Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/UbKsxrteJtroI_6cIyZbYo9WHek.roa
File:                     UbKsxrteJtroI_6cIyZbYo9WHek.roa (raw, json)
Hash identifier:          FQOK4kVQpf1kRsqBnmLN4RxWfh8M7SksMf+esxnCofg=
Subject key identifier:   51:B2:AC:C6:BB:5E:26:DA:E8:23:FE:9C:23:26:5B:62:8F:56:1D:E9
Certificate issuer:       /CN=0e64f81b9e36b849917787678d014db4bfcef311
Certificate serial:       018CCEFABE7E9BA4D154D2398DC446049764
Authority key identifier: 0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/UbKsxrteJtroI_6cIyZbYo9WHek.roa
Signing time:             Wed 03 Jan 2024 10:59:48 +0000
ROA not before:           Wed 03 Jan 2024 10:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23748
IP address blocks:        2a12:a300::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:fa:be:7e:9b:a4:d1:54:d2:39:8d:c4:46:04:97:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e64f81b9e36b849917787678d014db4bfcef311
        Validity
            Not Before: Jan  3 10:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51b2acc6bb5e26dae823fe9c23265b628f561de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:2f:9b:ab:89:67:43:7c:3f:4d:39:61:60:5c:
                    07:ea:bb:c9:3e:1f:48:17:d3:a6:ea:fd:49:4f:54:
                    b9:e9:e5:e7:8c:78:c2:34:79:ad:15:56:fc:dc:b6:
                    9c:26:bd:29:6e:a3:b1:2c:ec:a5:ac:9c:9e:1d:dc:
                    00:20:79:e5:bf:b8:3e:e0:48:d6:5f:aa:ea:2a:4f:
                    87:f0:d6:d4:eb:2e:ca:e3:60:0b:57:b0:34:34:1e:
                    a7:9e:61:44:0a:61:93:ed:89:d4:38:44:b8:ec:a5:
                    26:dc:58:9b:05:1c:78:c8:77:25:3a:0e:6c:df:1e:
                    fc:42:1b:e5:d9:7c:26:a5:9e:10:01:da:c9:51:ca:
                    67:c4:8f:e3:3f:85:b8:7a:fc:b9:ae:65:1a:40:77:
                    dc:18:fb:7d:12:ae:81:c9:db:66:ae:58:55:7e:8c:
                    2a:78:44:f3:fc:ad:06:d3:58:64:82:93:d7:73:d7:
                    26:3e:d6:dc:97:49:8a:f1:7c:fc:bb:aa:cb:d1:30:
                    44:e5:81:5a:ab:5c:fe:89:da:ae:b0:f1:40:82:1a:
                    86:83:9f:0f:1a:03:1e:fe:18:29:c5:f0:2d:31:af:
                    af:7d:25:ef:ab:e9:49:db:91:f6:34:78:18:89:ea:
                    d8:fb:f3:11:f0:b3:59:92:36:f2:4b:f2:b8:b4:d9:
                    2a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B2:AC:C6:BB:5E:26:DA:E8:23:FE:9C:23:26:5B:62:8F:56:1D:E9
            X509v3 Authority Key Identifier:
                keyid:0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/UbKsxrteJtroI_6cIyZbYo9WHek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a300::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:16:d8:59:1f:9c:28:6d:21:83:00:d8:0e:93:27:f9:78:42:
         1f:bd:f1:d6:e4:7f:c9:9c:68:b6:28:00:74:e7:10:5c:e3:9b:
         b8:c9:34:c8:c5:8f:19:30:03:a5:96:fe:9d:4c:0a:a3:84:45:
         87:73:d9:cf:2e:dc:f6:6c:9b:30:17:a5:b8:a2:6c:9f:72:ee:
         50:39:ac:82:06:1d:66:87:1a:70:49:11:3a:bb:8c:d0:84:19:
         1a:f7:d3:2b:35:cd:ce:66:79:44:82:2b:e8:b6:07:35:0d:3e:
         75:24:97:28:3f:a5:1f:5b:27:5a:38:cf:5e:4b:66:04:33:12:
         01:f2:03:91:6b:14:68:ac:f0:bf:9c:9d:46:9c:c8:55:57:cf:
         53:67:dc:ec:15:b8:df:b0:6f:52:45:e2:5b:ae:f6:a1:66:74:
         12:82:d3:23:ab:09:6f:53:3d:2c:09:f4:08:3a:d3:fa:95:bd:
         a2:c2:b0:75:2c:86:63:8b:9c:b6:23:05:e8:ba:dc:1d:71:73:
         8a:61:2e:b5:97:85:46:72:ba:34:ed:e6:3f:45:a8:7d:a2:3e:
         d0:ec:2b:d3:5a:63:f3:ff:e1:9d:74:7b:d6:1b:0e:da:85:46:
         88:5d:47:0e:90:e2:62:ae:60:98:14:98:86:92:06:f9:14:ae:
         43:cc:33:ad
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzO+r5+m6TRVNI5jcRGBJdkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjRmODFiOWUzNmI4NDk5MTc3ODc2NzhkMDE0ZGI0YmZj
ZWYzMTEwHhcNMjQwMTAzMTA1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWIyYWNjNmJiNWUyNmRhZTgyM2ZlOWMyMzI2NWI2MjhmNTYxZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhS+bq4lnQ3w/TTlhYFwH6rvJPh9I
F9Om6v1JT1S56eXnjHjCNHmtFVb83LacJr0pbqOxLOylrJyeHdwAIHnlv7g+4EjW
X6rqKk+H8NbU6y7K42ALV7A0NB6nnmFECmGT7YnUOES47KUm3FibBRx4yHclOg5s
3x78Qhvl2XwmpZ4QAdrJUcpnxI/jP4W4evy5rmUaQHfcGPt9Eq6BydtmrlhVfowq
eETz/K0G01hkgpPXc9cmPtbcl0mK8Xz8u6rL0TBE5YFaq1z+idqusPFAghqGg58P
GgMe/hgpxfAtMa+vfSXvq+lJ25H2NHgYierY+/MR8LNZkjbyS/K4tNkqYQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFGyrMa7Xiba6CP+nCMmW2KPVh3pMB8GA1UdIwQY
MBaAFA5k+BueNrhJkXeHZ40BTbS/zvMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTct
YzhmMTgyZTk1ZWE1LzEvVWJLc3hydGVKdHJvSV82Y0l5WmJZbzlXSGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTctYzhmMTgyZTk1ZWE1
LzEvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhKjADAN
BgkqhkiG9w0BAQsFAAOCAQEAhRbYWR+cKG0hgwDYDpMn+XhCH73x1uR/yZxotigA
dOcQXOObuMk0yMWPGTADpZb+nUwKo4RFh3PZzy7c9mybMBeluKJsn3LuUDmsggYd
ZocacEkROruM0IQZGvfTKzXNzmZ5RIIr6LYHNQ0+dSSXKD+lH1snWjjPXktmBDMS
AfIDkWsUaKzwv5ydRpzIVVfPU2fc7BW437BvUkXiW672oWZ0EoLTI6sJb1M9LAn0
CDrT+pW9osKwdSyGY4uctiMF6LrcHXFzimEutZeFRnK6NO3mP0WofaI+0Owr01pj
8//hnXR71hsO2oVGiF1HDpDiYq5gmBSYhpIG+RSuQ8wzrQ==
-----END CERTIFICATE-----