Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/lpIXnkT8jxQu4crz6v_BoCLn_Io.roa
File:                     lpIXnkT8jxQu4crz6v_BoCLn_Io.roa (raw, json)
Hash identifier:          idVvK2a9lZq6lQlSAQ6r4B30hDfDwllKXj0jNwvmqbs=
Subject key identifier:   96:92:17:9E:44:FC:8F:14:2E:E1:CA:F3:EA:FF:C1:A0:22:E7:FC:8A
Certificate issuer:       /CN=f6c3e027d2d1c2d36d7c954867226c83b65eb56f
Certificate serial:       018CC424652C7570B53DE897C1CEA879E849
Authority key identifier: F6:C3:E0:27:D2:D1:C2:D3:6D:7C:95:48:67:22:6C:83:B6:5E:B5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/lpIXnkT8jxQu4crz6v_BoCLn_Io.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212104
IP address blocks:        2a12:5844:1112::/48 maxlen: 48
                          2a12:5844:1110::/44 maxlen: 44
                          2a12:5844:1111::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:65:2c:75:70:b5:3d:e8:97:c1:ce:a8:79:e8:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6c3e027d2d1c2d36d7c954867226c83b65eb56f
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9692179e44fc8f142ee1caf3eaffc1a022e7fc8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b5:06:e7:a2:41:a3:6d:e7:76:64:79:50:9a:
                    c7:06:ab:9e:1b:03:82:37:b0:66:9f:ab:31:fa:d3:
                    98:93:f5:0a:fd:5d:07:60:5d:b3:be:7c:c5:f7:04:
                    e9:7c:9c:5b:d3:73:0b:cd:69:06:c8:7c:52:95:af:
                    28:b1:3c:ab:22:89:7b:04:08:d2:86:00:f3:d6:47:
                    f9:5a:85:73:63:ff:78:38:d1:2a:78:cd:39:ad:f0:
                    27:69:02:e8:a3:05:85:43:44:84:9c:a2:60:4f:39:
                    fc:16:9c:b6:c2:01:96:b5:d4:db:b9:8f:65:96:b8:
                    9f:85:6f:99:c2:15:da:c0:b3:f7:86:84:84:71:e7:
                    e1:f8:0a:a2:43:76:21:eb:01:30:62:c3:77:56:ea:
                    15:2c:07:c3:46:66:90:34:f9:8d:af:be:f8:3c:ff:
                    41:e4:0f:5f:6e:66:42:aa:54:76:c5:38:ff:7c:74:
                    57:a9:9e:fb:2f:43:43:40:20:0a:5d:7d:53:0f:c8:
                    e3:2e:89:af:84:3f:53:df:19:40:3f:2f:b6:d1:57:
                    f3:74:aa:2f:c1:9d:19:15:f9:8d:2d:d8:75:82:b3:
                    8f:8c:a8:fa:83:20:9c:66:f1:50:05:8a:d9:82:53:
                    16:d8:ca:82:f4:d4:bc:b9:09:37:c3:c6:9e:c5:9f:
                    fc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:92:17:9E:44:FC:8F:14:2E:E1:CA:F3:EA:FF:C1:A0:22:E7:FC:8A
            X509v3 Authority Key Identifier:
                keyid:F6:C3:E0:27:D2:D1:C2:D3:6D:7C:95:48:67:22:6C:83:B6:5E:B5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/lpIXnkT8jxQu4crz6v_BoCLn_Io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5844:1110::/44

    Signature Algorithm: sha256WithRSAEncryption
         ae:c3:8f:42:50:b6:f4:c0:7d:c9:03:4c:4c:2d:cd:e6:30:87:
         cf:e4:3f:cb:c9:5b:22:5f:d1:33:ea:50:8d:df:53:d0:33:86:
         88:52:da:6f:43:8b:a1:06:14:8f:2d:33:cb:d7:f2:db:79:f7:
         c5:47:3c:46:2a:f6:9b:b2:05:7f:49:c2:31:d5:4a:5b:90:74:
         3f:06:b1:4d:fb:21:5f:87:76:6f:2a:eb:e3:00:45:f1:0e:f9:
         f7:e8:de:ee:5d:99:22:dd:32:ca:50:76:ed:24:89:cf:b1:b6:
         b5:73:62:d6:12:a5:a2:af:2e:e5:82:3c:12:4a:c4:61:75:84:
         40:55:68:21:9d:23:59:7d:14:cf:95:98:f6:e8:99:71:1c:7b:
         4c:1d:ff:03:25:0f:c2:9d:4d:d5:fd:62:94:b0:0e:79:f2:cd:
         99:96:17:8e:b4:dc:14:ff:ea:07:d1:50:1e:5a:d5:bd:c3:a9:
         ba:ab:c9:46:14:fc:fd:e0:97:32:9c:8d:6d:c9:06:83:bd:0e:
         c1:3a:15:60:a9:e7:e7:9c:55:19:72:98:08:e6:8e:a2:0c:45:
         a7:1b:af:db:aa:c4:a7:d1:21:5f:72:27:d3:65:2c:0f:71:6e:
         d4:0d:a5:b7:4d:02:4d:4b:c8:94:3f:e6:be:b5:05:f8:e0:ae:
         5c:70:d1:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJGUsdXC1PeiXwc6oeehJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YzNlMDI3ZDJkMWMyZDM2ZDdjOTU0ODY3MjI2YzgzYjY1
ZWI1NmYwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjkyMTc5ZTQ0ZmM4ZjE0MmVlMWNhZjNlYWZmYzFhMDIyZTdmYzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrUG56JBo23ndmR5UJrHBqueGwOC
N7Bmn6sx+tOYk/UK/V0HYF2zvnzF9wTpfJxb03MLzWkGyHxSla8osTyrIol7BAjS
hgDz1kf5WoVzY/94ONEqeM05rfAnaQLoowWFQ0SEnKJgTzn8Fpy2wgGWtdTbuY9l
lrifhW+ZwhXawLP3hoSEcefh+AqiQ3Yh6wEwYsN3VuoVLAfDRmaQNPmNr774PP9B
5A9fbmZCqlR2xTj/fHRXqZ77L0NDQCAKXX1TD8jjLomvhD9T3xlAPy+20VfzdKov
wZ0ZFfmNLdh1grOPjKj6gyCcZvFQBYrZglMW2MqC9NS8uQk3w8aexZ/8IQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJaSF55E/I8ULuHK8+r/waAi5/yKMB8GA1UdIwQY
MBaAFPbD4CfS0cLTbXyVSGcibIO2XrVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXNQZ0o5TFJ3dE50ZkpWSVp5SnNnN1pldFc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYjI4NzgtNWI3OS00MGY3LWI0YjUt
MzU2YzRkN2JiNDUyLzEvbHBJWG5rVDhqeFF1NGNyejZ2X0JvQ0xuX0lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYjI4NzgtNWI3OS00MGY3LWI0YjUtMzU2YzRkN2JiNDUy
LzEvOXNQZ0o5TFJ3dE50ZkpWSVp5SnNnN1pldFc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhJYRBEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCuw49CULb0wH3JA0xMLc3mMIfP5D/LyVsiX9Ez
6lCN31PQM4aIUtpvQ4uhBhSPLTPL1/LbeffFRzxGKvabsgV/ScIx1UpbkHQ/BrFN
+yFfh3ZvKuvjAEXxDvn36N7uXZki3TLKUHbtJInPsba1c2LWEqWiry7lgjwSSsRh
dYRAVWghnSNZfRTPlZj26JlxHHtMHf8DJQ/CnU3V/WKUsA558s2ZlheOtNwU/+oH
0VAeWtW9w6m6q8lGFPz94JcynI1tyQaDvQ7BOhVgqefnnFUZcpgI5o6iDEWnG6/b
qsSn0SFfcifTZSwPcW7UDaW3TQJNS8iUP+a+tQX44K5ccNFZ
-----END CERTIFICATE-----