Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/5f8Ah3YaZRG2lzZYMbK0bb8vcKQ.roa
File:                     5f8Ah3YaZRG2lzZYMbK0bb8vcKQ.roa (raw, json)
Hash identifier:          7kmCqwdghhtYLQspbwFz+UuTZuClDkJdp6/hsBRAQps=
Subject key identifier:   E5:FF:00:87:76:1A:65:11:B6:97:36:58:31:B2:B4:6D:BF:2F:70:A4
Certificate issuer:       /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial:       018CC64B2610288D470117D8604A4713349E
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/5f8Ah3YaZRG2lzZYMbK0bb8vcKQ.roa
Signing time:             Mon 01 Jan 2024 18:31:02 +0000
ROA not before:           Mon 01 Jan 2024 18:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142418
IP address blocks:        2a12:f8c1::/32 maxlen: 48
                          2a12:f8c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:26:10:28:8d:47:01:17:d8:60:4a:47:13:34:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
        Validity
            Not Before: Jan  1 18:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5ff0087761a6511b697365831b2b46dbf2f70a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c0:12:dc:44:99:61:7f:c4:03:52:b6:ee:6c:
                    d9:78:33:2d:16:29:4c:20:64:20:ef:94:f7:99:8a:
                    cf:fe:43:ea:d9:5d:1c:b4:42:81:6c:ef:3b:0a:7a:
                    97:da:20:e9:d3:9f:ca:6b:21:89:f7:60:2d:9b:ab:
                    8c:4d:5f:c9:65:0d:ac:b8:5f:81:ac:b0:c4:1a:9c:
                    57:49:cd:6a:0e:06:66:b1:5e:f7:68:cd:84:86:c8:
                    b9:30:39:88:54:a4:1a:c1:36:c9:51:0d:d0:ed:17:
                    13:60:9f:62:4f:61:24:ba:ff:36:f0:6e:79:55:e1:
                    8b:ef:16:92:60:33:de:c6:a6:14:8e:9b:bf:db:c2:
                    36:6c:e7:24:fe:39:02:5b:d8:af:8b:36:cd:3e:85:
                    98:be:ef:18:cc:b4:f2:ee:52:2b:14:98:13:d1:10:
                    9b:e0:90:46:f2:6d:4e:e0:07:fc:97:b0:39:1c:05:
                    4e:1a:5d:de:5b:35:c0:ad:00:c1:80:53:c3:e2:f7:
                    13:d7:2f:a4:60:df:6f:3d:e4:f4:11:1a:bb:29:5b:
                    7f:7f:04:bc:4e:8e:d1:19:cb:7e:4e:60:4f:53:37:
                    48:63:dc:59:b6:55:f3:05:06:29:f5:9e:d8:3c:6d:
                    f1:dc:eb:22:9c:94:b5:0e:d2:f6:3f:28:92:68:b6:
                    e8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:FF:00:87:76:1A:65:11:B6:97:36:58:31:B2:B4:6D:BF:2F:70:A4
            X509v3 Authority Key Identifier:
                keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/5f8Ah3YaZRG2lzZYMbK0bb8vcKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c0::/31

    Signature Algorithm: sha256WithRSAEncryption
         90:75:d1:b7:2e:f5:b4:74:5e:ed:62:8a:4a:36:01:f8:f3:6a:
         f7:fd:85:b5:a7:e3:44:2d:d2:57:38:d7:c3:c8:9f:ac:54:de:
         f3:04:ed:88:d1:e5:fb:58:99:4e:03:62:2b:11:2f:a0:06:82:
         f2:d3:fb:23:3b:73:fc:96:08:0f:13:d7:0a:2e:0e:6d:22:63:
         61:da:04:c9:0a:19:58:88:9e:01:86:b0:0a:0a:99:2c:5e:81:
         d5:50:ca:1e:c8:0b:df:02:93:ff:aa:ac:f9:67:d5:e4:e5:0f:
         00:50:de:60:be:c7:74:3b:64:f4:f3:b1:cb:22:dd:a8:ec:72:
         6c:3e:45:3f:f4:a3:cd:71:e5:b9:00:a4:16:70:9b:70:bc:c3:
         65:01:5f:84:2a:42:72:8f:21:a0:01:d4:67:2a:68:a6:a1:c7:
         6e:7b:74:63:95:7d:7c:35:21:1d:0c:9a:4f:f6:1c:a1:bf:18:
         d7:f6:1f:9d:2c:20:67:50:ac:89:57:31:7e:a7:8a:e5:d6:6e:
         56:c1:dc:90:5a:5e:7a:f4:78:b7:54:d2:e0:64:22:b6:cb:3a:
         21:0d:05:8d:63:95:18:b6:fe:bb:fe:92:64:1f:1a:c3:bb:b2:
         5e:80:27:e2:7d:2b:23:2b:42:9b:a6:d2:dd:c5:32:03:ab:94:
         ff:37:50:c4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSyYQKI1HARfYYEpHEzSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWZmMDA4Nzc2MWE2NTExYjY5NzM2NTgzMWIyYjQ2ZGJmMmY3MGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8AS3ESZYX/EA1K27mzZeDMtFilM
IGQg75T3mYrP/kPq2V0ctEKBbO87CnqX2iDp05/KayGJ92Atm6uMTV/JZQ2suF+B
rLDEGpxXSc1qDgZmsV73aM2Ehsi5MDmIVKQawTbJUQ3Q7RcTYJ9iT2Ekuv828G55
VeGL7xaSYDPexqYUjpu/28I2bOck/jkCW9ivizbNPoWYvu8YzLTy7lIrFJgT0RCb
4JBG8m1O4Af8l7A5HAVOGl3eWzXArQDBgFPD4vcT1y+kYN9vPeT0ERq7KVt/fwS8
To7RGct+TmBPUzdIY9xZtlXzBQYp9Z7YPG3x3OsinJS1DtL2PyiSaLbooQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOX/AId2GmURtpc2WDGytG2/L3CkMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvNWY4QWgzWWFaUkcybHpaWU1iSzBiYjh2Y0tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhL4wDAN
BgkqhkiG9w0BAQsFAAOCAQEAkHXRty71tHRe7WKKSjYB+PNq9/2FtafjRC3SVzjX
w8ifrFTe8wTtiNHl+1iZTgNiKxEvoAaC8tP7Iztz/JYIDxPXCi4ObSJjYdoEyQoZ
WIieAYawCgqZLF6B1VDKHsgL3wKT/6qs+WfV5OUPAFDeYL7HdDtk9POxyyLdqOxy
bD5FP/SjzXHluQCkFnCbcLzDZQFfhCpCco8hoAHUZypopqHHbnt0Y5V9fDUhHQya
T/Ycob8Y1/YfnSwgZ1CsiVcxfqeK5dZuVsHckFpeevR4t1TS4GQitss6IQ0FjWOV
GLb+u/6SZB8aw7uyXoAn4n0rIytCm6bS3cUyA6uU/zdQxA==
-----END CERTIFICATE-----