Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/Y_F7RQuib-AaKvhgpHDw7H2Qa4U.roa
File:                     Y_F7RQuib-AaKvhgpHDw7H2Qa4U.roa (raw, json)
Hash identifier:          HYZ5qU3yxafiYJcwv2lt8lf8DnsNjGLvYMKyaAQ0dG8=
Subject key identifier:   63:F1:7B:45:0B:A2:6F:E0:1A:2A:F8:60:A4:70:F0:EC:7D:90:6B:85
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       0191052A018820925208B26F17E81D70E1FA
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/Y_F7RQuib-AaKvhgpHDw7H2Qa4U.roa
Signing time:             Tue 30 Jul 2024 19:42:04 +0000
ROA not before:           Tue 30 Jul 2024 19:42:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214477
IP address blocks:        2a12:6f40::/29 maxlen: 29
                          2a12:7740::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:05:2a:01:88:20:92:52:08:b2:6f:17:e8:1d:70:e1:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Jul 30 19:42:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63f17b450ba26fe01a2af860a470f0ec7d906b85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:65:5d:d6:f5:54:3e:f1:6b:28:2c:d7:f3:a6:
                    b2:04:9c:0c:af:a6:2c:c3:52:53:69:6b:15:19:02:
                    be:e1:23:84:44:2c:5a:96:3a:f4:3a:80:1b:fc:10:
                    d3:f4:f4:ce:48:68:63:dd:c1:14:8d:79:57:11:2f:
                    7f:9f:6e:ec:c2:cc:fa:af:5b:5f:40:f5:d0:8f:28:
                    80:9e:fb:d0:b9:26:65:6a:b9:18:8f:72:90:54:f3:
                    91:a8:38:02:88:f1:3a:e1:93:37:e2:df:db:e0:8b:
                    13:c0:36:e1:28:46:02:11:72:42:60:be:51:aa:84:
                    40:0b:64:15:c0:ee:a8:46:39:d6:94:9b:f4:5f:c1:
                    26:1c:38:f1:af:b5:7e:ec:bb:c7:29:aa:7c:6d:d4:
                    bf:f8:4b:db:48:18:82:b0:c3:4a:94:56:86:b3:90:
                    1e:04:81:64:cb:df:76:5e:4d:9d:3a:87:c4:08:49:
                    e9:ee:b2:98:ef:60:06:7e:e2:d4:84:a1:5e:ff:a4:
                    89:bd:68:73:51:63:0b:58:b6:37:e1:54:cb:f3:28:
                    eb:b3:c9:4b:80:e8:da:b6:85:7b:ff:96:50:a6:87:
                    46:b1:94:7d:7f:b9:bb:b7:1f:00:64:93:65:9c:9a:
                    7c:8d:91:6d:b0:2c:75:ba:18:02:7f:a9:20:29:ce:
                    45:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F1:7B:45:0B:A2:6F:E0:1A:2A:F8:60:A4:70:F0:EC:7D:90:6B:85
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/Y_F7RQuib-AaKvhgpHDw7H2Qa4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:6f40::/29
                  2a12:7740::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:2d:7c:0e:8d:b5:1e:ea:4c:47:9a:aa:41:82:02:34:37:4b:
         4b:f9:5f:30:9e:e7:bd:53:87:79:85:4d:04:1e:5d:7c:33:be:
         cf:bc:45:39:3c:9a:7c:4b:62:9e:8e:f3:f8:fb:88:bd:46:b1:
         8b:83:0e:42:93:50:3c:48:a4:05:6e:e9:00:ea:2f:57:26:3e:
         08:ab:83:30:fe:00:f2:0f:75:71:1b:fc:ab:18:67:27:3b:b5:
         78:6f:03:a9:b4:5b:75:32:d7:52:e5:d9:9a:bd:b1:d2:6d:e7:
         77:76:97:df:69:d8:f1:23:57:12:68:0a:01:ea:95:03:f9:56:
         fa:f6:b0:c7:40:2e:f3:e4:31:3b:7d:68:1c:be:1b:70:86:c8:
         ba:29:41:e4:0a:1d:57:55:bf:5a:33:d4:79:c4:b1:29:85:88:
         cf:09:52:48:e4:6c:ac:d5:dc:92:66:a6:69:e2:6c:1f:4c:33:
         b6:ae:0e:9f:aa:cb:36:10:e1:b3:b8:34:e9:5a:6c:39:6c:62:
         2f:dc:f9:0a:46:49:ff:7c:62:65:9a:42:6b:77:cc:19:75:d2:
         6a:3c:ed:70:1b:c9:b3:ff:e5:5d:0c:6d:5f:ab:03:46:01:b3:
         18:53:95:0e:fd:55:a3:6a:06:29:ad:75:0f:0f:c4:92:d8:a6:
         e3:fb:7f:32
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZEFKgGIIJJSCLJvF+gdcOH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQwNzMwMTk0MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2YxN2I0NTBiYTI2ZmUwMWEyYWY4NjBhNDcwZjBlYzdkOTA2Yjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmVd1vVUPvFrKCzX86ayBJwMr6Ys
w1JTaWsVGQK+4SOERCxaljr0OoAb/BDT9PTOSGhj3cEUjXlXES9/n27swsz6r1tf
QPXQjyiAnvvQuSZlarkYj3KQVPORqDgCiPE64ZM34t/b4IsTwDbhKEYCEXJCYL5R
qoRAC2QVwO6oRjnWlJv0X8EmHDjxr7V+7LvHKap8bdS/+EvbSBiCsMNKlFaGs5Ae
BIFky992Xk2dOofECEnp7rKY72AGfuLUhKFe/6SJvWhzUWMLWLY34VTL8yjrs8lL
gOjatoV7/5ZQpodGsZR9f7m7tx8AZJNlnJp8jZFtsCx1uhgCf6kgKc5FtQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGPxe0ULom/gGir4YKRw8Ox9kGuFMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvWV9GN1JRdWliLUFhS3ZoZ3BIRHc3SDJRYTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhJvQAMF
AyoSd0AwDQYJKoZIhvcNAQELBQADggEBAI4tfA6NtR7qTEeaqkGCAjQ3S0v5XzCe
571Th3mFTQQeXXwzvs+8RTk8mnxLYp6O8/j7iL1GsYuDDkKTUDxIpAVu6QDqL1cm
PgirgzD+APIPdXEb/KsYZyc7tXhvA6m0W3Uy11Ll2Zq9sdJt53d2l99p2PEjVxJo
CgHqlQP5Vvr2sMdALvPkMTt9aBy+G3CGyLopQeQKHVdVv1oz1HnEsSmFiM8JUkjk
bKzV3JJmpmnibB9MM7auDp+qyzYQ4bO4NOlabDlsYi/c+QpGSf98YmWaQmt3zBl1
0mo87XAbybP/5V0MbV+rA0YBsxhTlQ79VaNqBimtdQ8PxJLYpuP7fzI=
-----END CERTIFICATE-----