Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/RLDNEURz_Fy-suJJzE7XsxxiNFQ.roa
File:                     RLDNEURz_Fy-suJJzE7XsxxiNFQ.roa (raw, json)
Hash identifier:          GXbNGvC6Gvkj0QhxymxPl5EGc9FzloQ9A96SSP86SKo=
Subject key identifier:   44:B0:CD:11:44:73:FC:5C:BE:B2:E2:49:CC:4E:D7:B3:1C:62:34:54
Certificate issuer:       /CN=dca0441e5917f9c909f36d55ac2423e124814e2f
Certificate serial:       018CEDB795B8C5278FC9EC036D10135BE310
Authority key identifier: DC:A0:44:1E:59:17:F9:C9:09:F3:6D:55:AC:24:23:E1:24:81:4E:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3KBEHlkX-ckJ821VrCQj4SSBTi8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/RLDNEURz_Fy-suJJzE7XsxxiNFQ.roa
Signing time:             Tue 09 Jan 2024 10:14:40 +0000
ROA not before:           Tue 09 Jan 2024 10:14:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        2a12:2d40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/3KBEHlkX-ckJ821VrCQj4SSBTi8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/3KBEHlkX-ckJ821VrCQj4SSBTi8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3KBEHlkX-ckJ821VrCQj4SSBTi8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:b7:95:b8:c5:27:8f:c9:ec:03:6d:10:13:5b:e3:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dca0441e5917f9c909f36d55ac2423e124814e2f
        Validity
            Not Before: Jan  9 10:14:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44b0cd114473fc5cbeb2e249cc4ed7b31c623454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:74:bd:c1:b8:ca:40:ef:03:eb:0b:d9:2e:7e:
                    6f:5a:41:1b:6d:53:cd:7f:e4:af:92:f7:a8:fe:43:
                    f1:2d:a4:c4:f8:e0:42:75:ce:bd:8c:d3:a8:e1:77:
                    ee:4a:da:00:b6:9a:1c:34:97:9d:b1:94:85:4a:9c:
                    02:23:bf:ae:36:57:fd:51:13:f4:2f:05:b7:19:44:
                    5b:3e:fc:a1:7f:43:90:06:4a:5d:16:8e:72:1a:31:
                    83:71:ca:17:e0:e3:1b:4c:79:ea:d8:97:3f:70:9c:
                    f4:77:1e:fe:26:04:fe:16:f0:b6:fb:52:89:9e:81:
                    94:3e:1a:77:a9:84:7b:28:25:77:e5:2c:a7:c2:12:
                    9c:06:f1:36:1f:50:af:db:28:6c:e0:d2:8c:ca:96:
                    93:56:f0:f7:fa:85:25:22:00:cc:48:dc:75:b4:b2:
                    5d:b6:ee:11:c0:8c:8d:ac:32:76:dc:33:ef:99:8c:
                    bf:e1:1c:f7:cb:08:da:94:38:ee:a7:1d:9e:62:cc:
                    af:a8:0f:ad:8e:64:78:8f:b6:3d:6b:f0:02:d3:98:
                    a8:d6:48:28:3e:f7:f4:17:35:4f:15:1a:a6:66:88:
                    ad:46:79:f1:a1:48:94:5b:42:bf:2b:0f:d1:65:29:
                    72:01:e7:9d:4a:78:84:7f:2a:b6:a2:6a:b3:28:57:
                    4f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:B0:CD:11:44:73:FC:5C:BE:B2:E2:49:CC:4E:D7:B3:1C:62:34:54
            X509v3 Authority Key Identifier:
                keyid:DC:A0:44:1E:59:17:F9:C9:09:F3:6D:55:AC:24:23:E1:24:81:4E:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3KBEHlkX-ckJ821VrCQj4SSBTi8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/RLDNEURz_Fy-suJJzE7XsxxiNFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/3KBEHlkX-ckJ821VrCQj4SSBTi8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:2d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:54:86:fb:aa:45:60:1d:15:f6:9c:ce:62:83:33:b4:2a:2b:
         a2:11:11:69:0e:f0:63:a2:c7:74:9e:2f:e2:e1:fa:b9:19:a4:
         ac:0e:81:6d:ca:28:a7:86:26:1e:44:31:03:ca:b8:be:61:43:
         93:ad:33:b7:eb:2e:40:4c:d9:2e:61:07:a7:bc:86:1c:60:ab:
         1b:4d:28:ed:90:6b:f4:fe:50:e9:88:96:c9:fb:15:09:16:10:
         0c:38:6e:5f:72:fa:9a:1c:82:35:95:eb:07:03:73:11:88:8b:
         97:b9:89:ea:cc:6a:3f:75:21:6e:63:28:52:5b:44:ec:f0:10:
         c9:61:60:fb:24:17:b2:e2:1e:e9:81:de:9a:d7:f5:c6:8d:0c:
         36:9a:f7:f6:6e:2c:8f:4e:49:18:89:ed:63:b8:1c:79:a8:ef:
         c5:83:e0:c9:b3:7e:f3:d1:26:bd:f9:cf:a3:02:46:02:c8:ed:
         d3:bb:7c:fc:04:53:a8:1c:e3:37:93:76:b0:89:2b:aa:59:d1:
         a0:a3:ca:21:12:a0:5f:bd:60:7a:a7:1c:2b:61:b0:f6:cc:9f:
         98:7c:3d:fa:cc:4f:ee:33:4a:c0:9d:74:21:02:85:b7:80:33:
         aa:2e:a9:b9:ea:32:34:a1:1e:43:8f:25:49:e0:5c:9a:f3:0c:
         ad:16:c5:ae
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYztt5W4xSePyewDbRATW+MQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYTA0NDFlNTkxN2Y5YzkwOWYzNmQ1NWFjMjQyM2UxMjQ4
MTRlMmYwHhcNMjQwMTA5MTAxNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGIwY2QxMTQ0NzNmYzVjYmViMmUyNDljYzRlZDdiMzFjNjIzNDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnS9wbjKQO8D6wvZLn5vWkEbbVPN
f+Svkveo/kPxLaTE+OBCdc69jNOo4XfuStoAtpocNJedsZSFSpwCI7+uNlf9URP0
LwW3GURbPvyhf0OQBkpdFo5yGjGDccoX4OMbTHnq2Jc/cJz0dx7+JgT+FvC2+1KJ
noGUPhp3qYR7KCV35SynwhKcBvE2H1Cv2yhs4NKMypaTVvD3+oUlIgDMSNx1tLJd
tu4RwIyNrDJ23DPvmYy/4Rz3ywjalDjupx2eYsyvqA+tjmR4j7Y9a/AC05io1kgo
Pvf0FzVPFRqmZoitRnnxoUiUW0K/Kw/RZSlyAeedSniEfyq2omqzKFdPjQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFESwzRFEc/xcvrLiScxO17McYjRUMB8GA1UdIwQY
MBaAFNygRB5ZF/nJCfNtVawkI+EkgU4vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0tCRUhsa1gtY2tKODIxVnJDUWo0U1NCVGk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jMjg5NGMtYTY3ZC00YmFjLWI5N2Yt
MTM2MWU0YWE5MWRlLzEvUkxETkVVUnpfRnktc3VKSnpFN1hzeHhpTkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jMjg5NGMtYTY3ZC00YmFjLWI5N2YtMTM2MWU0YWE5MWRl
LzEvM0tCRUhsa1gtY2tKODIxVnJDUWo0U1NCVGk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhItQDAN
BgkqhkiG9w0BAQsFAAOCAQEAj1SG+6pFYB0V9pzOYoMztCorohERaQ7wY6LHdJ4v
4uH6uRmkrA6Bbcoop4YmHkQxA8q4vmFDk60zt+suQEzZLmEHp7yGHGCrG00o7ZBr
9P5Q6YiWyfsVCRYQDDhuX3L6mhyCNZXrBwNzEYiLl7mJ6sxqP3UhbmMoUltE7PAQ
yWFg+yQXsuIe6YHemtf1xo0MNpr39m4sj05JGIntY7gceajvxYPgybN+89EmvfnP
owJGAsjt07t8/ARTqBzjN5N2sIkrqlnRoKPKIRKgX71geqccK2Gw9syfmHw9+sxP
7jNKwJ10IQKFt4Azqi6pueoyNKEeQ48lSeBcmvMMrRbFrg==
-----END CERTIFICATE-----