Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/2ad4fa-bd7b-407e-b25a-df7410b2d275/1/gg6LenrNrxAkM-0cOep0I5UnaS0.roa
File:                     gg6LenrNrxAkM-0cOep0I5UnaS0.roa (raw, json)
Hash identifier:          SPRTufs6njILV6fTmBhRcQYMSBD71ZQhHf7zSGBOeAI=
Subject key identifier:   82:0E:8B:7A:7A:CD:AF:10:24:33:ED:1C:39:EA:74:23:95:27:69:2D
Certificate issuer:       /CN=3eabe028f3be7ee072885d02bbd7b62a652425ef
Certificate serial:       018CC3B70A16FB9A435B67621140269199C7
Authority key identifier: 3E:AB:E0:28:F3:BE:7E:E0:72:88:5D:02:BB:D7:B6:2A:65:24:25:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PqvgKPO-fuByiF0Cu9e2KmUkJe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/2ad4fa-bd7b-407e-b25a-df7410b2d275/1/gg6LenrNrxAkM-0cOep0I5UnaS0.roa
Signing time:             Mon 01 Jan 2024 06:30:01 +0000
ROA not before:           Mon 01 Jan 2024 06:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210414
IP address blocks:        2a12:a080::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/2ad4fa-bd7b-407e-b25a-df7410b2d275/1/PqvgKPO-fuByiF0Cu9e2KmUkJe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/2ad4fa-bd7b-407e-b25a-df7410b2d275/1/PqvgKPO-fuByiF0Cu9e2KmUkJe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PqvgKPO-fuByiF0Cu9e2KmUkJe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0a:16:fb:9a:43:5b:67:62:11:40:26:91:99:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eabe028f3be7ee072885d02bbd7b62a652425ef
        Validity
            Not Before: Jan  1 06:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=820e8b7a7acdaf102433ed1c39ea74239527692d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b4:76:66:c5:b1:91:c4:2b:35:88:bb:11:e7:
                    ce:5d:77:ac:f3:2e:f6:ef:3e:e9:e1:7c:e2:77:86:
                    c6:86:ee:31:fc:ba:5a:82:da:71:62:d9:00:c8:53:
                    50:e9:90:6f:b7:14:3f:09:51:60:3f:f2:4e:2c:02:
                    9b:ed:10:86:58:f3:61:b3:1b:2b:6a:81:39:ac:54:
                    d4:8e:05:33:f5:44:12:ca:55:f0:a6:56:81:e6:0a:
                    6e:64:b1:03:d9:28:b1:34:ea:23:e2:41:4c:3f:cb:
                    14:98:ef:90:33:5c:5d:b2:c3:c4:6f:e0:85:09:fc:
                    9f:c8:96:8e:c1:93:ea:e4:29:dd:3c:80:e9:df:cd:
                    42:c7:0a:f3:84:e6:7f:c6:52:40:07:f7:d6:5a:b4:
                    3e:91:01:7d:84:6b:56:e8:df:18:e3:0e:e3:6c:15:
                    51:c5:85:27:38:09:36:f7:54:c3:49:b5:6c:e6:e0:
                    48:cf:02:ad:30:bc:c7:36:18:dc:cd:ac:5d:85:8c:
                    a1:7c:e5:72:ab:6d:ac:86:5d:57:54:60:83:72:6d:
                    c6:95:4e:18:8d:52:f7:ca:ae:df:58:8e:d4:11:2f:
                    d6:c4:bb:0f:a4:8a:8e:da:d2:97:af:b4:6e:f3:77:
                    e1:02:5b:0f:e4:9c:b9:03:ce:c0:93:7d:a9:4e:47:
                    c0:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:0E:8B:7A:7A:CD:AF:10:24:33:ED:1C:39:EA:74:23:95:27:69:2D
            X509v3 Authority Key Identifier:
                keyid:3E:AB:E0:28:F3:BE:7E:E0:72:88:5D:02:BB:D7:B6:2A:65:24:25:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PqvgKPO-fuByiF0Cu9e2KmUkJe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/2ad4fa-bd7b-407e-b25a-df7410b2d275/1/gg6LenrNrxAkM-0cOep0I5UnaS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/2ad4fa-bd7b-407e-b25a-df7410b2d275/1/PqvgKPO-fuByiF0Cu9e2KmUkJe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a080::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:1c:55:16:bb:00:ca:a3:2b:33:39:af:67:4e:22:03:ba:64:
         7c:d7:86:fa:09:f2:03:91:a0:45:84:dc:52:32:16:5e:72:df:
         b5:55:78:f7:96:f1:57:5c:c1:dc:02:04:f8:34:82:1d:d4:e5:
         b1:a2:ae:c2:66:c8:ba:43:24:15:af:df:19:d1:4e:2e:a1:fe:
         c7:50:22:8a:1b:d3:0c:fd:8d:43:9f:35:8b:6d:41:57:82:7d:
         ee:af:a3:54:39:2f:2b:9e:12:bc:2e:3d:4a:ea:95:eb:09:e6:
         7a:c1:fc:86:8f:b0:f3:85:a2:75:af:b3:d1:cd:c9:31:ac:8c:
         c7:5d:5f:92:43:40:51:4d:e0:83:f7:b5:73:19:eb:07:2d:c2:
         48:9b:1a:6d:1e:88:09:ae:4a:b1:d5:64:17:10:a8:fc:81:ce:
         b9:f4:57:e4:5b:f8:3e:1d:31:13:d9:18:f2:1c:84:5e:3e:88:
         5e:a3:04:c6:e0:2d:09:18:77:48:b8:22:92:b7:a7:45:4d:d6:
         fd:9d:c8:c9:cd:20:c0:08:4c:c5:33:5b:bc:c0:78:14:de:80:
         43:2d:8e:1c:34:62:e1:a5:f8:80:25:6c:9a:23:4a:53:63:a8:
         b7:f6:ef:87:a0:71:11:42:8c:a2:68:d3:be:86:c9:70:4b:93:
         23:af:47:0c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtwoW+5pDW2diEUAmkZnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYWJlMDI4ZjNiZTdlZTA3Mjg4NWQwMmJiZDdiNjJhNjUy
NDI1ZWYwHhcNMjQwMTAxMDYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjBlOGI3YTdhY2RhZjEwMjQzM2VkMWMzOWVhNzQyMzk1Mjc2OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLR2ZsWxkcQrNYi7EefOXXes8y72
7z7p4Xzid4bGhu4x/LpagtpxYtkAyFNQ6ZBvtxQ/CVFgP/JOLAKb7RCGWPNhsxsr
aoE5rFTUjgUz9UQSylXwplaB5gpuZLED2SixNOoj4kFMP8sUmO+QM1xdssPEb+CF
CfyfyJaOwZPq5CndPIDp381CxwrzhOZ/xlJAB/fWWrQ+kQF9hGtW6N8Y4w7jbBVR
xYUnOAk291TDSbVs5uBIzwKtMLzHNhjczaxdhYyhfOVyq22shl1XVGCDcm3GlU4Y
jVL3yq7fWI7UES/WxLsPpIqO2tKXr7Ru83fhAlsP5Jy5A87Ak32pTkfA7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIIOi3p6za8QJDPtHDnqdCOVJ2ktMB8GA1UdIwQY
MBaAFD6r4Cjzvn7gcohdArvXtiplJCXvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHF2Z0tQTy1mdUJ5aUYwQ3U5ZTJLbVVrSmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8yYWQ0ZmEtYmQ3Yi00MDdlLWIyNWEt
ZGY3NDEwYjJkMjc1LzEvZ2c2TGVuck5yeEFrTS0wY09lcDBJNVVuYVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8yYWQ0ZmEtYmQ3Yi00MDdlLWIyNWEtZGY3NDEwYjJkMjc1
LzEvUHF2Z0tQTy1mdUJ5aUYwQ3U5ZTJLbVVrSmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhKggDAN
BgkqhkiG9w0BAQsFAAOCAQEAMhxVFrsAyqMrMzmvZ04iA7pkfNeG+gnyA5GgRYTc
UjIWXnLftVV495bxV1zB3AIE+DSCHdTlsaKuwmbIukMkFa/fGdFOLqH+x1AiihvT
DP2NQ581i21BV4J97q+jVDkvK54SvC49SuqV6wnmesH8ho+w84Wida+z0c3JMayM
x11fkkNAUU3gg/e1cxnrBy3CSJsabR6ICa5KsdVkFxCo/IHOufRX5Fv4Ph0xE9kY
8hyEXj6IXqMExuAtCRh3SLgikrenRU3W/Z3Iyc0gwAhMxTNbvMB4FN6AQy2OHDRi
4aX4gCVsmiNKU2Oot/bvh6BxEUKMomjTvobJcEuTI69HDA==
-----END CERTIFICATE-----