Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/W7bQwTZsp4s4wbbUJ0ve3i16r40.roa
File:                     W7bQwTZsp4s4wbbUJ0ve3i16r40.roa (raw, json)
Hash identifier:          AYJ/B8y0FOXHKNQ/Y+kgDmKCCItVlZGmRww3txtVqL4=
Subject key identifier:   5B:B6:D0:C1:36:6C:A7:8B:38:C1:B6:D4:27:4B:DE:DE:2D:7A:AF:8D
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       018CC500A6C77574009DB33D65F183405002
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/W7bQwTZsp4s4wbbUJ0ve3i16r40.roa
Signing time:             Mon 01 Jan 2024 12:30:03 +0000
ROA not before:           Mon 01 Jan 2024 12:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212389
IP address blocks:        2a12:4942:4009::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a6:c7:75:74:00:9d:b3:3d:65:f1:83:40:50:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Jan  1 12:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bb6d0c1366ca78b38c1b6d4274bdede2d7aaf8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:07:ca:7f:36:68:25:7f:14:f8:cb:8f:c5:43:
                    c6:c8:42:ca:80:24:b7:88:c2:0b:8f:ba:96:fb:29:
                    20:84:ca:c3:42:99:6e:aa:3f:4a:23:f9:d5:eb:07:
                    3e:eb:f3:06:5d:ca:ac:29:a2:60:a3:37:aa:a3:76:
                    99:35:04:4d:8e:ae:cb:a9:e5:23:ed:55:b2:1b:fe:
                    fc:7f:15:01:57:d3:af:3d:6c:92:e4:a5:26:ea:c6:
                    cc:ce:e0:ac:40:c4:eb:db:65:dd:16:f5:40:d5:42:
                    b7:7b:75:3a:9e:22:cd:04:85:85:a7:54:d2:47:6a:
                    03:ee:7a:bd:9f:33:56:bf:ad:62:0e:7a:d0:d9:6f:
                    40:83:6d:a9:5c:93:8d:06:04:f0:c3:f0:31:18:a2:
                    c5:ad:46:b0:c1:37:2a:69:49:e0:de:79:ae:62:2b:
                    c1:f3:b0:32:02:16:61:20:48:a1:04:30:48:12:2a:
                    7c:7f:90:b8:fb:a3:91:1a:91:04:57:5a:fc:86:0f:
                    0a:97:dc:2a:68:5e:0d:11:45:81:9a:7c:a8:58:90:
                    a9:19:38:04:da:8e:5b:a7:28:1f:7e:cd:a8:2f:41:
                    dc:eb:f3:22:78:47:3f:fe:31:6c:9c:f2:dd:7a:bf:
                    c4:30:37:3c:2a:54:58:ba:56:bb:3a:6f:75:1b:2d:
                    73:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:B6:D0:C1:36:6C:A7:8B:38:C1:B6:D4:27:4B:DE:DE:2D:7A:AF:8D
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/W7bQwTZsp4s4wbbUJ0ve3i16r40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4942:4009::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:59:4b:18:7f:52:73:02:cf:f6:3d:31:32:83:02:e8:f7:e9:
         7a:de:2f:21:b6:b6:02:62:7f:e7:65:77:7b:eb:83:3e:5b:0c:
         07:d6:2c:ab:a2:ed:68:eb:f3:80:a2:44:2c:88:b0:3b:e6:3c:
         b1:13:bc:93:96:78:f3:f5:a4:09:f3:8c:92:ba:25:76:61:be:
         0a:e0:1f:a5:91:fc:d5:4b:0b:bd:80:61:57:ac:2a:a2:a4:9e:
         45:31:f2:ed:c3:d8:c8:99:0f:0b:41:17:ce:02:b6:6d:59:1d:
         5c:aa:e3:1e:39:b2:da:c3:bc:86:b7:57:a4:ca:4a:e4:dd:5f:
         bd:ab:66:d6:ff:31:53:cb:5c:0a:a4:aa:23:9f:94:7a:49:97:
         08:d1:21:84:f1:50:3b:9e:48:2a:1d:b4:ba:93:5c:fc:89:f7:
         a0:48:bb:cc:24:1b:43:20:80:fd:4a:37:d9:70:06:2c:99:f4:
         3b:1d:2c:2e:78:9c:e5:04:32:9f:d1:37:99:ac:6d:ec:25:4d:
         f9:68:12:49:cf:8f:79:e0:4d:ed:21:f3:fb:d5:54:52:8c:ec:
         e8:91:38:f4:92:1a:d5:f4:da:ea:b9:6c:0d:40:e6:55:31:d5:
         66:99:f9:be:ee:ae:c3:bb:8e:57:3e:d4:42:a2:e5:be:61:38:
         9d:dc:59:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAKbHdXQAnbM9ZfGDQFACMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjQwMTAxMTIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmI2ZDBjMTM2NmNhNzhiMzhjMWI2ZDQyNzRiZGVkZTJkN2FhZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQfKfzZoJX8U+MuPxUPGyELKgCS3
iMILj7qW+ykghMrDQpluqj9KI/nV6wc+6/MGXcqsKaJgozeqo3aZNQRNjq7LqeUj
7VWyG/78fxUBV9OvPWyS5KUm6sbMzuCsQMTr22XdFvVA1UK3e3U6niLNBIWFp1TS
R2oD7nq9nzNWv61iDnrQ2W9Ag22pXJONBgTww/AxGKLFrUawwTcqaUng3nmuYivB
87AyAhZhIEihBDBIEip8f5C4+6ORGpEEV1r8hg8Kl9wqaF4NEUWBmnyoWJCpGTgE
2o5bpygffs2oL0Hc6/MieEc//jFsnPLder/EMDc8KlRYula7Om91Gy1z5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFu20ME2bKeLOMG21CdL3t4teq+NMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvVzdiUXdUWnNwNHM0d2JiVUowdmUzaTE2cjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhJJQkAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBRWUsYf1JzAs/2PTEygwLo9+l63i8htrYCYn/n
ZXd764M+WwwH1iyrou1o6/OAokQsiLA75jyxE7yTlnjz9aQJ84ySuiV2Yb4K4B+l
kfzVSwu9gGFXrCqipJ5FMfLtw9jImQ8LQRfOArZtWR1cquMeObLaw7yGt1ekykrk
3V+9q2bW/zFTy1wKpKojn5R6SZcI0SGE8VA7nkgqHbS6k1z8ifegSLvMJBtDIID9
SjfZcAYsmfQ7HSwueJzlBDKf0TeZrG3sJU35aBJJz4954E3tIfP71VRSjOzokTj0
khrV9NrquWwNQOZVMdVmmfm+7q7Du45XPtRCouW+YTid3Fn0
-----END CERTIFICATE-----