Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/RiiNoyZSO1JzA7m0_LayA08gFzY.roa
File:                     RiiNoyZSO1JzA7m0_LayA08gFzY.roa (raw, json)
Hash identifier:          zcGWo+UpPwSMxlv6jUFwi8ud5sRDKsEHFlMBysCY+IA=
Subject key identifier:   46:28:8D:A3:26:52:3B:52:73:03:B9:B4:FC:B6:B2:03:4F:20:17:36
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       0194221FE16DC7F9873771BE116F4617BDB7
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/RiiNoyZSO1JzA7m0_LayA08gFzY.roa
Signing time:             Wed 01 Jan 2025 13:48:22 +0000
ROA not before:           Wed 01 Jan 2025 13:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212128
IP address blocks:        2a12:1240::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e1:6d:c7:f9:87:37:71:be:11:6f:46:17:bd:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Jan  1 13:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46288da326523b527303b9b4fcb6b2034f201736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:15:06:05:29:af:8f:d7:7f:a0:03:b8:97:75:
                    c3:b7:4d:cf:97:cf:08:2e:76:bf:d4:14:ce:2f:9d:
                    32:2f:5f:6a:df:39:34:c6:49:36:10:44:77:eb:e1:
                    f0:fe:27:2a:2b:a5:49:f9:29:92:6f:cd:59:16:36:
                    61:d7:82:53:62:4a:4a:7d:74:17:ff:54:db:4e:0d:
                    26:f9:fe:9c:ed:0d:83:bd:89:1b:a2:39:af:57:7c:
                    af:99:25:27:c1:06:f6:45:1b:e3:41:09:b7:82:5f:
                    39:61:d3:59:c3:a2:aa:f8:2f:b4:5c:f5:52:47:97:
                    e8:59:9b:66:21:e5:fc:1f:d9:1a:bd:ff:5d:45:68:
                    8d:8f:6e:39:c5:57:c8:fe:84:dd:c8:c8:51:cc:5d:
                    e3:93:56:1d:e3:90:fd:44:4d:e8:6c:f8:89:7a:c8:
                    1f:fa:96:2d:ea:c5:7e:a3:65:e8:15:ca:11:0b:84:
                    95:e5:73:99:55:09:f4:18:11:71:39:c2:9f:f2:2a:
                    bb:36:6a:d9:4f:8d:44:51:f3:b8:27:94:42:8f:5b:
                    2a:13:f5:32:a5:88:b1:17:20:b6:b4:fa:86:77:ae:
                    9a:3e:dd:e4:8b:b6:30:f2:b7:c7:15:fd:19:b1:69:
                    4e:fb:05:7e:77:09:b5:c2:36:f7:28:c0:db:aa:9e:
                    9c:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:28:8D:A3:26:52:3B:52:73:03:B9:B4:FC:B6:B2:03:4F:20:17:36
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/RiiNoyZSO1JzA7m0_LayA08gFzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1240::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:44:c7:6c:7f:ab:78:70:7a:c8:6a:e9:82:4f:ce:b5:81:8f:
         13:ea:75:cb:c8:f4:ec:3e:a1:3f:46:d6:ad:3b:3c:0d:60:b7:
         d5:f9:83:18:48:e6:fe:23:3b:0a:e3:92:bd:f8:aa:37:a1:46:
         d9:ba:ac:70:52:0d:ff:0b:e6:59:60:16:81:e9:37:e1:0e:43:
         3a:2f:f5:4b:69:34:ef:bb:a2:1b:d4:40:ef:88:af:73:2b:b7:
         3e:0b:51:62:e1:58:2e:1d:ee:00:d6:36:d1:99:08:db:0c:11:
         7a:b1:84:85:55:8a:88:c8:85:22:83:ac:2b:5d:02:d5:63:29:
         8c:6e:e3:27:50:8d:ac:6d:cd:56:14:9d:46:d7:8a:bb:92:e7:
         fa:bc:7a:f5:bb:dd:65:dd:a4:19:c4:71:6e:e2:85:32:15:32:
         39:05:ef:4b:9a:9e:46:17:d6:9b:a9:a7:67:fc:9c:64:7a:1a:
         16:9f:c4:bd:71:4c:4f:db:77:36:30:fb:d5:a4:7b:c3:f3:85:
         62:11:1d:0d:d9:57:a1:99:b8:4c:68:58:2e:18:68:e4:6a:38:
         f0:a6:9f:9d:78:ae:49:b7:9d:a4:3f:e2:6c:41:de:2c:45:e8:
         e8:15:64:d8:23:3e:10:45:d3:6c:2e:3c:9f:5d:c9:02:64:08:
         92:d2:c9:d5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH+Ftx/mHN3G+EW9GF723MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjUwMTAxMTM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjI4OGRhMzI2NTIzYjUyNzMwM2I5YjRmY2I2YjIwMzRmMjAxNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBUGBSmvj9d/oAO4l3XDt03Pl88I
Lna/1BTOL50yL19q3zk0xkk2EER36+Hw/icqK6VJ+SmSb81ZFjZh14JTYkpKfXQX
/1TbTg0m+f6c7Q2DvYkbojmvV3yvmSUnwQb2RRvjQQm3gl85YdNZw6Kq+C+0XPVS
R5foWZtmIeX8H9kavf9dRWiNj245xVfI/oTdyMhRzF3jk1Yd45D9RE3obPiJesgf
+pYt6sV+o2XoFcoRC4SV5XOZVQn0GBFxOcKf8iq7NmrZT41EUfO4J5RCj1sqE/Uy
pYixFyC2tPqGd66aPt3ki7Yw8rfHFf0ZsWlO+wV+dwm1wjb3KMDbqp6cRQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEYojaMmUjtScwO5tPy2sgNPIBc2MB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvUmlpTm95WlNPMUp6QTdtMF9MYXlBMDhnRnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhISQDAN
BgkqhkiG9w0BAQsFAAOCAQEAIUTHbH+reHB6yGrpgk/OtYGPE+p1y8j07D6hP0bW
rTs8DWC31fmDGEjm/iM7CuOSvfiqN6FG2bqscFIN/wvmWWAWgek34Q5DOi/1S2k0
77uiG9RA74ivcyu3PgtRYuFYLh3uANY20ZkI2wwRerGEhVWKiMiFIoOsK10C1WMp
jG7jJ1CNrG3NVhSdRteKu5Ln+rx69bvdZd2kGcRxbuKFMhUyOQXvS5qeRhfWm6mn
Z/ycZHoaFp/EvXFMT9t3NjD71aR7w/OFYhEdDdlXoZm4TGhYLhho5Go48KafnXiu
SbedpD/ibEHeLEXo6BVk2CM+EEXTbC48n13JAmQIktLJ1Q==
-----END CERTIFICATE-----