Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/YJuZj8n25SVA_oefrF23FQLw_H4.roa
File:                     YJuZj8n25SVA_oefrF23FQLw_H4.roa (raw, json)
Hash identifier:          qEFZwVu6PJWciyih9keAKNMNwy8zhrioZ+uAKudkg+c=
Subject key identifier:   60:9B:99:8F:C9:F6:E5:25:40:FE:87:9F:AC:5D:B7:15:02:F0:FC:7E
Certificate issuer:       /CN=0e64f81b9e36b849917787678d014db4bfcef311
Certificate serial:       018CCEF9D4B321580AD5D2047A68DFF5424F
Authority key identifier: 0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/YJuZj8n25SVA_oefrF23FQLw_H4.roa
Signing time:             Wed 03 Jan 2024 10:58:48 +0000
ROA not before:           Wed 03 Jan 2024 10:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138330
IP address blocks:        2a12:a307:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:f9:d4:b3:21:58:0a:d5:d2:04:7a:68:df:f5:42:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e64f81b9e36b849917787678d014db4bfcef311
        Validity
            Not Before: Jan  3 10:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=609b998fc9f6e52540fe879fac5db71502f0fc7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a8:df:31:76:04:da:70:d5:6d:ab:c9:ee:a5:
                    b0:36:7b:83:5d:4f:a9:1a:4d:3e:1a:34:0b:52:bf:
                    65:03:13:07:02:68:4d:b5:d8:b7:34:e6:f3:bb:ec:
                    6c:c1:46:ef:4e:d3:11:c0:db:39:08:85:ae:30:d9:
                    51:9a:b5:b8:a0:5b:e9:81:92:ac:19:ba:73:ef:3a:
                    b6:34:d4:47:69:97:ec:f7:e8:a1:22:97:ef:99:7a:
                    32:7d:c3:57:25:10:44:b9:3d:71:0c:a1:a8:f8:68:
                    3c:f7:36:a5:58:e9:e4:1f:bf:0f:dd:0f:05:3e:ab:
                    89:95:ae:4e:88:82:30:c7:00:50:f4:80:64:3e:77:
                    c8:5f:d6:43:44:b8:80:96:be:21:f1:83:a5:51:5c:
                    9a:00:f9:2d:22:ef:22:48:7f:6f:70:75:e1:b7:ca:
                    40:e9:a3:a2:d4:f3:ba:ba:77:2b:fd:c7:bf:3c:5d:
                    ca:75:c0:ee:ff:18:d0:66:9e:83:be:81:67:fb:22:
                    e7:19:40:7d:85:23:a6:81:a2:dc:2a:00:1e:79:b8:
                    34:10:a3:3b:c3:11:eb:43:3d:eb:54:62:5b:fe:8a:
                    bc:8f:48:e1:c9:f3:04:1b:a8:5e:66:41:07:15:3a:
                    90:ee:47:aa:0d:1e:5f:d6:a2:70:7e:1a:a1:e3:67:
                    97:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9B:99:8F:C9:F6:E5:25:40:FE:87:9F:AC:5D:B7:15:02:F0:FC:7E
            X509v3 Authority Key Identifier:
                keyid:0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/YJuZj8n25SVA_oefrF23FQLw_H4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a307:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:41:8e:8b:62:dc:14:f5:57:bd:4d:50:c0:bd:d2:ab:0c:f8:
         1c:6d:e7:d2:2e:46:50:9b:95:ab:ba:06:20:de:d5:8f:85:4a:
         72:d6:37:87:0d:59:15:95:73:71:a0:96:75:2e:ee:7d:79:bd:
         18:72:68:52:f4:95:52:fe:a0:76:47:4e:47:b0:e9:d7:13:4e:
         75:19:b4:b1:4e:e2:96:88:9c:25:99:b2:2a:a7:ab:68:40:99:
         6f:3d:fa:2d:80:b8:19:a2:66:ab:fb:2c:fd:71:87:3f:9f:1f:
         91:a5:98:4f:af:9a:64:6e:8b:fe:0b:4b:8a:81:b3:44:08:96:
         75:05:5b:31:de:04:eb:ed:93:dc:7c:29:9f:d5:8a:b0:3d:4a:
         7f:59:1a:5e:3a:2a:01:09:c8:24:96:c6:95:37:0a:8c:e1:93:
         ec:c3:65:ee:4f:3a:00:23:a8:f4:c2:ec:69:3a:7b:90:23:f2:
         8f:36:a4:f2:da:e9:54:5d:5b:78:6c:5b:04:c7:ac:85:a0:6c:
         22:71:af:e9:03:b3:aa:01:76:c0:fc:79:77:f5:54:8f:21:b7:
         ef:1e:26:fc:10:5c:b0:dc:d7:88:66:37:0a:27:43:33:ab:4a:
         15:e2:38:66:32:c6:af:00:d6:08:67:a0:36:46:4b:cd:9f:3b:
         cc:18:45:93
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzO+dSzIVgK1dIEemjf9UJPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjRmODFiOWUzNmI4NDk5MTc3ODc2NzhkMDE0ZGI0YmZj
ZWYzMTEwHhcNMjQwMTAzMTA1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDliOTk4ZmM5ZjZlNTI1NDBmZTg3OWZhYzVkYjcxNTAyZjBmYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqjfMXYE2nDVbavJ7qWwNnuDXU+p
Gk0+GjQLUr9lAxMHAmhNtdi3NObzu+xswUbvTtMRwNs5CIWuMNlRmrW4oFvpgZKs
Gbpz7zq2NNRHaZfs9+ihIpfvmXoyfcNXJRBEuT1xDKGo+Gg89zalWOnkH78P3Q8F
PquJla5OiIIwxwBQ9IBkPnfIX9ZDRLiAlr4h8YOlUVyaAPktIu8iSH9vcHXht8pA
6aOi1PO6uncr/ce/PF3KdcDu/xjQZp6DvoFn+yLnGUB9hSOmgaLcKgAeebg0EKM7
wxHrQz3rVGJb/oq8j0jhyfMEG6heZkEHFTqQ7keqDR5f1qJwfhqh42eXKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGCbmY/J9uUlQP6Hn6xdtxUC8Px+MB8GA1UdIwQY
MBaAFA5k+BueNrhJkXeHZ40BTbS/zvMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTct
YzhmMTgyZTk1ZWE1LzEvWUp1Wmo4bjI1U1ZBX29lZnJGMjNGUUx3X0g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTctYzhmMTgyZTk1ZWE1
LzEvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKjBwAB
MA0GCSqGSIb3DQEBCwUAA4IBAQA+QY6LYtwU9Ve9TVDAvdKrDPgcbefSLkZQm5Wr
ugYg3tWPhUpy1jeHDVkVlXNxoJZ1Lu59eb0YcmhS9JVS/qB2R05HsOnXE051GbSx
TuKWiJwlmbIqp6toQJlvPfotgLgZomar+yz9cYc/nx+RpZhPr5pkbov+C0uKgbNE
CJZ1BVsx3gTr7ZPcfCmf1YqwPUp/WRpeOioBCcgklsaVNwqM4ZPsw2XuTzoAI6j0
wuxpOnuQI/KPNqTy2ulUXVt4bFsEx6yFoGwica/pA7OqAXbA/Hl39VSPIbfvHib8
EFyw3NeIZjcKJ0Mzq0oV4jhmMsavANYIZ6A2RkvNnzvMGEWT
-----END CERTIFICATE-----