9f:2c:6c:fd:a2:5b:
         19:21:c4:89:b5:2b:dd:b8:61:75:33:5e:8b:c5:ec:9c:93:a2:
         11:ca:9e:2e:35:6e:b1:c1:fa:40:e4:f4:a7:2a:b3:4e:f2:fb:
         32:35:0f:cb:7d:2d:2e:ec:88:e4:0b:c7:3e:5c:8e:77:d1:1d:
         ed:b8:0b:db:b1:96:7b:b0:cd:ac:e2:93:cf:97:6a:81:a8:f8:
         71:8f:92:05:02:aa:e5:0d:61:b5:c5:e9:af:2b:a2:ad:b9:ae:
         7f:de:50:5d:df:a4:89:43:de:f3:07:1f:97:bc:16:5f:27:e2:
         c1:49:2f:0b:17:fd:7d:10:64:7f:de:64:54:11:8e:48:d8:d4:
         96:fd:aa:7e:2f:e1:cb:2b:74:db:f2:9c:d8:86:99:d7:4b:4f:
         f4:5f:57:5a:20:b2:fe:96:df:a1:28:b8:79:c7:c3:21:d9:7c:
         10:28:35:45:66:71:b8:06:32:a5:c0:a8:97:28:37:6d:bf:04:
         67:f3:0f:34:8e:2a:29:38:38:25:32:3b:79:ac:d9:e9:47:b0:
         c1:81:f4:4e:8d:60:70:cf:30:c9:52:ad:c9:d1:f9:f6:ad:f4:
         27:78:e7:7f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVcW5KvQDzNEkOSNCsZHD7BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjUwMzAzMTQxNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWMyMGEwZmJkZGRlNmU4ZDc1YjVmODA5MzEwZTE2YjIzNmQ3ZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PkpQTmxPZ618GTGG79Q3TyMC2Ox
O3vu4ezDXgVlQkc+lmM/1EZuEHYjkYaIR/FZkZb0fjyd0lYlxhx38QzqC5QGmUI+
NSGebbYaAuzhHXywRBW7SJWd1oVCPMB0HdaiGtBISsAQeq/HNeOUvnZuLDC3SBEo
bGLb6nAIwDfwXi+tNiuJqx9UCM/mHswDSjczgCg8zsiI8q3C7hIaL47DQiKyomsV
gwt+N+YyoxXHjizaE2qVYk8/G5DuhF5q1SZUlidALCNLd5LtnHla0DR+Eu2kWFjr
ElOzBTkix6m7JuEIQpujMD/HGMxkEOq1BZbc6RGrycvds+IhE9QZ9TmwfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEXCCg+93ebo11tfgJMQ4WsjbX1SMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvUmNJS0Q3M2Q1dWpYVzEtQWt4RGhheU50ZlZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhJrgDAN
BgkqhkiG9w0BAQsFAAOCAQEAqXmfIY3VDEz8PbXpXMBX5FpbZLJteX7hpFkdbsnP
nyxs/aJbGSHEibUr3bhhdTNei8XsnJOiEcqeLjVuscH6QOT0pyqzTvL7MjUPy30t
LuyI5AvHPlyOd9Ed7bgL27GWe7DNrOKTz5dqgaj4cY+SBQKq5Q1htcXpryuirbmu
f95QXd+kiUPe8wcfl7wWXyfiwUkvCxf9fRBkf95kVBGOSNjUlv2qfi/hyyt02/Kc
2IaZ10tP9F9XWiCy/pbfoSi4ecfDIdl8ECg1RWZxuAYypcColyg3bb8EZ/MPNI4q
KTg4JTI7eazZ6UewwYH0To1gcM8wyVKtydH59q30J3jnfw==
-----END CERTIFICATE-----