Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/aTfrgPvNFobekBxinYi_dwqj18k.roa
File:                     aTfrgPvNFobekBxinYi_dwqj18k.roa (raw, json)
Hash identifier:          0ionb0MoohSIKgeEoW0hZTpraUZ3Mrz2VrvUpYOhFao=
Subject key identifier:   69:37:EB:80:FB:CD:16:86:DE:90:1C:62:9D:88:BF:77:0A:A3:D7:C9
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B64208DD613F5071902924D95C51E
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/aTfrgPvNFobekBxinYi_dwqj18k.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     932
IP address blocks:        2a12:a380::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:64:20:8d:d6:13:f5:07:19:02:92:4d:95:c5:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6937eb80fbcd1686de901c629d88bf770aa3d7c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:89:76:1f:af:fa:02:0d:fc:c4:04:b8:0e:54:
                    39:01:94:47:06:5d:55:fd:20:00:9f:cb:10:46:f0:
                    42:30:17:1d:aa:53:fe:13:02:46:2f:d2:b5:b9:48:
                    f2:65:c0:c6:1c:50:fb:6f:c3:2f:b8:69:89:85:1f:
                    9d:02:84:0a:cf:fc:04:10:25:e1:f4:af:50:67:17:
                    cc:bc:fe:ae:bc:dd:84:86:79:ed:a8:76:b4:3a:e9:
                    9e:c1:32:95:ae:a0:00:fa:f8:f4:07:5c:ea:7b:96:
                    49:72:c0:c3:a6:2c:b7:d8:21:18:e7:88:0c:60:91:
                    9d:96:c8:89:5a:fc:e6:b8:69:2b:74:7b:90:7b:52:
                    cb:4b:e2:d4:56:08:7f:0b:84:a7:4f:ed:1c:37:27:
                    d2:50:17:3f:f9:d9:c9:c3:87:73:88:a2:31:a1:26:
                    ee:d1:07:67:02:71:fc:b1:b1:d8:1a:32:d6:a1:50:
                    d7:d2:28:85:8f:34:32:9e:27:7d:65:ab:42:51:6c:
                    76:7c:79:28:b6:7a:c9:d7:f9:24:8a:8c:43:1f:a1:
                    c3:65:9e:4c:7a:2d:b0:9b:df:3f:26:d5:56:ad:27:
                    bc:65:d4:40:6b:82:37:08:5f:7b:57:39:61:af:67:
                    43:e4:cd:20:93:31:73:57:91:3c:97:7c:62:de:8a:
                    50:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:37:EB:80:FB:CD:16:86:DE:90:1C:62:9D:88:BF:77:0A:A3:D7:C9
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/aTfrgPvNFobekBxinYi_dwqj18k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a380::/29

    Signature Algorithm: sha256WithRSAEncryption
         ce:4b:1c:da:63:cc:d2:49:5b:85:07:90:af:76:de:e0:6f:f8:
         8e:60:4f:5f:cc:da:60:4b:cd:d4:df:48:12:fe:9b:ff:45:05:
         72:95:eb:a6:ae:db:23:c5:76:0e:c9:47:a5:5b:ba:ec:36:b2:
         df:34:e3:87:2b:05:e4:c6:23:f3:61:df:f6:16:1e:7a:1d:0d:
         a8:c6:c8:06:3f:16:bb:74:d8:93:25:ab:0f:be:d9:6f:f1:38:
         ed:15:c3:e0:13:99:ad:68:70:35:c2:01:3c:bf:b0:d5:e2:35:
         e7:1e:64:a4:ad:54:c6:b3:44:a2:a7:71:35:70:be:40:ca:bc:
         12:62:09:45:9a:a3:94:db:96:0c:20:4c:04:c5:4c:f9:41:7f:
         34:40:f1:a2:95:8a:20:52:77:ba:1e:aa:ab:7c:5b:27:3c:4a:
         80:03:86:8e:77:f4:e6:0b:1b:65:6f:bc:2e:42:b1:c4:a0:91:
         5a:8c:15:88:62:77:9f:4d:43:21:66:75:cc:7d:81:85:76:e3:
         95:fa:6c:ed:9e:73:91:fe:3d:9d:d5:77:38:03:4b:d3:4e:99:
         a8:b0:29:3b:00:33:ce:51:69:81:9d:e2:29:50:21:a1:00:20:
         73:75:b7:9c:2d:45:f9:06:25:7c:83:45:04:d2:b3:62:87:6f:
         ba:f5:6c:1b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGS2QgjdYT9QcZApJNlcUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTM3ZWI4MGZiY2QxNjg2ZGU5MDFjNjI5ZDg4YmY3NzBhYTNkN2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYl2H6/6Ag38xAS4DlQ5AZRHBl1V
/SAAn8sQRvBCMBcdqlP+EwJGL9K1uUjyZcDGHFD7b8MvuGmJhR+dAoQKz/wEECXh
9K9QZxfMvP6uvN2EhnntqHa0OumewTKVrqAA+vj0B1zqe5ZJcsDDpiy32CEY54gM
YJGdlsiJWvzmuGkrdHuQe1LLS+LUVgh/C4SnT+0cNyfSUBc/+dnJw4dziKIxoSbu
0QdnAnH8sbHYGjLWoVDX0iiFjzQynid9ZatCUWx2fHkotnrJ1/kkioxDH6HDZZ5M
ei2wm98/JtVWrSe8ZdRAa4I3CF97Vzlhr2dD5M0gkzFzV5E8l3xi3opQ5wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGk364D7zRaG3pAcYp2Iv3cKo9fJMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvYVRmcmdQdk5Gb2Jla0J4aW5ZaV9kd3FqMThrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhKjgDAN
BgkqhkiG9w0BAQsFAAOCAQEAzksc2mPM0klbhQeQr3be4G/4jmBPX8zaYEvN1N9I
Ev6b/0UFcpXrpq7bI8V2DslHpVu67Day3zTjhysF5MYj82Hf9hYeeh0NqMbIBj8W
u3TYkyWrD77Zb/E47RXD4BOZrWhwNcIBPL+w1eI15x5kpK1UxrNEoqdxNXC+QMq8
EmIJRZqjlNuWDCBMBMVM+UF/NEDxopWKIFJ3uh6qq3xbJzxKgAOGjnf05gsbZW+8
LkKxxKCRWowViGJ3n01DIWZ1zH2BhXbjlfps7Z5zkf49ndV3OANL006ZqLApOwAz
zlFpgZ3iKVAhoQAgc3W3nC1F+QYlfINFBNKzYodvuvVsGw==
-----END CERTIFICATE-----