Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/ABDpUe6jePBPX3_7idJW6VskjUI.roa
File:                     ABDpUe6jePBPX3_7idJW6VskjUI.roa (raw, json)
Hash identifier:          2uJVw8Yy1UzBrXOxGkJR0fZMeZhMvBwUcqLsaXLYQjE=
Subject key identifier:   00:10:E9:51:EE:A3:78:F0:4F:5F:7F:FB:89:D2:56:E9:5B:24:8D:42
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       01967A986731DE231D2DFF847D0C5A513343
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/ABDpUe6jePBPX3_7idJW6VskjUI.roa
Signing time:             Mon 28 Apr 2025 04:12:10 +0000
ROA not before:           Mon 28 Apr 2025 04:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142418
IP address blocks:        2a12:f8c0::/32 maxlen: 48
                          2a12:f8c0:1000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7a:98:67:31:de:23:1d:2d:ff:84:7d:0c:5a:51:33:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Apr 28 04:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0010e951eea378f04f5f7ffb89d256e95b248d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5f:28:d1:b1:ea:e5:bf:0a:24:c3:55:c5:aa:
                    de:82:91:6f:b9:93:37:89:e9:45:11:e2:1c:8b:51:
                    ee:d2:59:b5:7b:cc:36:2b:a2:c4:67:0d:d8:91:22:
                    d1:e7:0c:5c:16:6f:04:4e:65:44:65:b2:29:9e:89:
                    e4:be:7c:54:4f:90:e0:4b:8b:dc:67:69:31:30:73:
                    5f:6b:0e:7c:a0:73:48:57:50:27:b1:f6:fa:94:f7:
                    e0:7e:69:53:d1:76:df:6d:0b:86:f9:1e:f3:2c:ba:
                    78:00:f0:14:a9:8a:e7:31:9f:b7:21:aa:a5:25:7a:
                    a5:33:67:c7:f0:6d:83:b4:f0:98:4d:82:fc:e2:e0:
                    91:c7:db:3f:a0:1d:22:bb:1a:39:13:18:02:98:f6:
                    72:55:a5:87:26:b6:8e:9d:5a:32:6b:ef:a0:8e:2e:
                    cd:f8:37:f1:81:83:84:6b:72:aa:eb:c2:7b:b4:e0:
                    52:17:fc:3b:19:43:ae:ca:28:a1:17:be:a9:3e:14:
                    cc:d1:a9:16:a5:6e:90:dd:6f:f3:31:02:8a:3f:e9:
                    12:41:99:a4:8d:95:aa:37:70:22:38:7b:19:f6:7f:
                    03:9e:b6:34:a8:4d:b2:42:c2:b6:71:9e:26:6d:95:
                    0c:97:89:11:0a:15:b9:6a:a5:f9:cc:09:35:67:d4:
                    c8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:10:E9:51:EE:A3:78:F0:4F:5F:7F:FB:89:D2:56:E9:5B:24:8D:42
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/ABDpUe6jePBPX3_7idJW6VskjUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:83:b9:56:c1:54:52:5e:19:f7:9b:99:ee:c8:e0:cf:d5:c1:
         6c:47:c9:6c:98:6b:5a:af:1b:e4:b0:21:33:1e:bd:b1:01:ab:
         0e:19:8b:e8:7d:83:fa:72:aa:cd:50:82:8b:87:30:8c:98:9d:
         d8:8a:14:c4:89:78:ce:15:0f:ad:70:94:e1:14:94:f2:d8:0d:
         b9:81:56:a8:1f:05:70:f3:0a:a4:50:55:4f:13:00:e2:c0:52:
         6d:ce:4c:cc:79:6f:f8:a5:ee:0b:91:3f:dd:2b:ef:c7:97:f5:
         96:41:56:8c:ea:8f:13:b5:02:3e:ad:f7:10:28:f5:3e:a0:ac:
         5a:29:e3:ed:62:02:97:d9:8c:67:7d:ce:cd:ee:ff:b0:2c:4d:
         87:cd:68:53:6a:55:93:65:15:4b:6f:ae:9b:71:fd:6b:d2:30:
         ff:87:ee:b0:ff:4e:cf:fa:64:c5:d2:a8:a7:00:7c:1a:44:75:
         04:f0:e3:9a:c0:8f:eb:87:09:92:3f:9f:c5:f5:83:78:49:0d:
         8f:c6:c1:f7:50:25:fa:1d:15:04:f5:b8:29:66:e7:86:53:10:
         ba:29:af:55:c7:ce:d1:cf:a5:40:85:1d:9d:3a:d7:16:c9:72:
         48:7d:29:cf:66:90:1d:22:cc:e9:45:6e:4c:46:18:51:97:4b:
         71:0d:c3:db
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZ6mGcx3iMdLf+EfQxaUTNDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjUwNDI4MDQxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDEwZTk1MWVlYTM3OGYwNGY1ZjdmZmI4OWQyNTZlOTViMjQ4ZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp18o0bHq5b8KJMNVxaregpFvuZM3
ielFEeIci1Hu0lm1e8w2K6LEZw3YkSLR5wxcFm8ETmVEZbIpnonkvnxUT5DgS4vc
Z2kxMHNfaw58oHNIV1Ansfb6lPfgfmlT0XbfbQuG+R7zLLp4APAUqYrnMZ+3Iaql
JXqlM2fH8G2DtPCYTYL84uCRx9s/oB0iuxo5ExgCmPZyVaWHJraOnVoya++gji7N
+DfxgYOEa3Kq68J7tOBSF/w7GUOuyiihF76pPhTM0akWpW6Q3W/zMQKKP+kSQZmk
jZWqN3AiOHsZ9n8DnrY0qE2yQsK2cZ4mbZUMl4kRChW5aqX5zAk1Z9TIEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAAQ6VHuo3jwT19/+4nSVulbJI1CMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvQUJEcFVlNmplUEJQWDNfN2lkSlc2VnNralVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhL4wDAN
BgkqhkiG9w0BAQsFAAOCAQEAKIO5VsFUUl4Z95uZ7sjgz9XBbEfJbJhrWq8b5LAh
Mx69sQGrDhmL6H2D+nKqzVCCi4cwjJid2IoUxIl4zhUPrXCU4RSU8tgNuYFWqB8F
cPMKpFBVTxMA4sBSbc5MzHlv+KXuC5E/3Svvx5f1lkFWjOqPE7UCPq33ECj1PqCs
Winj7WICl9mMZ33Oze7/sCxNh81oU2pVk2UVS2+um3H9a9Iw/4fusP9Oz/pkxdKo
pwB8GkR1BPDjmsCP64cJkj+fxfWDeEkNj8bB91Al+h0VBPW4KWbnhlMQuimvVcfO
0c+lQIUdnTrXFslySH0pz2aQHSLM6UVuTEYYUZdLcQ3D2w==
-----END CERTIFICATE-----