Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/P64zczG9_fPLEGRbBL4JodHkeaw.roa
File:                     P64zczG9_fPLEGRbBL4JodHkeaw.roa (raw, json)
Hash identifier:          l89z0Hs2bssw7Rq7oghjDJfZA8NTWwTkC8W/BFhmwlU=
Subject key identifier:   3F:AE:33:73:31:BD:FD:F3:CB:10:64:5B:04:BE:09:A1:D1:E4:79:AC
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       018CC500A60FE108E0DA1B82CBB238523007
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/P64zczG9_fPLEGRbBL4JodHkeaw.roa
Signing time:             Mon 01 Jan 2024 12:30:03 +0000
ROA not before:           Mon 01 Jan 2024 12:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211696
IP address blocks:        2a12:4946:9900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a6:0f:e1:08:e0:da:1b:82:cb:b2:38:52:30:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Jan  1 12:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fae337331bdfdf3cb10645b04be09a1d1e479ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:59:d2:f7:67:58:c9:14:28:9f:99:3f:6b:5e:
                    8d:17:cd:76:8d:e6:fe:24:16:65:9a:3f:96:c2:03:
                    13:9e:ab:5f:2b:a8:ec:f5:a4:5a:1b:db:95:e4:38:
                    a6:ea:d7:80:fa:75:39:6a:84:a8:b7:1f:82:3e:cf:
                    3c:4a:f8:72:7a:f1:58:d8:ec:36:fd:01:f8:71:f9:
                    78:3c:b4:e6:5a:37:1c:13:63:98:aa:2c:96:16:f7:
                    3f:f7:70:9e:f8:7c:3b:ce:3a:ca:28:97:5e:af:de:
                    24:82:0d:de:fd:b0:88:b4:ec:5a:d5:65:cf:75:cb:
                    ae:55:47:01:bb:a3:49:7b:ff:d4:10:6c:ba:df:00:
                    50:1c:ee:5c:de:29:b1:27:5f:84:63:eb:20:66:5e:
                    42:9b:22:dd:d2:20:b1:65:d0:fa:a4:10:fd:3e:74:
                    ee:fa:41:46:00:10:0e:a2:33:75:45:86:3f:68:77:
                    53:19:7d:1c:3d:da:b2:e0:4c:aa:1f:f4:46:ac:e3:
                    ff:9d:9b:34:11:d6:e4:b9:d8:88:d8:d8:2b:7b:71:
                    c6:f8:fb:65:58:64:79:60:5e:bb:d5:6a:6d:a0:c8:
                    5a:51:4d:b7:b6:24:c5:34:b6:37:6d:fb:73:5d:49:
                    29:2a:2d:93:68:8e:30:58:ad:8d:f6:85:ed:f7:60:
                    56:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:AE:33:73:31:BD:FD:F3:CB:10:64:5B:04:BE:09:A1:D1:E4:79:AC
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/P64zczG9_fPLEGRbBL4JodHkeaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4946:9900::/40

    Signature Algorithm: sha256WithRSAEncryption
         ae:6a:aa:eb:b9:55:14:27:08:fe:1d:6f:24:06:f4:54:8b:c3:
         4d:a7:f7:0d:1b:cd:26:ab:73:09:95:ec:e3:17:c0:d7:07:91:
         3c:1c:1d:d7:61:25:46:10:98:82:93:e9:9b:45:f0:5c:c0:26:
         82:c5:00:0f:ab:eb:46:c2:00:1e:c1:92:6a:16:59:07:10:60:
         24:2c:c1:1f:6a:04:4f:5a:31:42:86:6e:61:00:a3:af:29:36:
         99:37:32:c9:bf:30:3d:c9:cc:ab:74:bb:70:15:a3:9a:8b:50:
         86:78:79:ed:da:ce:9d:50:5f:ae:84:b8:a1:86:4a:89:c1:18:
         33:b8:9e:e5:14:cd:e1:19:17:e4:24:af:87:36:2f:a5:69:20:
         53:2c:73:be:50:60:24:eb:df:9c:b7:c5:12:ec:a0:31:03:9f:
         24:5b:23:1a:3d:66:3b:40:ee:d5:df:a0:aa:38:9f:b4:19:8a:
         24:5c:16:ab:0c:1e:c0:cc:58:20:08:39:b0:92:bc:37:e9:3a:
         9a:24:9a:86:9b:41:de:5f:f1:70:0d:23:95:41:74:dc:28:13:
         32:da:10:f5:85:c2:af:9b:d7:85:7d:d0:fa:4d:7b:28:7e:27:
         cf:bb:48:c8:20:ba:08:b7:04:6f:5a:43:bc:71:44:04:f3:76:
         4b:13:73:5e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFAKYP4Qjg2huCy7I4UjAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjQwMTAxMTIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmFlMzM3MzMxYmRmZGYzY2IxMDY0NWIwNGJlMDlhMWQxZTQ3OWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlnS92dYyRQon5k/a16NF812jeb+
JBZlmj+WwgMTnqtfK6js9aRaG9uV5Dim6teA+nU5aoSotx+CPs88SvhyevFY2Ow2
/QH4cfl4PLTmWjccE2OYqiyWFvc/93Ce+Hw7zjrKKJder94kgg3e/bCItOxa1WXP
dcuuVUcBu6NJe//UEGy63wBQHO5c3imxJ1+EY+sgZl5CmyLd0iCxZdD6pBD9PnTu
+kFGABAOojN1RYY/aHdTGX0cPdqy4EyqH/RGrOP/nZs0EdbkudiI2Ngre3HG+Ptl
WGR5YF671WptoMhaUU23tiTFNLY3bftzXUkpKi2TaI4wWK2N9oXt92BWlQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFD+uM3Mxvf3zyxBkWwS+CaHR5HmsMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvUDY0emN6RzlfZlBMRUdSYkJMNEpvZEhrZWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhJJRpkw
DQYJKoZIhvcNAQELBQADggEBAK5qquu5VRQnCP4dbyQG9FSLw02n9w0bzSarcwmV
7OMXwNcHkTwcHddhJUYQmIKT6ZtF8FzAJoLFAA+r60bCAB7BkmoWWQcQYCQswR9q
BE9aMUKGbmEAo68pNpk3Msm/MD3JzKt0u3AVo5qLUIZ4ee3azp1QX66EuKGGSonB
GDO4nuUUzeEZF+Qkr4c2L6VpIFMsc75QYCTr35y3xRLsoDEDnyRbIxo9ZjtA7tXf
oKo4n7QZiiRcFqsMHsDMWCAIObCSvDfpOpokmoabQd5f8XANI5VBdNwoEzLaEPWF
wq+b14V90PpNeyh+J8+7SMggugi3BG9aQ7xxRATzdksTc14=
-----END CERTIFICATE-----