Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/9JRK7EwR6Rg_h37a1uMH5kLd-FE.roa
File:                     9JRK7EwR6Rg_h37a1uMH5kLd-FE.roa (raw, json)
Hash identifier:          seSeyyGJGHJLolRBA5CPiq9g6rFjmIDsp1xxdhmozxQ=
Subject key identifier:   F4:94:4A:EC:4C:11:E9:18:3F:87:7E:DA:D6:E3:07:E6:42:DD:F8:51
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       0194228D17346DA4C6905E0F9D1EDFC25FF0
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/9JRK7EwR6Rg_h37a1uMH5kLd-FE.roa
Signing time:             Wed 01 Jan 2025 15:47:39 +0000
ROA not before:           Wed 01 Jan 2025 15:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215767
IP address blocks:        2a12:4946:2000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:17:34:6d:a4:c6:90:5e:0f:9d:1e:df:c2:5f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Jan  1 15:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4944aec4c11e9183f877edad6e307e642ddf851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9f:ca:bf:24:21:00:fd:76:3b:37:b6:66:aa:
                    14:c8:dd:17:20:37:ee:a1:ff:82:1a:8a:e5:e4:f9:
                    fb:d2:0d:04:9d:62:d2:bb:c1:65:b3:cf:ca:7f:eb:
                    78:06:7e:cd:17:fc:3b:bf:b0:bf:5e:4c:9a:b3:df:
                    0d:80:51:c0:12:05:ed:3e:cb:e6:14:c5:a8:79:80:
                    c1:1b:24:52:d7:06:5e:bd:02:af:ee:dc:4d:83:02:
                    14:1c:78:e8:63:bf:de:20:5e:34:83:f3:e6:1a:95:
                    c7:b7:c2:dd:65:27:fe:6a:a7:96:46:16:64:3b:fc:
                    46:53:5c:07:b9:a8:dc:e0:be:7c:78:db:f7:5a:fb:
                    a7:3b:18:7d:44:12:f9:fb:ab:c3:52:6c:51:c4:a2:
                    dc:df:f8:7c:ed:a3:b8:42:f0:ed:4b:c1:ce:06:a0:
                    3b:a0:0b:bc:a6:4e:c4:60:11:e2:9f:7a:cb:38:f8:
                    98:22:a2:85:0a:02:68:28:4d:b1:d9:e9:3a:ea:a4:
                    7c:ec:62:73:81:53:78:9b:31:f6:a0:09:bb:0c:37:
                    a8:cf:e1:65:df:66:c3:92:b8:6a:1f:22:ec:8b:96:
                    6d:ea:f2:f5:5d:be:13:ae:89:c7:bc:94:99:f2:39:
                    73:12:29:64:99:a5:4a:a3:3c:76:99:db:d0:bb:1a:
                    9c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:94:4A:EC:4C:11:E9:18:3F:87:7E:DA:D6:E3:07:E6:42:DD:F8:51
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/9JRK7EwR6Rg_h37a1uMH5kLd-FE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4946:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:9b:0d:7f:f8:95:f2:71:72:1f:d7:94:5f:29:10:95:a1:42:
         cc:7c:c5:35:54:0d:97:bc:7a:b2:fb:2f:7f:92:0c:48:89:4f:
         0e:9d:7b:dd:19:17:c5:e9:87:0a:ab:f3:c2:a5:7a:8d:b9:b4:
         08:52:04:a6:15:49:a4:78:0f:d7:b8:91:ea:94:38:ca:25:ab:
         88:a9:dc:8f:4c:0c:30:20:70:bc:cd:67:c7:23:8e:28:a2:c8:
         d3:e1:1b:ad:bb:37:0d:2e:21:7e:eb:53:ac:9f:7e:d5:7b:56:
         ba:2b:6a:aa:f1:ca:55:7d:79:b5:98:a8:08:53:9b:3b:71:91:
         d0:c0:37:70:05:b3:0b:98:b4:88:71:65:b7:71:8b:ad:9b:2b:
         88:76:8c:34:b2:a2:0c:e3:50:b3:95:37:d2:2b:80:7d:c8:7d:
         18:25:a7:7c:ed:70:e9:74:14:cd:68:b3:f0:8c:00:d2:f5:0c:
         b6:d0:fc:27:05:ed:e6:2f:10:b5:95:71:34:c7:0e:e3:a8:2d:
         ed:a0:60:dc:61:e2:ee:f6:0b:82:05:97:b7:7c:84:74:3d:23:
         a1:63:a9:58:d7:11:06:72:79:83:c7:7c:0d:25:39:c5:bc:f1:
         a7:a2:79:e4:5f:7c:99:06:33:a7:eb:9c:30:dc:83:20:06:80:
         cc:14:34:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijRc0baTGkF4PnR7fwl/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjUwMTAxMTU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDk0NGFlYzRjMTFlOTE4M2Y4NzdlZGFkNmUzMDdlNjQyZGRmODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp/KvyQhAP12Oze2ZqoUyN0XIDfu
of+CGorl5Pn70g0EnWLSu8Fls8/Kf+t4Bn7NF/w7v7C/Xkyas98NgFHAEgXtPsvm
FMWoeYDBGyRS1wZevQKv7txNgwIUHHjoY7/eIF40g/PmGpXHt8LdZSf+aqeWRhZk
O/xGU1wHuajc4L58eNv3WvunOxh9RBL5+6vDUmxRxKLc3/h87aO4QvDtS8HOBqA7
oAu8pk7EYBHin3rLOPiYIqKFCgJoKE2x2ek66qR87GJzgVN4mzH2oAm7DDeoz+Fl
32bDkrhqHyLsi5Zt6vL1Xb4TronHvJSZ8jlzEilkmaVKozx2mdvQuxqcpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPSUSuxMEekYP4d+2tbjB+ZC3fhRMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvOUpSSzdFd1I2UmdfaDM3YTF1TUg1a0xkLUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhJJRiAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCbmw1/+JXycXIf15RfKRCVoULMfMU1VA2XvHqy
+y9/kgxIiU8OnXvdGRfF6YcKq/PCpXqNubQIUgSmFUmkeA/XuJHqlDjKJauIqdyP
TAwwIHC8zWfHI44oosjT4RutuzcNLiF+61Osn37Ve1a6K2qq8cpVfXm1mKgIU5s7
cZHQwDdwBbMLmLSIcWW3cYutmyuIdow0sqIM41CzlTfSK4B9yH0YJad87XDpdBTN
aLPwjADS9Qy20PwnBe3mLxC1lXE0xw7jqC3toGDcYeLu9guCBZe3fIR0PSOhY6lY
1xEGcnmDx3wNJTnFvPGnonnkX3yZBjOn65ww3IMgBoDMFDTp
-----END CERTIFICATE-----