Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/xE0MAKU9Y3-EjIwfJeUqTkj1JAo.roa
File:                     xE0MAKU9Y3-EjIwfJeUqTkj1JAo.roa (raw, json)
Hash identifier:          F//KKoAXpZv03HXbyN3qpWDIl7+V99huqWCNxnvbbd0=
Subject key identifier:   C4:4D:0C:00:A5:3D:63:7F:84:8C:8C:1F:25:E5:2A:4E:48:F5:24:0A
Certificate issuer:       /CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
Certificate serial:       018CC3B743B637A56B2F46CCF142FFE03092
Authority key identifier: DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/xE0MAKU9Y3-EjIwfJeUqTkj1JAo.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        2a12:6900:1000::/40 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:43:b6:37:a5:6b:2f:46:cc:f1:42:ff:e0:30:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c44d0c00a53d637f848c8c1f25e52a4e48f5240a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ee:a1:67:77:f0:f2:67:52:d9:04:cf:f3:d4:
                    9d:cc:63:72:e9:c3:8c:5c:7b:9d:ba:9f:a0:5a:11:
                    17:99:64:a2:9b:dc:b0:5e:c1:4f:04:9b:ab:5a:b0:
                    c7:47:88:c2:a9:29:63:99:aa:88:3d:9e:5d:ce:e6:
                    b6:e2:1d:76:a8:67:8b:c5:56:26:06:85:8d:86:b1:
                    be:23:87:99:2b:bd:e2:d6:f6:ea:03:c4:a1:de:53:
                    05:7b:d5:9f:a6:cf:e1:fc:62:39:96:7e:17:d0:bc:
                    c5:5e:c0:b0:75:53:1a:09:92:73:60:3f:27:e3:66:
                    52:18:e7:80:36:2e:a9:a7:80:ee:e4:95:46:bf:8e:
                    02:69:e1:90:d5:59:4c:f8:a5:0e:7d:21:9d:28:7b:
                    f9:bc:73:af:ea:13:63:79:79:fa:2c:ea:1f:02:08:
                    0b:69:ed:15:98:dc:f7:98:67:45:d5:09:61:9e:df:
                    27:20:63:4c:f5:7d:e5:e8:b7:bf:bf:b1:44:68:78:
                    e5:84:06:85:ab:5d:ec:39:79:47:1b:00:13:a7:93:
                    8a:84:49:3e:e8:0f:12:3d:4a:43:87:90:d7:3d:81:
                    29:00:b9:83:d4:ed:cd:35:3a:ac:3b:40:77:6c:67:
                    2d:2c:8e:a5:29:6d:a5:28:c6:8a:73:3d:36:d8:0c:
                    8d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:4D:0C:00:A5:3D:63:7F:84:8C:8C:1F:25:E5:2A:4E:48:F5:24:0A
            X509v3 Authority Key Identifier:
                keyid:DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/xE0MAKU9Y3-EjIwfJeUqTkj1JAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:6900:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7c:7d:38:8f:d7:4b:e8:f8:3e:d0:1f:d3:72:36:c6:a7:99:32:
         3c:20:88:f1:65:59:29:7e:62:ba:ee:98:32:52:5c:7c:b9:08:
         56:29:bb:d3:ef:2a:72:e7:b2:8e:af:5f:e0:93:8e:24:60:a9:
         63:d5:c9:19:72:e4:c9:09:97:f9:d4:6c:da:7f:54:b9:b9:be:
         40:06:c5:9f:ac:88:49:bc:f4:4d:73:b5:93:52:6a:f6:de:b0:
         28:7f:29:9e:7a:6c:af:4a:80:99:07:12:9b:12:6b:98:09:4b:
         3b:6b:d6:f6:e8:ef:80:2b:1f:0f:90:e5:42:48:35:68:37:bb:
         89:cd:5f:55:ed:c7:e3:e3:d7:94:1a:22:f6:fe:47:5a:a4:12:
         51:a6:43:06:14:08:9e:a1:4c:1a:40:e2:bb:a0:aa:fd:59:03:
         1f:61:e0:34:a3:54:1a:8b:0a:89:25:a8:9e:7a:5d:c4:36:10:
         5c:81:49:d8:5a:7c:e6:9b:ac:b1:22:d8:51:98:c0:86:0f:bf:
         0c:37:40:7b:1a:77:86:ea:75:44:e1:c6:f4:c5:3f:fc:f1:f5:
         c5:72:1e:00:39:30:f7:38:c7:a5:c2:f1:70:6e:b8:25:ac:db:
         cf:4b:76:8c:4d:c5:9e:e1:65:75:c9:b4:ff:e7:da:58:40:ac:
         ff:ee:f9:ee
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDt0O2N6VrL0bM8UL/4DCSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZGU5MWEwZmIxZjRkZDE3OTAwZDA2ZGI2ZTg4MzM2Zjc4
YjVjMDUwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDRkMGMwMGE1M2Q2MzdmODQ4YzhjMWYyNWU1MmE0ZTQ4ZjUyNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwu6hZ3fw8mdS2QTP89SdzGNy6cOM
XHudup+gWhEXmWSim9ywXsFPBJurWrDHR4jCqSljmaqIPZ5dzua24h12qGeLxVYm
BoWNhrG+I4eZK73i1vbqA8Sh3lMFe9Wfps/h/GI5ln4X0LzFXsCwdVMaCZJzYD8n
42ZSGOeANi6pp4Du5JVGv44CaeGQ1VlM+KUOfSGdKHv5vHOv6hNjeXn6LOofAggL
ae0VmNz3mGdF1Qlhnt8nIGNM9X3l6Le/v7FEaHjlhAaFq13sOXlHGwATp5OKhEk+
6A8SPUpDh5DXPYEpALmD1O3NNTqsO0B3bGctLI6lKW2lKMaKcz022AyNhQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMRNDAClPWN/hIyMHyXlKk5I9SQKMB8GA1UdIwQY
MBaAFN7ekaD7H03ReQDQbbbogzb3i1wFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMt
MjFhNzAwYzcxMTlmLzEveEUwTUFLVTlZMy1Fakl3ZkplVXFUa2oxSkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMtMjFhNzAwYzcxMTlm
LzEvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhJpABAw
DQYJKoZIhvcNAQELBQADggEBAHx9OI/XS+j4PtAf03I2xqeZMjwgiPFlWSl+Yrru
mDJSXHy5CFYpu9PvKnLnso6vX+CTjiRgqWPVyRly5MkJl/nUbNp/VLm5vkAGxZ+s
iEm89E1ztZNSavbesCh/KZ56bK9KgJkHEpsSa5gJSztr1vbo74ArHw+Q5UJINWg3
u4nNX1Xtx+Pj15QaIvb+R1qkElGmQwYUCJ6hTBpA4rugqv1ZAx9h4DSjVBqLCokl
qJ56XcQ2EFyBSdhafOabrLEi2FGYwIYPvww3QHsad4bqdUThxvTFP/zx9cVyHgA5
MPc4x6XC8XBuuCWs289LdoxNxZ7hZXXJtP/n2lhArP/u+e4=
-----END CERTIFICATE-----