Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/51hMxja-DPgR6lGsgh0WPbIdlQg.roa
File:                     51hMxja-DPgR6lGsgh0WPbIdlQg.roa (raw, json)
Hash identifier:          OnTn6ishr1WhCnNbxOFS6cZxMDlKbjEz8OCtymvrbvU=
Subject key identifier:   E7:58:4C:C6:36:BE:0C:F8:11:EA:51:AC:82:1D:16:3D:B2:1D:95:08
Certificate issuer:       /CN=f6c3e027d2d1c2d36d7c954867226c83b65eb56f
Certificate serial:       0191747F8F8233C22D675A4222D4B58D0365
Authority key identifier: F6:C3:E0:27:D2:D1:C2:D3:6D:7C:95:48:67:22:6C:83:B6:5E:B5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/51hMxja-DPgR6lGsgh0WPbIdlQg.roa
Signing time:             Wed 21 Aug 2024 10:33:22 +0000
ROA not before:           Wed 21 Aug 2024 10:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214326
IP address blocks:        2a12:5844:1190::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:74:7f:8f:82:33:c2:2d:67:5a:42:22:d4:b5:8d:03:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6c3e027d2d1c2d36d7c954867226c83b65eb56f
        Validity
            Not Before: Aug 21 10:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7584cc636be0cf811ea51ac821d163db21d9508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:c5:84:b6:1f:cb:0a:a9:1e:ab:20:8a:64:64:
                    7e:a7:e0:fe:b1:bb:0f:89:c3:89:fc:36:88:22:36:
                    49:aa:d0:5e:64:5d:ef:7c:4f:66:e0:66:6a:59:bd:
                    8a:21:e4:80:3e:b8:50:12:0b:75:a6:68:29:a6:30:
                    99:0d:2c:17:cb:e6:35:f2:e7:4e:0f:0b:69:aa:69:
                    86:4f:21:39:d8:37:ce:af:c8:b9:f8:91:8f:2b:57:
                    84:5b:6d:e0:bd:13:22:9c:36:d7:e3:92:1f:db:2e:
                    85:d9:ad:d5:f2:1a:87:45:6b:f5:b8:0f:3b:9a:d7:
                    e7:c0:ac:32:d5:54:e6:6b:6a:0d:5e:6e:ef:d0:ff:
                    96:95:17:7d:27:75:11:67:f5:6d:38:c1:be:d7:bc:
                    bf:13:77:1c:3b:65:43:79:d0:80:32:8b:60:c6:67:
                    f8:56:8d:7a:de:b9:48:fd:11:91:99:fd:4b:7a:a3:
                    12:41:ab:80:f3:d3:5a:20:ab:97:02:d3:10:72:56:
                    9e:70:d9:c7:b5:0c:ba:d2:dd:c5:26:71:0a:23:9c:
                    a1:5e:1d:b8:f4:44:3b:4f:8d:7f:5a:dc:93:77:40:
                    6a:15:82:3e:6a:77:f0:33:a3:36:3c:5e:f3:a8:aa:
                    bf:4b:bb:e4:4a:b2:a1:82:01:7c:fe:3c:d0:9f:18:
                    f4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:58:4C:C6:36:BE:0C:F8:11:EA:51:AC:82:1D:16:3D:B2:1D:95:08
            X509v3 Authority Key Identifier:
                keyid:F6:C3:E0:27:D2:D1:C2:D3:6D:7C:95:48:67:22:6C:83:B6:5E:B5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/51hMxja-DPgR6lGsgh0WPbIdlQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5844:1190::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:14:55:68:22:11:f1:ad:3d:68:37:cf:45:9d:b2:a3:53:bf:
         70:7d:1c:9d:93:dc:ac:d1:d7:b4:a9:7e:51:f7:6b:b7:6b:21:
         80:bc:81:59:4e:69:a0:9a:41:79:9e:d6:3e:c4:f7:d5:93:76:
         e4:e5:2e:6c:06:99:99:65:e0:2f:5e:99:71:18:f5:f1:bb:34:
         61:ed:7c:f2:de:c5:66:74:78:84:be:a9:fc:3c:cc:ba:3e:8b:
         79:0d:41:eb:d0:1e:62:c8:58:14:0c:c9:14:30:b0:ab:94:39:
         22:1f:22:df:ab:6e:f4:ab:bf:09:75:e9:22:cd:d1:60:fc:69:
         dc:ca:60:bd:d8:4b:85:73:c5:a9:9b:a8:42:ff:94:1d:f5:de:
         6b:b7:5d:37:3c:5f:b0:b1:b5:f4:09:1d:45:52:b5:36:da:2c:
         3d:bc:f6:36:3d:d9:93:8c:6f:01:fe:0c:6f:fa:1b:ef:71:59:
         b5:ae:5c:b5:ed:b0:74:00:73:02:ed:53:bc:3b:1d:99:34:03:
         9b:f1:f0:d9:cd:38:ed:f3:d0:3a:94:d6:8f:b0:0b:67:0f:08:
         36:ec:fa:e7:b4:98:18:16:f6:5a:3d:16:a3:cb:61:0e:02:1e:
         96:79:1e:ab:0b:f1:5e:7a:87:da:23:ff:d6:8b:2c:01:c9:0e:
         20:e0:d4:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZF0f4+CM8ItZ1pCItS1jQNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YzNlMDI3ZDJkMWMyZDM2ZDdjOTU0ODY3MjI2YzgzYjY1
ZWI1NmYwHhcNMjQwODIxMTAzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzU4NGNjNjM2YmUwY2Y4MTFlYTUxYWM4MjFkMTYzZGIyMWQ5NTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8MWEth/LCqkeqyCKZGR+p+D+sbsP
icOJ/DaIIjZJqtBeZF3vfE9m4GZqWb2KIeSAPrhQEgt1pmgppjCZDSwXy+Y18udO
DwtpqmmGTyE52DfOr8i5+JGPK1eEW23gvRMinDbX45If2y6F2a3V8hqHRWv1uA87
mtfnwKwy1VTma2oNXm7v0P+WlRd9J3URZ/VtOMG+17y/E3ccO2VDedCAMotgxmf4
Vo163rlI/RGRmf1LeqMSQauA89NaIKuXAtMQclaecNnHtQy60t3FJnEKI5yhXh24
9EQ7T41/WtyTd0BqFYI+anfwM6M2PF7zqKq/S7vkSrKhggF8/jzQnxj0WQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOdYTMY2vgz4EepRrIIdFj2yHZUIMB8GA1UdIwQY
MBaAFPbD4CfS0cLTbXyVSGcibIO2XrVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXNQZ0o5TFJ3dE50ZkpWSVp5SnNnN1pldFc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYjI4NzgtNWI3OS00MGY3LWI0YjUt
MzU2YzRkN2JiNDUyLzEvNTFoTXhqYS1EUGdSNmxHc2doMFdQYklkbFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYjI4NzgtNWI3OS00MGY3LWI0YjUtMzU2YzRkN2JiNDUy
LzEvOXNQZ0o5TFJ3dE50ZkpWSVp5SnNnN1pldFc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhJYRBGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBcFFVoIhHxrT1oN89FnbKjU79wfRydk9ys0de0
qX5R92u3ayGAvIFZTmmgmkF5ntY+xPfVk3bk5S5sBpmZZeAvXplxGPXxuzRh7Xzy
3sVmdHiEvqn8PMy6Pot5DUHr0B5iyFgUDMkUMLCrlDkiHyLfq270q78JdekizdFg
/GncymC92EuFc8Wpm6hC/5Qd9d5rt103PF+wsbX0CR1FUrU22iw9vPY2PdmTjG8B
/gxv+hvvcVm1rly17bB0AHMC7VO8Ox2ZNAOb8fDZzTjt89A6lNaPsAtnDwg27Prn
tJgYFvZaPRajy2EOAh6WeR6rC/FeeofaI//WiywByQ4g4NRf
-----END CERTIFICATE-----