Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/zH0GORTR7Uyj1Cp9s_FZC30xG7E.roa
File:                     zH0GORTR7Uyj1Cp9s_FZC30xG7E.roa (raw, json)
Hash identifier:          hQY0rZB8ZrQ/2LTg6dzNd2hK2I9T6rcNdp9cuBHVHhk=
Subject key identifier:   CC:7D:06:39:14:D1:ED:4C:A3:D4:2A:7D:B3:F1:59:0B:7D:31:1B:B1
Certificate issuer:       /CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
Certificate serial:       019422FB049E28153224B9904248D5BE992C
Authority key identifier: DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/zH0GORTR7Uyj1Cp9s_FZC30xG7E.roa
Signing time:             Wed 01 Jan 2025 17:47:43 +0000
ROA not before:           Wed 01 Jan 2025 17:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16097
IP address blocks:        2a12:6900:1200::/40 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:04:9e:28:15:32:24:b9:90:42:48:d5:be:99:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
        Validity
            Not Before: Jan  1 17:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc7d063914d1ed4ca3d42a7db3f1590b7d311bb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:25:ac:2d:01:62:de:83:07:49:6e:3c:92:10:
                    5f:e6:68:3c:a7:bc:62:bd:e7:ab:6c:63:4d:83:b2:
                    25:b0:9d:a4:9c:b7:c8:15:96:59:79:91:40:60:01:
                    12:ef:7f:e8:33:bb:94:14:7c:e1:dd:e3:ca:51:ed:
                    c9:e7:bd:67:a9:a7:fd:7c:ab:2a:6f:97:cb:2c:8b:
                    d9:1e:f2:5b:36:97:b7:e4:d5:6b:2f:d9:de:5c:0f:
                    e1:e0:d7:aa:1b:c2:3e:18:85:76:0a:6a:27:44:70:
                    3a:d5:d6:bc:04:69:eb:40:aa:b6:7c:f8:f5:43:34:
                    84:85:14:6b:a1:e8:c2:b4:ac:91:bd:e3:dd:2f:7b:
                    21:cf:cc:4c:54:4b:d6:2e:8b:f7:24:db:fa:8f:b6:
                    92:51:a4:a7:4a:76:32:f9:0b:6e:b4:ca:d9:f0:38:
                    a7:23:41:18:df:2e:86:15:6f:1e:5f:ce:22:42:23:
                    6b:d9:91:04:f4:f0:cd:05:c3:29:a0:4a:9e:34:81:
                    59:19:09:9d:66:67:f0:72:18:52:cf:c6:bf:79:52:
                    40:5b:8b:a3:a6:5b:46:e5:2b:df:4d:7c:22:bc:bf:
                    a4:b3:6d:28:17:60:74:a6:3c:91:3f:9d:a0:b4:10:
                    b2:a2:9b:91:bc:cc:13:31:cc:9b:2c:89:62:38:bc:
                    1d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:7D:06:39:14:D1:ED:4C:A3:D4:2A:7D:B3:F1:59:0B:7D:31:1B:B1
            X509v3 Authority Key Identifier:
                keyid:DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/zH0GORTR7Uyj1Cp9s_FZC30xG7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:6900:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         08:f5:35:31:6e:88:4c:a2:99:fb:6e:18:8d:32:0d:d3:af:59:
         b7:bd:9d:f3:26:f4:c2:4b:4f:8f:86:17:07:5d:40:8d:3a:0a:
         b9:a3:dc:4b:53:65:05:21:c1:42:44:93:7c:e7:4f:9a:03:a9:
         1c:ba:d8:e7:88:12:19:86:77:c6:3c:05:7f:45:51:41:de:50:
         1f:b2:38:7c:45:0c:a6:01:5b:11:49:ac:a9:04:25:e0:65:9d:
         d4:eb:d2:fe:5a:e4:f7:98:66:57:6b:01:9e:3f:37:cc:0d:5f:
         c2:37:4f:31:8a:37:21:b7:cf:2f:ef:b0:5a:8f:71:0c:6f:d5:
         70:21:9d:7f:ea:a9:2d:b2:e8:42:1b:b8:6d:96:8f:5a:c1:90:
         f9:b6:fc:ee:78:cf:07:c3:e1:a9:e3:77:37:17:b7:98:d3:f8:
         2a:78:e6:9d:46:cd:a8:1a:9e:a8:db:7f:af:f5:52:21:15:f4:
         93:e9:d4:ca:5f:8b:10:c9:da:8e:6f:b0:76:f4:59:0a:5c:fa:
         66:35:b8:6a:49:91:c8:61:75:3b:25:49:d6:72:6b:7c:d9:62:
         14:60:dd:7e:9d:62:f6:01:85:68:46:a4:0e:2e:49:24:c1:66:
         53:a4:56:50:23:59:ae:30:9e:cd:32:06:91:4a:20:66:f8:7f:
         43:34:65:b2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQi+wSeKBUyJLmQQkjVvpksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZGU5MWEwZmIxZjRkZDE3OTAwZDA2ZGI2ZTg4MzM2Zjc4
YjVjMDUwHhcNMjUwMTAxMTc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzdkMDYzOTE0ZDFlZDRjYTNkNDJhN2RiM2YxNTkwYjdkMzExYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CWsLQFi3oMHSW48khBf5mg8p7xi
veerbGNNg7IlsJ2knLfIFZZZeZFAYAES73/oM7uUFHzh3ePKUe3J571nqaf9fKsq
b5fLLIvZHvJbNpe35NVrL9neXA/h4NeqG8I+GIV2CmonRHA61da8BGnrQKq2fPj1
QzSEhRRroejCtKyRvePdL3shz8xMVEvWLov3JNv6j7aSUaSnSnYy+QtutMrZ8Din
I0EY3y6GFW8eX84iQiNr2ZEE9PDNBcMpoEqeNIFZGQmdZmfwchhSz8a/eVJAW4uj
pltG5SvfTXwivL+ks20oF2B0pjyRP52gtBCyopuRvMwTMcybLIliOLwdCQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMx9BjkU0e1Mo9QqfbPxWQt9MRuxMB8GA1UdIwQY
MBaAFN7ekaD7H03ReQDQbbbogzb3i1wFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMt
MjFhNzAwYzcxMTlmLzEvekgwR09SVFI3VXlqMUNwOXNfRlpDMzB4RzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMtMjFhNzAwYzcxMTlm
LzEvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhJpABIw
DQYJKoZIhvcNAQELBQADggEBAAj1NTFuiEyimftuGI0yDdOvWbe9nfMm9MJLT4+G
FwddQI06Crmj3EtTZQUhwUJEk3znT5oDqRy62OeIEhmGd8Y8BX9FUUHeUB+yOHxF
DKYBWxFJrKkEJeBlndTr0v5a5PeYZldrAZ4/N8wNX8I3TzGKNyG3zy/vsFqPcQxv
1XAhnX/qqS2y6EIbuG2Wj1rBkPm2/O54zwfD4anjdzcXt5jT+Cp45p1Gzaganqjb
f6/1UiEV9JPp1MpfixDJ2o5vsHb0WQpc+mY1uGpJkchhdTslSdZya3zZYhRg3X6d
YvYBhWhGpA4uSSTBZlOkVlAjWa4wns0yBpFKIGb4f0M0ZbI=
-----END CERTIFICATE-----