Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/DN12qBzUGkVhRMYHW6P-wHN3H-Q.roa
File:                     DN12qBzUGkVhRMYHW6P-wHN3H-Q.roa (raw, json)
Hash identifier:          x2S5h7iauxlMwn5C36mbaOnEH7ELW/M3cT6pPWGqdXw=
Subject key identifier:   0C:DD:76:A8:1C:D4:1A:45:61:44:C6:07:5B:A3:FE:C0:73:77:1F:E4
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       0196F2F6F9E11807E86E13E1390779EEDD72
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/DN12qBzUGkVhRMYHW6P-wHN3H-Q.roa
Signing time:             Wed 21 May 2025 13:09:54 +0000
ROA not before:           Wed 21 May 2025 13:09:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139309
IP address blocks:        2a01:3e6::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:f6:f9:e1:18:07:e8:6e:13:e1:39:07:79:ee:dd:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: May 21 13:09:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cdd76a81cd41a456144c6075ba3fec073771fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3a:b9:65:1e:21:dd:09:e5:4b:a8:f4:c4:da:
                    62:67:1b:77:7b:ed:fd:1f:36:8a:4e:d0:33:5b:1c:
                    4d:7a:b6:87:53:98:a8:06:81:62:5a:2b:e0:12:eb:
                    d7:57:e4:8a:3a:ed:01:2c:f0:d4:53:dd:9e:68:7b:
                    ce:3a:34:87:0b:d4:cb:e7:cc:3a:5f:45:aa:29:0a:
                    7d:17:e9:44:fc:a5:24:c5:28:c3:7e:dc:81:ff:0b:
                    3c:ef:b8:76:81:8b:6c:66:da:f1:b7:03:bc:06:da:
                    17:00:bb:2f:1e:fe:df:c1:71:3c:57:45:aa:b4:52:
                    a1:59:65:27:71:3a:a0:22:31:84:d6:44:30:7e:82:
                    a9:87:0f:e1:49:79:47:89:12:65:c4:99:aa:d5:e0:
                    ce:1a:a0:99:ed:6d:2f:38:56:d0:20:7e:ca:3a:25:
                    8a:4e:0e:78:37:b2:f8:f1:53:93:ff:58:a1:c1:5f:
                    f1:cf:80:c2:4c:8d:32:3b:d5:90:26:43:03:bc:22:
                    2e:0c:2a:22:4a:ea:d2:ac:c5:2c:7d:d8:4f:d4:c1:
                    d4:37:fd:3f:b4:cc:91:cf:5b:5d:d3:2b:04:df:30:
                    07:22:16:71:d5:f9:a6:53:ca:a7:14:bb:10:dd:b0:
                    f2:92:c6:87:c5:04:36:8e:03:d3:bb:c4:6e:01:f3:
                    e0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DD:76:A8:1C:D4:1A:45:61:44:C6:07:5B:A3:FE:C0:73:77:1F:E4
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/DN12qBzUGkVhRMYHW6P-wHN3H-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:3e6::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:28:3b:8f:e4:97:7b:2e:84:ca:a6:d8:85:6c:9a:17:e6:9b:
         53:c5:26:19:c4:2f:5f:e4:9f:ab:3b:55:80:f5:7e:55:1c:ba:
         f3:2a:42:cf:76:23:f9:39:f2:96:03:9d:44:3c:c1:55:3c:61:
         59:31:fa:32:ea:87:eb:b0:97:32:2c:3e:96:76:01:15:b5:0c:
         91:66:31:b9:f5:ab:43:31:db:cf:e5:9a:80:65:35:fe:6d:c5:
         f2:a0:29:ad:d3:57:4c:b3:dd:ea:53:b6:81:b0:31:00:c6:97:
         2b:ac:15:60:c2:a9:41:47:a9:bf:6f:01:b9:a4:a8:43:15:9c:
         b2:6e:b7:22:2a:e9:b1:e9:f6:70:7a:b7:b2:4a:cb:bf:d1:1a:
         7f:d3:97:ef:e7:15:bd:f4:6f:64:38:d7:76:29:ca:15:f7:ba:
         44:54:1d:44:38:bd:fc:46:85:86:08:f8:91:e5:be:b8:d7:01:
         a4:54:7c:7c:2d:b6:a2:65:dd:76:f5:b2:77:a0:64:94:bb:9a:
         0e:41:ea:bb:e6:98:21:63:86:77:20:44:f8:9d:4f:cc:42:3f:
         4d:7f:24:cc:1b:24:4a:1f:8d:ae:0f:48:f9:87:35:db:89:10:
         b8:e2:a6:aa:3e:3d:d1:94:dc:d8:af:da:31:2a:9f:83:56:09:
         d8:f8:c2:bf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZby9vnhGAfobhPhOQd57t1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjUwNTIxMTMwOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RkNzZhODFjZDQxYTQ1NjE0NGM2MDc1YmEzZmVjMDczNzcxZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zq5ZR4h3QnlS6j0xNpiZxt3e+39
HzaKTtAzWxxNeraHU5ioBoFiWivgEuvXV+SKOu0BLPDUU92eaHvOOjSHC9TL58w6
X0WqKQp9F+lE/KUkxSjDftyB/ws877h2gYtsZtrxtwO8BtoXALsvHv7fwXE8V0Wq
tFKhWWUncTqgIjGE1kQwfoKphw/hSXlHiRJlxJmq1eDOGqCZ7W0vOFbQIH7KOiWK
Tg54N7L48VOT/1ihwV/xz4DCTI0yO9WQJkMDvCIuDCoiSurSrMUsfdhP1MHUN/0/
tMyRz1td0ysE3zAHIhZx1fmmU8qnFLsQ3bDyksaHxQQ2jgPTu8RuAfPgXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAzddqgc1BpFYUTGB1uj/sBzdx/kMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvRE4xMnFCelVHa1ZoUk1ZSFc2UC13SE4zSC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgED5jAN
BgkqhkiG9w0BAQsFAAOCAQEAmig7j+SXey6EyqbYhWyaF+abU8UmGcQvX+SfqztV
gPV+VRy68ypCz3Yj+TnylgOdRDzBVTxhWTH6MuqH67CXMiw+lnYBFbUMkWYxufWr
QzHbz+WagGU1/m3F8qAprdNXTLPd6lO2gbAxAMaXK6wVYMKpQUepv28BuaSoQxWc
sm63Iirpsen2cHq3skrLv9Eaf9OX7+cVvfRvZDjXdinKFfe6RFQdRDi9/EaFhgj4
keW+uNcBpFR8fC22omXddvWyd6BklLuaDkHqu+aYIWOGdyBE+J1PzEI/TX8kzBsk
Sh+Nrg9I+Yc124kQuOKmqj490ZTc2K/aMSqfg1YJ2PjCvw==
-----END CERTIFICATE-----