Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/N0aXSOTIHLywklZG4Gepfg_9EZo.roa
File:                     N0aXSOTIHLywklZG4Gepfg_9EZo.roa (raw, json)
Hash identifier:          D6aTMH/FhxEcgAEJvWlB9qC9ML5BBPoTFFAdh9O0ldM=
Subject key identifier:   37:46:97:48:E4:C8:1C:BC:B0:92:56:46:E0:67:A9:7E:0F:FD:11:9A
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       018CC500A3269343224D95DF35E5F11A495E
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/N0aXSOTIHLywklZG4Gepfg_9EZo.roa
Signing time:             Mon 01 Jan 2024 12:30:02 +0000
ROA not before:           Mon 01 Jan 2024 12:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a12:4946:1222::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 13:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a3:26:93:43:22:4d:95:df:35:e5:f1:1a:49:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Jan  1 12:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37469748e4c81cbcb0925646e067a97e0ffd119a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:88:3c:0b:75:c2:f8:01:96:bf:54:11:1e:99:
                    2c:62:d6:47:b9:4e:40:37:f4:97:41:0b:0e:36:a9:
                    60:b5:8d:58:16:0c:38:2b:fd:8b:b2:42:1e:19:29:
                    58:9f:fe:5c:5d:cf:43:d6:8a:d4:64:c4:df:43:cc:
                    ef:98:d9:98:d4:ca:c0:e4:6b:d9:62:c3:c9:ed:03:
                    5f:f0:b3:7b:6a:e0:c4:e2:b0:b3:19:96:37:e5:75:
                    ce:eb:28:82:d2:30:1e:b4:70:8c:e4:3a:92:22:ce:
                    75:c6:0a:cd:2f:fd:a7:a9:69:59:bb:a8:75:15:dd:
                    bd:58:fb:ec:d1:10:d1:4e:c5:0d:a2:fa:78:75:83:
                    2d:b8:3a:66:0d:93:9d:33:81:5b:1d:04:c3:f4:f8:
                    1b:25:0f:0d:e8:12:e9:86:63:5c:ac:31:a1:41:15:
                    15:fc:e4:69:70:ee:d7:db:d3:fc:5c:e7:71:ce:5b:
                    15:df:83:8f:e2:93:d1:74:b8:92:93:86:77:72:aa:
                    e2:c6:21:93:95:fa:6e:34:06:73:b3:4d:64:93:d3:
                    a4:c4:ae:6b:a2:20:a4:9f:e8:11:c6:22:f1:6e:1f:
                    21:a5:e4:95:c1:74:2b:f7:6e:d2:31:c1:91:d6:c0:
                    1c:2c:9c:ba:7f:53:13:c8:38:57:61:1e:05:18:9b:
                    a2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:46:97:48:E4:C8:1C:BC:B0:92:56:46:E0:67:A9:7E:0F:FD:11:9A
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/N0aXSOTIHLywklZG4Gepfg_9EZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4946:1222::/48

    Signature Algorithm: sha256WithRSAEncryption
         ca:64:4c:87:91:25:c9:66:ab:d6:6c:f1:46:bf:6c:8f:82:d7:
         8a:69:8a:b6:2b:18:47:a3:62:e6:9c:16:a2:0d:ec:df:94:c9:
         67:a2:99:a7:84:4d:79:00:67:9f:cd:3e:15:82:fd:f4:bc:6b:
         47:55:6a:5a:22:f0:0f:63:96:b5:9d:52:e9:57:3d:23:45:80:
         48:74:d2:5a:9e:2f:40:c5:e9:85:4d:56:84:97:3a:6d:55:e2:
         95:e3:6d:1c:fe:0f:12:95:cc:44:69:39:28:84:2f:0f:78:96:
         2a:b9:56:9c:c8:a1:22:df:46:c7:47:34:7e:8c:34:9d:3e:82:
         a1:7b:d9:a7:82:7c:0a:d7:dc:11:67:59:f1:bc:43:f4:83:0a:
         84:2b:98:ef:b9:a6:0d:1b:f4:0c:fd:1c:81:21:ab:48:eb:12:
         f4:c2:e6:41:27:c7:29:a4:8d:30:3b:37:00:12:3d:75:bd:27:
         7c:ce:ba:5c:4b:78:39:83:6e:83:7a:67:c8:02:70:93:e0:38:
         56:75:c4:0e:b7:e7:c8:93:ac:12:58:f7:34:70:1d:49:32:71:
         07:3c:3e:18:9b:3e:cf:58:c1:c0:8e:cc:f6:1f:bd:c0:c6:7b:
         25:84:61:5d:61:04:06:eb:92:f0:aa:74:b9:43:ec:e9:27:f2:
         98:b6:55:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAKMmk0MiTZXfNeXxGkleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjQwMTAxMTIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQ2OTc0OGU0YzgxY2JjYjA5MjU2NDZlMDY3YTk3ZTBmZmQxMTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIg8C3XC+AGWv1QRHpksYtZHuU5A
N/SXQQsONqlgtY1YFgw4K/2LskIeGSlYn/5cXc9D1orUZMTfQ8zvmNmY1MrA5GvZ
YsPJ7QNf8LN7auDE4rCzGZY35XXO6yiC0jAetHCM5DqSIs51xgrNL/2nqWlZu6h1
Fd29WPvs0RDRTsUNovp4dYMtuDpmDZOdM4FbHQTD9PgbJQ8N6BLphmNcrDGhQRUV
/ORpcO7X29P8XOdxzlsV34OP4pPRdLiSk4Z3cqrixiGTlfpuNAZzs01kk9OkxK5r
oiCkn+gRxiLxbh8hpeSVwXQr927SMcGR1sAcLJy6f1MTyDhXYR4FGJuiWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDdGl0jkyBy8sJJWRuBnqX4P/RGaMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvTjBhWFNPVElITHl3a2xaRzRHZXBmZ185RVpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhJJRhIi
MA0GCSqGSIb3DQEBCwUAA4IBAQDKZEyHkSXJZqvWbPFGv2yPgteKaYq2KxhHo2Lm
nBaiDezflMlnopmnhE15AGefzT4Vgv30vGtHVWpaIvAPY5a1nVLpVz0jRYBIdNJa
ni9AxemFTVaElzptVeKV420c/g8SlcxEaTkohC8PeJYquVacyKEi30bHRzR+jDSd
PoKhe9mngnwK19wRZ1nxvEP0gwqEK5jvuaYNG/QM/RyBIatI6xL0wuZBJ8cppI0w
OzcAEj11vSd8zrpcS3g5g26DemfIAnCT4DhWdcQOt+fIk6wSWPc0cB1JMnEHPD4Y
mz7PWMHAjsz2H73AxnslhGFdYQQG65LwqnS5Q+zpJ/KYtlXv
-----END CERTIFICATE-----