Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/APh_GuNjzFN8tBTB1c6o2VXI4JY.roa
File:                     APh_GuNjzFN8tBTB1c6o2VXI4JY.roa (raw, json)
Hash identifier:          C0mlhAJtXFYCa5DSE5Gpe8A0OYfKKvZr/CPzqYf22DQ=
Subject key identifier:   00:F8:7F:1A:E3:63:CC:53:7C:B4:14:C1:D5:CE:A8:D9:55:C8:E0:96
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       018EF624BAAFB062294E4A0A3BFA8F5B07BF
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/APh_GuNjzFN8tBTB1c6o2VXI4JY.roa
Signing time:             Fri 19 Apr 2024 11:36:25 +0000
ROA not before:           Fri 19 Apr 2024 11:36:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57487
IP address blocks:        2a12:cc07::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:24:ba:af:b0:62:29:4e:4a:0a:3b:fa:8f:5b:07:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: Apr 19 11:36:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00f87f1ae363cc537cb414c1d5cea8d955c8e096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:cb:97:2d:55:cf:ea:6b:92:23:95:ff:bc:be:
                    6e:4b:ec:eb:ff:78:7f:12:1e:42:37:fb:93:54:02:
                    d8:14:b8:68:b5:80:e6:35:79:b0:ba:77:47:09:d3:
                    1b:2a:03:00:90:19:48:8c:77:91:6f:92:4b:db:22:
                    e2:4f:91:8c:c7:e4:5d:35:1c:94:d5:0d:bc:f2:86:
                    7d:f6:24:2e:db:f7:4c:ae:5d:5c:20:15:76:d6:1b:
                    60:f6:de:c0:f7:52:87:53:c5:7a:f2:a0:70:32:74:
                    3c:c1:65:cb:06:f5:bb:62:cb:d3:5d:9a:07:d7:e2:
                    67:94:77:7e:10:15:10:5a:81:70:d4:4e:9a:a9:4b:
                    e7:90:37:e5:8f:ae:17:5f:9f:09:03:6e:7b:9f:4a:
                    56:de:db:59:28:30:0f:e9:47:ba:51:5e:04:06:49:
                    7f:7e:38:c4:84:3c:03:2b:2e:6e:38:0f:6b:95:7c:
                    b8:ac:6f:01:5d:f1:6d:78:47:04:66:0b:38:26:f3:
                    00:0e:6f:05:80:78:8a:08:28:bf:33:27:fc:32:05:
                    43:ea:16:f7:78:1b:9b:f5:b8:15:d6:d8:38:61:34:
                    e8:3e:8d:e6:36:4b:e2:a0:e1:b3:a9:7e:e8:04:dc:
                    0b:e8:56:be:35:54:9a:60:ea:7a:87:71:64:ea:b8:
                    54:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F8:7F:1A:E3:63:CC:53:7C:B4:14:C1:D5:CE:A8:D9:55:C8:E0:96
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/APh_GuNjzFN8tBTB1c6o2VXI4JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cc07::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:41:2a:54:36:ea:62:58:93:ab:92:c7:0b:60:be:57:8c:bb:
         33:e7:25:ed:53:ff:84:9c:97:60:a7:bb:83:b3:01:b9:02:fa:
         a8:18:9c:64:a6:ff:a3:4c:b9:51:a2:18:db:28:f3:a8:a8:95:
         21:ef:d2:44:cd:2e:83:23:cc:9a:b8:c1:b9:b4:13:ec:9e:e6:
         ae:f6:61:f1:e2:87:7f:46:78:a9:4e:0a:8f:fa:8d:a0:64:eb:
         68:2e:d1:57:97:dc:c1:a0:04:1b:ac:96:81:e4:d8:00:6d:ff:
         47:d1:74:f6:e1:cc:30:02:f6:ac:3c:9e:a4:44:42:fe:ab:20:
         68:b1:fd:90:65:98:f4:ed:a1:39:30:4a:20:b5:f0:46:31:78:
         79:52:72:13:2d:c0:9c:dc:eb:59:21:5b:c6:44:44:fb:56:11:
         9b:03:92:43:ac:a3:69:6c:6f:0c:d0:72:b5:ef:55:66:5e:c3:
         e3:a7:df:fa:30:f8:66:00:e5:33:94:43:ce:ee:70:c1:4a:e6:
         4b:2c:3a:63:a0:29:8b:74:e5:6d:0c:ff:f5:76:e8:b0:2d:84:
         f2:e3:2e:3b:cd:da:f8:38:1e:04:55:bb:e5:3a:36:bf:88:24:
         dd:8e:12:e2:22:aa:ac:e7:9b:c7:ba:66:cd:c8:89:be:d1:41:
         e0:06:c5:82
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY72JLqvsGIpTkoKO/qPWwe/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQwNDE5MTEzNjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGY4N2YxYWUzNjNjYzUzN2NiNDE0YzFkNWNlYThkOTU1YzhlMDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8uXLVXP6muSI5X/vL5uS+zr/3h/
Eh5CN/uTVALYFLhotYDmNXmwundHCdMbKgMAkBlIjHeRb5JL2yLiT5GMx+RdNRyU
1Q288oZ99iQu2/dMrl1cIBV21htg9t7A91KHU8V68qBwMnQ8wWXLBvW7YsvTXZoH
1+JnlHd+EBUQWoFw1E6aqUvnkDflj64XX58JA257n0pW3ttZKDAP6Ue6UV4EBkl/
fjjEhDwDKy5uOA9rlXy4rG8BXfFteEcEZgs4JvMADm8FgHiKCCi/Myf8MgVD6hb3
eBub9bgV1tg4YTToPo3mNkvioOGzqX7oBNwL6Fa+NVSaYOp6h3Fk6rhUWQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAD4fxrjY8xTfLQUwdXOqNlVyOCWMB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvQVBoX0d1Tmp6Rk44dEJUQjFjNm8yVlhJNEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhLMBzAN
BgkqhkiG9w0BAQsFAAOCAQEAJkEqVDbqYliTq5LHC2C+V4y7M+cl7VP/hJyXYKe7
g7MBuQL6qBicZKb/o0y5UaIY2yjzqKiVIe/SRM0ugyPMmrjBubQT7J7mrvZh8eKH
f0Z4qU4Kj/qNoGTraC7RV5fcwaAEG6yWgeTYAG3/R9F09uHMMAL2rDyepERC/qsg
aLH9kGWY9O2hOTBKILXwRjF4eVJyEy3AnNzrWSFbxkRE+1YRmwOSQ6yjaWxvDNBy
te9VZl7D46ff+jD4ZgDlM5RDzu5wwUrmSyw6Y6Api3TlbQz/9XbosC2E8uMuO83a
+DgeBFW75To2v4gk3Y4S4iKqrOebx7pmzciJvtFB4AbFgg==
-----END CERTIFICATE-----