Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/mK6Hd1l33q60MXDCDb-v3OAM0UE.roa
File:                     mK6Hd1l33q60MXDCDb-v3OAM0UE.roa (raw, json)
Hash identifier:          BlNVjbSzLjZletHX6nfFNTrDwvaIRsmo9MnmSGytaUo=
Subject key identifier:   98:AE:87:77:59:77:DE:AE:B4:31:70:C2:0D:BF:AF:DC:E0:0C:D1:41
Certificate issuer:       /CN=0e64f81b9e36b849917787678d014db4bfcef311
Certificate serial:       01941F8C431CCDE8261F55C19960B1845FCB
Authority key identifier: 0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/mK6Hd1l33q60MXDCDb-v3OAM0UE.roa
Signing time:             Wed 01 Jan 2025 01:47:53 +0000
ROA not before:           Wed 01 Jan 2025 01:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134666
IP address blocks:        2a12:a307:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:43:1c:cd:e8:26:1f:55:c1:99:60:b1:84:5f:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e64f81b9e36b849917787678d014db4bfcef311
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98ae87775977deaeb43170c20dbfafdce00cd141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ca:be:b7:c2:3f:ef:d3:c1:6c:1c:75:41:16:
                    1b:fb:40:11:95:51:a8:fb:82:0e:f9:24:57:35:7c:
                    05:08:4d:73:1a:d5:64:08:44:78:0a:90:8e:0c:35:
                    83:ad:01:1b:41:23:fa:b8:c7:d9:b4:dc:ec:73:b7:
                    49:20:31:87:e7:2f:45:d0:dc:94:52:2d:af:da:b5:
                    69:83:ac:e0:79:8b:cf:b7:42:7d:df:42:94:2d:b6:
                    c9:2f:47:e1:95:bd:87:23:54:db:e5:12:bc:5d:9c:
                    d9:e2:3f:57:0f:fc:b4:00:0e:e9:44:5d:cb:4c:33:
                    7d:8c:b2:42:97:77:e2:94:32:6f:b3:78:95:5a:a6:
                    25:b7:e7:05:1e:0f:a9:de:79:7e:c6:54:eb:2c:48:
                    88:89:fc:b3:1b:40:06:39:4e:e5:b1:99:72:a4:15:
                    73:c5:93:8a:e5:aa:e1:33:19:96:d6:c8:8b:97:de:
                    ba:68:96:e9:c9:39:a0:56:dc:da:28:fb:5c:1a:eb:
                    1c:d8:ad:a6:02:ba:50:5f:5f:29:cb:1d:42:e3:c5:
                    51:c2:5b:c4:e4:b7:0c:c9:c5:a1:4a:ab:6f:ab:9a:
                    50:37:ac:78:6d:06:4b:9d:70:89:ec:56:57:05:22:
                    f3:96:3c:fe:c1:8e:64:d0:0b:47:40:d3:5e:55:0b:
                    84:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:AE:87:77:59:77:DE:AE:B4:31:70:C2:0D:BF:AF:DC:E0:0C:D1:41
            X509v3 Authority Key Identifier:
                keyid:0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/mK6Hd1l33q60MXDCDb-v3OAM0UE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a307:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:72:0f:60:d6:b2:be:5c:61:f8:bd:e8:8d:f1:3e:6a:82:2d:
         49:17:88:eb:73:61:4f:4a:34:9b:e9:79:dd:90:16:f4:6a:23:
         52:6a:07:6e:54:8f:b7:03:ff:ab:63:d1:f7:96:de:4c:82:6d:
         d8:08:38:75:62:9c:00:63:ea:04:d8:71:bd:b8:05:46:e8:96:
         44:cc:49:cf:62:92:2b:4f:fb:81:b7:b8:cf:da:c4:8e:df:d7:
         c1:6d:c1:77:47:87:43:02:d7:96:ea:31:d7:9b:fe:09:11:f9:
         3a:12:5b:34:5f:d0:2f:f0:88:9b:f9:92:a6:88:2e:18:38:8e:
         2c:8a:36:c0:f9:e0:17:3b:e8:4b:d5:69:ca:f1:71:23:2d:0c:
         e6:66:56:96:92:24:aa:c1:ea:bd:94:87:3c:4a:82:fc:56:47:
         59:d9:25:a4:b4:43:66:2c:f3:df:f5:e8:d3:24:50:5a:8d:17:
         1f:71:46:43:5d:7c:cc:99:3f:a8:4c:23:9b:01:57:cb:d7:00:
         5c:ce:91:20:ef:d5:11:d4:1e:d8:39:a7:e5:55:6f:c3:6f:07:
         22:71:89:a5:a0:8d:2a:11:f2:f1:7b:16:7c:04:f2:85:99:e3:
         92:6c:be:80:ed:34:ad:90:3b:98:ab:7e:08:e4:ab:04:c8:e0:
         b7:ac:ae:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjEMczegmH1XBmWCxhF/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjRmODFiOWUzNmI4NDk5MTc3ODc2NzhkMDE0ZGI0YmZj
ZWYzMTEwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGFlODc3NzU5NzdkZWFlYjQzMTcwYzIwZGJmYWZkY2UwMGNkMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosq+t8I/79PBbBx1QRYb+0ARlVGo
+4IO+SRXNXwFCE1zGtVkCER4CpCODDWDrQEbQSP6uMfZtNzsc7dJIDGH5y9F0NyU
Ui2v2rVpg6zgeYvPt0J930KULbbJL0fhlb2HI1Tb5RK8XZzZ4j9XD/y0AA7pRF3L
TDN9jLJCl3filDJvs3iVWqYlt+cFHg+p3nl+xlTrLEiIifyzG0AGOU7lsZlypBVz
xZOK5arhMxmW1siLl966aJbpyTmgVtzaKPtcGusc2K2mArpQX18pyx1C48VRwlvE
5LcMycWhSqtvq5pQN6x4bQZLnXCJ7FZXBSLzljz+wY5k0AtHQNNeVQuE+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJiuh3dZd96utDFwwg2/r9zgDNFBMB8GA1UdIwQY
MBaAFA5k+BueNrhJkXeHZ40BTbS/zvMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTct
YzhmMTgyZTk1ZWE1LzEvbUs2SGQxbDMzcTYwTVhEQ0RiLXYzT0FNMFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTctYzhmMTgyZTk1ZWE1
LzEvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKjBwAC
MA0GCSqGSIb3DQEBCwUAA4IBAQAYcg9g1rK+XGH4veiN8T5qgi1JF4jrc2FPSjSb
6XndkBb0aiNSagduVI+3A/+rY9H3lt5Mgm3YCDh1YpwAY+oE2HG9uAVG6JZEzEnP
YpIrT/uBt7jP2sSO39fBbcF3R4dDAteW6jHXm/4JEfk6Els0X9Av8Iib+ZKmiC4Y
OI4sijbA+eAXO+hL1WnK8XEjLQzmZlaWkiSqweq9lIc8SoL8VkdZ2SWktENmLPPf
9ejTJFBajRcfcUZDXXzMmT+oTCObAVfL1wBczpEg79UR1B7YOaflVW/DbwcicYml
oI0qEfLxexZ8BPKFmeOSbL6A7TStkDuYq34I5KsEyOC3rK6W
-----END CERTIFICATE-----