Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/161b52-24f2-4535-8382-e7fe9c47660f/1/RufuW3_xCNrkXrItzwSh1-gqEtU.roa
File:                     RufuW3_xCNrkXrItzwSh1-gqEtU.roa (raw, json)
Hash identifier:          rS3Btv0ZqtLDbIiRa7t0h8uqqwVYVSfQARh6vcBuITQ=
Subject key identifier:   46:E7:EE:5B:7F:F1:08:DA:E4:5E:B2:2D:CF:04:A1:D7:E8:2A:12:D5
Certificate issuer:       /CN=cf10ad912ef942aacb4d10add39903c6e9fbb03a
Certificate serial:       018CC86F77BD8C0C7B72B7C38ADB99BA8A30
Authority key identifier: CF:10:AD:91:2E:F9:42:AA:CB:4D:10:AD:D3:99:03:C6:E9:FB:B0:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zxCtkS75QqrLTRCt05kDxun7sDo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/161b52-24f2-4535-8382-e7fe9c47660f/1/RufuW3_xCNrkXrItzwSh1-gqEtU.roa
Signing time:             Tue 02 Jan 2024 04:29:57 +0000
ROA not before:           Tue 02 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211557
IP address blocks:        2a12:1dc7:ffff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/161b52-24f2-4535-8382-e7fe9c47660f/1/zxCtkS75QqrLTRCt05kDxun7sDo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/161b52-24f2-4535-8382-e7fe9c47660f/1/zxCtkS75QqrLTRCt05kDxun7sDo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zxCtkS75QqrLTRCt05kDxun7sDo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:77:bd:8c:0c:7b:72:b7:c3:8a:db:99:ba:8a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf10ad912ef942aacb4d10add39903c6e9fbb03a
        Validity
            Not Before: Jan  2 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46e7ee5b7ff108dae45eb22dcf04a1d7e82a12d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b3:67:f5:30:e6:fb:da:4b:d5:45:79:70:db:
                    65:98:f9:a0:96:0e:22:f2:76:aa:8e:66:c7:a3:60:
                    bc:c4:e5:51:59:78:eb:17:8d:ff:ed:53:9e:2c:d4:
                    90:f5:1f:f3:28:8a:03:51:5f:6a:0c:fb:4f:16:ce:
                    d6:b6:c5:35:67:9b:86:1f:23:e7:75:01:4a:06:e8:
                    36:a5:f8:f7:27:13:82:40:ca:0d:fc:16:b0:58:ff:
                    e9:67:01:45:e8:78:29:12:dd:ae:14:b2:16:a1:16:
                    d1:e8:ea:b1:6b:d5:ad:04:c2:66:7e:47:dc:1f:5b:
                    94:bf:7b:6a:ed:c6:e3:34:8a:2e:c3:ed:ea:33:d4:
                    4e:c3:1e:13:46:6c:19:0c:ad:d6:c3:99:92:18:b6:
                    c5:33:1f:8c:d0:4a:85:7b:c9:74:26:4a:9c:58:9f:
                    4f:12:4b:87:92:1e:89:a3:11:be:91:1d:21:15:36:
                    45:4d:f0:dc:14:49:7e:e1:ba:a5:dc:db:54:49:cc:
                    c5:bd:a8:ec:14:b1:3e:6e:08:ef:f8:c2:b5:ee:86:
                    f9:bd:03:62:6a:73:5a:92:81:40:6c:6d:a5:52:63:
                    15:29:b1:4a:67:e3:a6:47:97:d8:53:48:65:69:41:
                    66:40:f6:1d:00:c0:e2:5b:17:f3:f0:16:d5:dd:74:
                    95:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:E7:EE:5B:7F:F1:08:DA:E4:5E:B2:2D:CF:04:A1:D7:E8:2A:12:D5
            X509v3 Authority Key Identifier:
                keyid:CF:10:AD:91:2E:F9:42:AA:CB:4D:10:AD:D3:99:03:C6:E9:FB:B0:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zxCtkS75QqrLTRCt05kDxun7sDo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/161b52-24f2-4535-8382-e7fe9c47660f/1/RufuW3_xCNrkXrItzwSh1-gqEtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/161b52-24f2-4535-8382-e7fe9c47660f/1/zxCtkS75QqrLTRCt05kDxun7sDo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1dc7:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:c7:5d:e8:17:69:92:0a:2d:82:1d:38:bf:55:32:33:05:4b:
         a8:95:2a:06:4c:1f:12:e5:19:0d:64:69:ef:7d:d4:d4:b7:90:
         9e:d7:18:b0:25:3f:91:be:43:a7:68:86:51:c9:fc:bf:ea:93:
         c1:2d:9f:41:49:b8:e6:cb:41:9c:2d:db:6d:a6:fa:70:d8:f1:
         8b:f4:88:96:56:76:ca:60:9d:a0:4c:10:ed:e6:ce:fc:9c:f9:
         8a:c9:9e:c2:30:3f:b1:c5:c8:30:4b:5d:f9:6f:91:06:c3:dc:
         c9:6f:36:6e:76:8d:06:86:6a:9e:3d:0d:48:fb:38:30:80:d1:
         f8:d3:b7:d0:4e:af:97:fb:9e:48:4e:fa:5f:ff:a9:ee:c4:49:
         b1:82:29:fe:2e:38:f9:f7:75:07:97:39:e3:b9:4a:86:39:57:
         9a:0c:90:de:30:13:fc:de:2d:13:b9:f6:62:da:67:fa:3e:70:
         a6:c2:bf:9d:f3:29:ae:cb:3a:cc:03:85:c1:0b:79:8c:3e:80:
         c4:e6:5b:36:d2:de:88:2c:99:48:7a:df:45:9c:73:54:b3:91:
         a7:ac:4b:c9:41:a3:95:03:08:d5:36:77:88:38:79:6d:00:29:
         3b:dc:89:17:d3:9b:90:51:49:8e:5a:2a:2a:6b:80:ca:9b:b1:
         01:53:c1:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb3e9jAx7crfDituZuoowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMTBhZDkxMmVmOTQyYWFjYjRkMTBhZGQzOTkwM2M2ZTlm
YmIwM2EwHhcNMjQwMTAyMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmU3ZWU1YjdmZjEwOGRhZTQ1ZWIyMmRjZjA0YTFkN2U4MmExMmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLNn9TDm+9pL1UV5cNtlmPmglg4i
8naqjmbHo2C8xOVRWXjrF43/7VOeLNSQ9R/zKIoDUV9qDPtPFs7WtsU1Z5uGHyPn
dQFKBug2pfj3JxOCQMoN/BawWP/pZwFF6HgpEt2uFLIWoRbR6Oqxa9WtBMJmfkfc
H1uUv3tq7cbjNIouw+3qM9ROwx4TRmwZDK3Ww5mSGLbFMx+M0EqFe8l0JkqcWJ9P
EkuHkh6JoxG+kR0hFTZFTfDcFEl+4bql3NtUSczFvajsFLE+bgjv+MK17ob5vQNi
anNakoFAbG2lUmMVKbFKZ+OmR5fYU0hlaUFmQPYdAMDiWxfz8BbV3XSVGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEbn7lt/8Qja5F6yLc8EodfoKhLVMB8GA1UdIwQY
MBaAFM8QrZEu+UKqy00QrdOZA8bp+7A6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenhDdGtTNzVRcXJMVFJDdDA1a0R4dW43c0RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8xNjFiNTItMjRmMi00NTM1LTgzODIt
ZTdmZTljNDc2NjBmLzEvUnVmdVczX3hDTnJrWHJJdHp3U2gxLWdxRXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8xNjFiNTItMjRmMi00NTM1LTgzODItZTdmZTljNDc2NjBm
LzEvenhDdGtTNzVRcXJMVFJDdDA1a0R4dW43c0RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhIdx///
MA0GCSqGSIb3DQEBCwUAA4IBAQCAx13oF2mSCi2CHTi/VTIzBUuolSoGTB8S5RkN
ZGnvfdTUt5Ce1xiwJT+RvkOnaIZRyfy/6pPBLZ9BSbjmy0GcLdttpvpw2PGL9IiW
VnbKYJ2gTBDt5s78nPmKyZ7CMD+xxcgwS135b5EGw9zJbzZudo0GhmqePQ1I+zgw
gNH407fQTq+X+55ITvpf/6nuxEmxgin+Ljj593UHlznjuUqGOVeaDJDeMBP83i0T
ufZi2mf6PnCmwr+d8ymuyzrMA4XBC3mMPoDE5ls20t6ILJlIet9FnHNUs5GnrEvJ
QaOVAwjVNneIOHltACk73IkX05uQUUmOWioqa4DKm7EBU8G3
-----END CERTIFICATE-----