Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/FOKoh0IQ4s8V9jUM8fkJZR5fGEM.roa
File:                     FOKoh0IQ4s8V9jUM8fkJZR5fGEM.roa (raw, json)
Hash identifier:          UMD1Krq+vANtJKJ2lsU92uVWqISyZHvA1+yiToPspCw=
Subject key identifier:   14:E2:A8:87:42:10:E2:CF:15:F6:35:0C:F1:F9:09:65:1E:5F:18:43
Certificate issuer:       /CN=e7c07db9880133c5cdce005bca111b552cd14c53
Certificate serial:       018CCA2A72135A095717F5624C3F1797D8E6
Authority key identifier: E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/FOKoh0IQ4s8V9jUM8fkJZR5fGEM.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205154
IP address blocks:        2a12:efc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:72:13:5a:09:57:17:f5:62:4c:3f:17:97:d8:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7c07db9880133c5cdce005bca111b552cd14c53
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14e2a8874210e2cf15f6350cf1f909651e5f1843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5b:96:41:4a:05:a7:7e:8b:4b:97:5f:3b:b3:
                    b5:32:38:48:61:a7:54:3c:52:eb:f0:ac:6f:c3:a2:
                    58:27:d5:d0:8e:6b:52:f8:c6:69:4f:76:ed:4d:97:
                    f0:8d:8c:a0:00:d7:fd:8a:b3:b7:65:b7:96:5c:62:
                    bb:74:e8:48:5a:d0:bd:78:4f:91:41:ba:82:eb:55:
                    f2:de:6c:1c:2b:a7:f4:a1:e1:f7:69:cb:71:84:8e:
                    43:d4:9a:9b:4d:6d:f4:4d:46:24:73:05:ea:52:33:
                    dd:16:47:35:c1:06:d2:a6:eb:ec:22:b3:56:da:87:
                    fe:cb:a0:37:59:d3:25:af:16:de:aa:dd:cf:65:b2:
                    6d:7c:e0:e5:b3:82:38:da:9e:1a:20:d0:18:d4:ad:
                    9c:02:c7:22:79:fd:34:24:4c:fd:c9:d3:10:d6:20:
                    25:83:fa:af:62:57:28:3c:0d:5a:ea:39:d0:bb:8c:
                    08:71:76:ae:5a:ee:3e:ce:82:8e:bc:9a:bc:95:27:
                    9d:a8:79:52:64:1e:d4:6a:dd:02:7e:3c:90:29:e1:
                    e1:c2:bb:c4:62:9d:aa:fd:65:9a:94:e6:1f:e4:4f:
                    f0:d8:5e:cf:80:05:a4:94:19:1a:3e:b9:78:37:05:
                    ee:e9:45:46:53:01:36:1c:b1:96:08:f7:a5:c5:75:
                    ab:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E2:A8:87:42:10:E2:CF:15:F6:35:0C:F1:F9:09:65:1E:5F:18:43
            X509v3 Authority Key Identifier:
                keyid:E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/FOKoh0IQ4s8V9jUM8fkJZR5fGEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:efc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         e0:5b:21:b9:b2:00:98:78:e4:c3:ba:3c:2b:c5:be:e8:2d:35:
         00:f7:26:27:f1:54:a3:58:6a:6c:8d:a4:7b:a7:27:8e:93:88:
         ea:31:ad:ca:c9:ad:3f:67:f0:64:35:ec:e1:e7:0a:b0:2b:91:
         d7:2a:ac:b0:12:7c:8c:db:03:37:67:3c:a6:b5:ea:4f:1f:a9:
         d3:86:70:f8:55:21:8d:a0:8f:2b:27:d3:0b:c3:66:b9:ff:3f:
         a0:a7:d8:ae:a4:f1:23:6f:ec:44:64:7b:1f:57:8f:e6:30:01:
         59:e1:03:ec:f4:3b:95:33:15:a1:d5:16:c4:bd:bd:e9:87:88:
         b9:86:df:c9:3a:71:63:1c:8a:63:95:c0:ce:31:d5:94:c4:5b:
         66:71:5c:0b:e6:d5:ca:19:66:cd:a5:5f:02:ac:be:2e:39:3d:
         1f:c1:35:68:c6:6a:e9:8f:26:87:27:98:a4:af:2d:6f:6a:cc:
         13:1e:65:42:d7:86:01:a3:ec:79:82:b7:2b:61:44:10:3b:ab:
         01:eb:79:6f:a9:2d:e9:d0:cb:e0:c6:31:d9:5e:db:7f:ee:4e:
         af:16:17:1d:59:64:d6:57:6d:a1:89:7f:01:5e:01:2a:88:19:
         9f:5a:f3:31:2e:a1:9f:92:b6:77:33:9d:99:4e:85:2c:a4:a2:
         5d:74:f3:df
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKnITWglXF/ViTD8Xl9jmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3YzA3ZGI5ODgwMTMzYzVjZGNlMDA1YmNhMTExYjU1MmNk
MTRjNTMwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGUyYTg4NzQyMTBlMmNmMTVmNjM1MGNmMWY5MDk2NTFlNWYxODQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVuWQUoFp36LS5dfO7O1MjhIYadU
PFLr8Kxvw6JYJ9XQjmtS+MZpT3btTZfwjYygANf9irO3ZbeWXGK7dOhIWtC9eE+R
QbqC61Xy3mwcK6f0oeH3actxhI5D1JqbTW30TUYkcwXqUjPdFkc1wQbSpuvsIrNW
2of+y6A3WdMlrxbeqt3PZbJtfODls4I42p4aINAY1K2cAscief00JEz9ydMQ1iAl
g/qvYlcoPA1a6jnQu4wIcXauWu4+zoKOvJq8lSedqHlSZB7Uat0CfjyQKeHhwrvE
Yp2q/WWalOYf5E/w2F7PgAWklBkaPrl4NwXu6UVGUwE2HLGWCPelxXWr7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBTiqIdCEOLPFfY1DPH5CWUeXxhDMB8GA1UdIwQY
MBaAFOfAfbmIATPFzc4AW8oRG1Us0UxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMt
MGFhNDYzY2RmY2EwLzEvRk9Lb2gwSVE0czhWOWpVTThma0paUjVmR0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMtMGFhNDYzY2RmY2Ew
LzEvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLvwDAN
BgkqhkiG9w0BAQsFAAOCAQEA4FshubIAmHjkw7o8K8W+6C01APcmJ/FUo1hqbI2k
e6cnjpOI6jGtysmtP2fwZDXs4ecKsCuR1yqssBJ8jNsDN2c8prXqTx+p04Zw+FUh
jaCPKyfTC8Nmuf8/oKfYrqTxI2/sRGR7H1eP5jABWeED7PQ7lTMVodUWxL296YeI
uYbfyTpxYxyKY5XAzjHVlMRbZnFcC+bVyhlmzaVfAqy+Ljk9H8E1aMZq6Y8mhyeY
pK8tb2rMEx5lQteGAaPseYK3K2FEEDurAet5b6kt6dDL4MYx2V7bf+5OrxYXHVlk
1ldtoYl/AV4BKogZn1rzMS6hn5K2dzOdmU6FLKSiXXTz3w==
-----END CERTIFICATE-----