Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/9kcAwYg_XDrQjevQTP1IsuqZ3Ek.roa
File:                     9kcAwYg_XDrQjevQTP1IsuqZ3Ek.roa (raw, json)
Hash identifier:          5Fk3T0sxDG5ySr7LAnSDqIzeCDtuSFmBOwslJVE9qDk=
Subject key identifier:   F6:47:00:C1:88:3F:5C:3A:D0:8D:EB:D0:4C:FD:48:B2:EA:99:DC:49
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       0191E4D624289DB2ADCF3DE59142B79C1E59
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/9kcAwYg_XDrQjevQTP1IsuqZ3Ek.roa
Signing time:             Thu 12 Sep 2024 06:05:24 +0000
ROA not before:           Thu 12 Sep 2024 06:05:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215324
IP address blocks:        2a12:f8c3:5000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e4:d6:24:28:9d:b2:ad:cf:3d:e5:91:42:b7:9c:1e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Sep 12 06:05:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f64700c1883f5c3ad08debd04cfd48b2ea99dc49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:9f:24:41:fc:bf:ba:a7:c2:0c:40:c4:a4:a3:
                    e6:c7:11:73:6a:db:06:34:53:f9:d4:92:54:e0:d6:
                    8f:32:eb:cc:53:0f:15:e2:08:cf:70:62:ce:56:b6:
                    69:97:a2:f8:b1:de:22:56:0d:75:77:14:59:29:56:
                    c6:24:98:f8:a2:3d:83:67:14:a3:b2:07:74:ed:8e:
                    c4:a3:b5:23:76:0a:d3:c8:51:f7:68:5a:76:8f:f0:
                    3b:46:fb:fc:31:ee:2f:bf:84:73:d9:ea:fd:dd:8d:
                    ea:5d:2b:f7:e6:a9:43:6a:6e:6b:5e:b3:3e:b1:6d:
                    70:0d:a3:8b:21:5f:eb:19:31:da:b2:de:8c:b9:26:
                    28:a4:d0:34:10:7c:69:0b:95:6f:eb:87:4b:c7:03:
                    bf:79:da:d6:89:20:1c:9c:e6:60:67:83:91:f7:9d:
                    4f:0c:94:b8:b3:7e:af:29:35:9a:82:d8:38:de:13:
                    36:a8:46:7e:a6:38:f6:5d:2f:3d:64:df:46:2a:79:
                    e1:be:57:d0:01:22:9f:f3:0d:07:66:56:ff:41:c7:
                    c4:8d:46:f0:43:3f:97:a3:c1:42:71:54:50:58:f4:
                    d8:31:f7:16:6c:76:16:c0:72:dc:93:1a:ff:4f:b0:
                    c7:e4:a0:5d:bf:47:93:d8:ab:ed:00:4b:0d:b9:5f:
                    74:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:47:00:C1:88:3F:5C:3A:D0:8D:EB:D0:4C:FD:48:B2:EA:99:DC:49
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/9kcAwYg_XDrQjevQTP1IsuqZ3Ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c3:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         9a:74:1c:ca:66:99:b9:91:0a:61:20:ca:cc:5a:fb:11:5a:90:
         df:75:5d:6b:b1:42:2f:35:cd:f5:46:9c:e7:fe:f4:46:ab:55:
         15:84:1e:8c:ab:44:c4:6a:ad:54:26:70:48:eb:d8:5d:35:40:
         99:c9:0f:80:f8:24:29:e7:d0:6a:01:98:02:ae:1d:63:ca:4d:
         eb:60:b3:a0:a7:62:27:6a:a2:70:8f:5c:8e:4f:c6:74:d4:1e:
         5f:0f:3e:65:39:e9:fd:52:9c:40:76:14:50:7c:b3:ed:3d:76:
         d1:09:38:df:bd:34:33:05:54:db:62:4e:81:70:eb:7a:4f:24:
         bc:44:36:b2:09:46:de:28:b4:03:30:81:b2:a0:75:ef:de:24:
         75:f5:d1:5a:9a:14:13:8e:e6:62:45:d1:88:64:66:af:e2:28:
         34:de:5f:30:35:60:ae:01:62:ad:e4:9a:36:70:68:98:04:77:
         dd:ca:c2:bd:7c:44:9f:4b:a0:79:d9:66:c6:74:83:7e:55:a2:
         ce:23:69:d6:40:1a:f7:c6:4c:cf:4c:7f:b3:ae:97:ce:5a:53:
         35:6b:71:88:a9:2b:ce:e7:ed:ce:4e:dc:52:d5:c4:79:8d:94:
         03:ea:5a:19:7b:98:82:74:6a:f7:ef:a8:44:b3:24:f1:f5:31:
         65:77:94:40
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZHk1iQonbKtzz3lkUK3nB5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjQwOTEyMDYwNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjQ3MDBjMTg4M2Y1YzNhZDA4ZGViZDA0Y2ZkNDhiMmVhOTlkYzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJ8kQfy/uqfCDEDEpKPmxxFzatsG
NFP51JJU4NaPMuvMUw8V4gjPcGLOVrZpl6L4sd4iVg11dxRZKVbGJJj4oj2DZxSj
sgd07Y7Eo7UjdgrTyFH3aFp2j/A7Rvv8Me4vv4Rz2er93Y3qXSv35qlDam5rXrM+
sW1wDaOLIV/rGTHast6MuSYopNA0EHxpC5Vv64dLxwO/edrWiSAcnOZgZ4OR951P
DJS4s36vKTWagtg43hM2qEZ+pjj2XS89ZN9GKnnhvlfQASKf8w0HZlb/QcfEjUbw
Qz+Xo8FCcVRQWPTYMfcWbHYWwHLckxr/T7DH5KBdv0eT2KvtAEsNuV90PwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPZHAMGIP1w60I3r0Ez9SLLqmdxJMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvOWtjQXdZZ19YRHJRamV2UVRQMUlzdXFaM0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhL4w1Aw
DQYJKoZIhvcNAQELBQADggEBAJp0HMpmmbmRCmEgysxa+xFakN91XWuxQi81zfVG
nOf+9EarVRWEHoyrRMRqrVQmcEjr2F01QJnJD4D4JCnn0GoBmAKuHWPKTetgs6Cn
YidqonCPXI5PxnTUHl8PPmU56f1SnEB2FFB8s+09dtEJON+9NDMFVNtiToFw63pP
JLxENrIJRt4otAMwgbKgde/eJHX10VqaFBOO5mJF0YhkZq/iKDTeXzA1YK4BYq3k
mjZwaJgEd93Kwr18RJ9LoHnZZsZ0g35Vos4jadZAGvfGTM9Mf7Oul85aUzVrcYip
K87n7c5O3FLVxHmNlAPqWhl7mIJ0avfvqESzJPH1MWV3lEA=
-----END CERTIFICATE-----