Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/TBnbIzlh-BKbahkJ3E7jSuQuQaY.roa
File:                     TBnbIzlh-BKbahkJ3E7jSuQuQaY.roa (raw, json)
Hash identifier:          wANue+0BieEbIbGU0PO+SRCogjBRNdJwQ6IIP6xIdvM=
Subject key identifier:   4C:19:DB:23:39:61:F8:12:9B:6A:19:09:DC:4E:E3:4A:E4:2E:41:A6
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       0194228D124B6938F6ED6433C289AAA1AEEB
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/TBnbIzlh-BKbahkJ3E7jSuQuQaY.roa
Signing time:             Wed 01 Jan 2025 15:47:38 +0000
ROA not before:           Wed 01 Jan 2025 15:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202437
IP address blocks:        2a12:4946:4020::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:12:4b:69:38:f6:ed:64:33:c2:89:aa:a1:ae:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Jan  1 15:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c19db233961f8129b6a1909dc4ee34ae42e41a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4a:47:e6:6d:12:31:45:38:49:e0:28:da:03:
                    25:82:a0:28:d2:7a:7d:a2:14:19:4a:2d:45:60:42:
                    7d:c9:9c:fc:19:5f:10:2a:b1:02:86:72:bd:53:85:
                    28:8c:3c:1b:26:a4:33:49:8f:eb:49:a3:26:5f:5f:
                    a7:63:c0:76:f8:6d:19:4d:07:96:ba:23:a5:92:01:
                    8f:3d:1c:90:80:2f:0d:20:0d:08:17:dd:3e:b2:c7:
                    ce:54:15:63:91:a0:47:b7:a3:d6:50:90:cc:ab:61:
                    c5:80:1f:aa:6f:73:25:3f:7b:14:08:8a:a0:f3:0b:
                    0d:ad:a8:82:2f:6b:b1:56:08:ef:c4:62:62:6a:af:
                    8b:71:e6:e7:a0:e3:df:6c:2f:57:fc:d5:bf:4e:56:
                    08:26:20:61:bb:2f:4d:38:3a:d5:55:6f:6c:03:62:
                    7a:c9:6a:f7:67:49:e6:c2:fb:4a:cf:0f:3d:9a:05:
                    48:8c:dc:97:b7:28:fb:38:1a:f4:b6:62:f6:b9:77:
                    cd:a4:75:b5:65:99:d8:df:16:69:b0:f6:8a:9a:cd:
                    b4:f3:5a:b9:a4:a2:ce:55:4d:0e:91:05:d2:30:4b:
                    33:5a:87:ae:57:68:dd:75:b0:6e:1b:c6:f8:e3:76:
                    9a:96:08:63:df:c7:3e:c6:ab:1f:43:2c:6d:4d:b8:
                    bf:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:19:DB:23:39:61:F8:12:9B:6A:19:09:DC:4E:E3:4A:E4:2E:41:A6
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/TBnbIzlh-BKbahkJ3E7jSuQuQaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4946:4020::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:83:74:cd:95:12:0a:f5:85:e9:10:92:ed:4d:01:72:cd:af:
         d6:9d:99:97:0a:86:2f:24:8a:0f:74:04:a1:3f:17:9a:61:24:
         f9:9c:a8:d4:63:fd:9b:42:21:7d:d5:23:58:39:86:aa:3a:fa:
         47:6c:fa:4c:02:25:b5:13:63:2c:9b:94:de:a8:23:b7:b7:5c:
         7f:c2:64:d7:02:b5:07:b2:2a:67:9f:a8:9e:71:a4:6d:ca:c8:
         2e:98:28:73:88:49:92:99:00:54:de:07:a2:ce:1f:91:11:99:
         62:2b:ac:2e:fc:70:d5:72:c1:dd:4c:55:8f:1a:93:0e:51:7b:
         74:c8:7c:e1:0d:54:26:7f:9e:9c:a3:6a:c6:fa:78:cc:94:c3:
         84:2a:34:58:62:68:71:dd:a2:c0:1a:60:37:2f:83:10:cd:e5:
         97:47:7b:7f:8f:1b:2b:5f:a2:9e:35:b2:b0:c1:87:c8:b1:4e:
         d3:e9:91:27:f4:45:04:0f:3f:f3:1d:a7:61:90:5c:33:54:95:
         73:c5:3e:8c:26:a5:6d:8d:db:b1:13:06:eb:b3:0a:32:37:47:
         a5:0b:79:4d:b2:eb:7d:05:db:42:1a:bd:9c:7f:f6:4a:9e:d3:
         64:81:31:ab:de:f7:ad:b1:8a:15:14:14:7a:84:10:2b:9e:51:
         6d:f5:8d:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijRJLaTj27WQzwomqoa7rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjUwMTAxMTU0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzE5ZGIyMzM5NjFmODEyOWI2YTE5MDlkYzRlZTM0YWU0MmU0MWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUpH5m0SMUU4SeAo2gMlgqAo0np9
ohQZSi1FYEJ9yZz8GV8QKrEChnK9U4UojDwbJqQzSY/rSaMmX1+nY8B2+G0ZTQeW
uiOlkgGPPRyQgC8NIA0IF90+ssfOVBVjkaBHt6PWUJDMq2HFgB+qb3MlP3sUCIqg
8wsNraiCL2uxVgjvxGJiaq+LcebnoOPfbC9X/NW/TlYIJiBhuy9NODrVVW9sA2J6
yWr3Z0nmwvtKzw89mgVIjNyXtyj7OBr0tmL2uXfNpHW1ZZnY3xZpsPaKms2081q5
pKLOVU0OkQXSMEszWoeuV2jddbBuG8b443aalghj38c+xqsfQyxtTbi/NQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEwZ2yM5YfgSm2oZCdxO40rkLkGmMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvVEJuYkl6bGgtQktiYWhrSjNFN2pTdVF1UWFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhJJRkAg
MA0GCSqGSIb3DQEBCwUAA4IBAQB9g3TNlRIK9YXpEJLtTQFyza/WnZmXCoYvJIoP
dAShPxeaYST5nKjUY/2bQiF91SNYOYaqOvpHbPpMAiW1E2Msm5TeqCO3t1x/wmTX
ArUHsipnn6iecaRtysgumChziEmSmQBU3geizh+REZliK6wu/HDVcsHdTFWPGpMO
UXt0yHzhDVQmf56co2rG+njMlMOEKjRYYmhx3aLAGmA3L4MQzeWXR3t/jxsrX6Ke
NbKwwYfIsU7T6ZEn9EUEDz/zHadhkFwzVJVzxT6MJqVtjduxEwbrswoyN0elC3lN
sut9BdtCGr2cf/ZKntNkgTGr3vetsYoVFBR6hBArnlFt9Y0h
-----END CERTIFICATE-----