Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/F8Blo1BoR0QEdmujZT-0DhQ9xSk.roa
File:                     F8Blo1BoR0QEdmujZT-0DhQ9xSk.roa (raw, json)
Hash identifier:          INcuge+1sOoqqdwbqHomou7klQ3L7q5/f4kYx8zOqGE=
Subject key identifier:   17:C0:65:A3:50:68:47:44:04:76:6B:A3:65:3F:B4:0E:14:3D:C5:29
Certificate issuer:       /CN=12f1bb611f2b7a37800f49c6c125c5ee98b719c5
Certificate serial:       018CC2DB3A1BE11D0936A0B2C0ACC9E5733A
Authority key identifier: 12:F1:BB:61:1F:2B:7A:37:80:0F:49:C6:C1:25:C5:EE:98:B7:19:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EvG7YR8rejeAD0nGwSXF7pi3GcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/F8Blo1BoR0QEdmujZT-0DhQ9xSk.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59880
IP address blocks:        2a0f:fdc0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/EvG7YR8rejeAD0nGwSXF7pi3GcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/EvG7YR8rejeAD0nGwSXF7pi3GcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EvG7YR8rejeAD0nGwSXF7pi3GcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 01:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3a:1b:e1:1d:09:36:a0:b2:c0:ac:c9:e5:73:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12f1bb611f2b7a37800f49c6c125c5ee98b719c5
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17c065a35068474404766ba3653fb40e143dc529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9e:af:f8:3f:1a:98:98:18:2d:29:50:2a:db:
                    cd:c0:06:d2:e5:e7:6e:26:45:3b:6e:da:e9:26:bd:
                    77:d9:bd:64:11:e8:30:3b:75:97:8b:f6:ee:d4:40:
                    0d:99:69:b3:fb:1c:0e:51:d2:a8:a2:e4:77:b2:1e:
                    bd:ab:12:99:f2:c9:9c:f1:e6:6c:69:ad:12:8c:2e:
                    81:07:8d:2a:ef:14:c1:7a:95:20:08:44:54:9b:72:
                    e6:34:1f:b0:40:ff:b2:6a:64:32:77:e1:82:b2:e1:
                    76:ba:57:97:6e:6b:4a:57:45:a6:44:53:5a:af:58:
                    fd:35:be:b9:fc:7d:d4:8c:90:74:9f:e5:03:72:08:
                    ce:e1:2d:5d:1f:71:10:8c:3d:66:76:0c:61:19:eb:
                    f9:f9:66:f8:49:4d:fc:33:8b:f8:3f:e6:8b:21:c7:
                    78:b1:05:ba:ef:0b:ac:ba:90:a9:e2:68:dc:ec:7e:
                    a0:85:d8:0d:09:92:fd:8b:82:c4:c1:88:47:0f:08:
                    a5:09:8a:b5:06:ea:dc:2c:3e:11:79:11:19:c1:8c:
                    f9:21:f6:b4:de:4d:e5:a1:c3:e1:0e:f0:dc:5a:3d:
                    61:ad:08:4f:f3:63:8b:a9:57:4e:5c:db:ec:06:17:
                    ac:18:bc:2d:a6:25:0b:31:ed:7f:38:0e:90:19:a0:
                    fa:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:C0:65:A3:50:68:47:44:04:76:6B:A3:65:3F:B4:0E:14:3D:C5:29
            X509v3 Authority Key Identifier:
                keyid:12:F1:BB:61:1F:2B:7A:37:80:0F:49:C6:C1:25:C5:EE:98:B7:19:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EvG7YR8rejeAD0nGwSXF7pi3GcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/F8Blo1BoR0QEdmujZT-0DhQ9xSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fb8ca2-9fc9-4898-b048-52a368cac403/1/EvG7YR8rejeAD0nGwSXF7pi3GcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:fdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:5f:4d:42:18:8b:34:fe:db:66:41:c9:ef:b7:f0:60:81:78:
         83:4a:90:0c:36:58:c2:a3:fc:78:f6:1c:3e:e1:80:62:c6:a1:
         56:b5:7a:42:b8:5d:b2:a2:68:94:3c:92:1a:6e:27:c8:d8:0e:
         1a:5a:17:e3:40:e3:28:a4:6a:54:e9:0e:05:a0:de:c3:8b:ae:
         e8:4a:5c:82:ee:b1:30:ba:d9:a2:de:5e:2d:ca:ad:cd:8a:56:
         55:06:55:6f:1c:06:5a:c5:ce:65:69:fb:ef:cc:ab:e1:c3:17:
         0a:5a:8a:a4:d5:8b:03:01:00:2d:6a:89:12:1a:1e:2b:fe:68:
         f7:5a:86:73:ef:e0:3a:10:fe:c3:7c:42:07:bb:6e:f7:20:3c:
         d0:2b:83:bd:56:60:59:c4:29:4f:c5:4e:dd:5f:ad:74:f1:49:
         18:9f:93:f5:21:01:bc:ff:a5:01:18:0d:84:9a:5d:50:23:a6:
         8d:f5:fd:32:38:df:b3:bd:aa:3f:a9:e6:e4:00:73:4b:ce:88:
         bc:55:d4:6d:ca:d4:b0:b6:d6:ba:c6:b0:90:2b:3d:9f:52:fc:
         ab:83:c9:91:37:be:3e:6d:db:50:7e:18:6f:c8:ea:a6:cd:be:
         01:64:a1:2c:16:ba:0e:c6:5d:4b:94:9f:ef:5a:f3:9c:f3:a1:
         fa:51:88:f3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC2zob4R0JNqCywKzJ5XM6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZjFiYjYxMWYyYjdhMzc4MDBmNDljNmMxMjVjNWVlOThi
NzE5YzUwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2MwNjVhMzUwNjg0NzQ0MDQ3NjZiYTM2NTNmYjQwZTE0M2RjNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJ6v+D8amJgYLSlQKtvNwAbS5edu
JkU7btrpJr132b1kEegwO3WXi/bu1EANmWmz+xwOUdKoouR3sh69qxKZ8smc8eZs
aa0SjC6BB40q7xTBepUgCERUm3LmNB+wQP+yamQyd+GCsuF2uleXbmtKV0WmRFNa
r1j9Nb65/H3UjJB0n+UDcgjO4S1dH3EQjD1mdgxhGev5+Wb4SU38M4v4P+aLIcd4
sQW67wusupCp4mjc7H6ghdgNCZL9i4LEwYhHDwilCYq1BurcLD4ReREZwYz5Ifa0
3k3locPhDvDcWj1hrQhP82OLqVdOXNvsBhesGLwtpiULMe1/OA6QGaD6dQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBfAZaNQaEdEBHZro2U/tA4UPcUpMB8GA1UdIwQY
MBaAFBLxu2EfK3o3gA9JxsElxe6YtxnFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXZHN1lSOHJlamVBRDBuR3dTWEY3cGkzR2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9mYjhjYTItOWZjOS00ODk4LWIwNDgt
NTJhMzY4Y2FjNDAzLzEvRjhCbG8xQm9SMFFFZG11alpULTBEaFE5eFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9mYjhjYTItOWZjOS00ODk4LWIwNDgtNTJhMzY4Y2FjNDAz
LzEvRXZHN1lSOHJlamVBRDBuR3dTWEY3cGkzR2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg/9wDAN
BgkqhkiG9w0BAQsFAAOCAQEAfF9NQhiLNP7bZkHJ77fwYIF4g0qQDDZYwqP8ePYc
PuGAYsahVrV6QrhdsqJolDySGm4nyNgOGloX40DjKKRqVOkOBaDew4uu6Epcgu6x
MLrZot5eLcqtzYpWVQZVbxwGWsXOZWn778yr4cMXClqKpNWLAwEALWqJEhoeK/5o
91qGc+/gOhD+w3xCB7tu9yA80CuDvVZgWcQpT8VO3V+tdPFJGJ+T9SEBvP+lARgN
hJpdUCOmjfX9Mjjfs72qP6nm5ABzS86IvFXUbcrUsLbWusawkCs9n1L8q4PJkTe+
Pm3bUH4Yb8jqps2+AWShLBa6DsZdS5Sf71rznPOh+lGI8w==
-----END CERTIFICATE-----