Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/Xa_--512AXu8oQGuf95npJYWMXk.roa
File:                     Xa_--512AXu8oQGuf95npJYWMXk.roa (raw, json)
Hash identifier:          A9KMH/dmI4aRV/CVgD5uUkhbEHonAFiB+bHlP4dCpRs=
Subject key identifier:   5D:AF:FE:FB:9D:76:01:7B:BC:A1:01:AE:7F:DE:67:A4:96:16:31:79
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       018CC500A3B1CF14F74FC0F9B053E79208E3
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/Xa_--512AXu8oQGuf95npJYWMXk.roa
Signing time:             Mon 01 Jan 2024 12:30:02 +0000
ROA not before:           Mon 01 Jan 2024 12:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202437
IP address blocks:        2a12:4946:4020::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a3:b1:cf:14:f7:4f:c0:f9:b0:53:e7:92:08:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Jan  1 12:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5daffefb9d76017bbca101ae7fde67a496163179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:77:8f:2a:3e:3c:35:ff:44:48:57:78:ec:f4:
                    86:78:a5:2a:41:0b:1f:8a:71:aa:3c:dc:a2:a6:64:
                    73:2a:6a:55:8e:41:59:02:91:ce:55:ab:9f:ce:6d:
                    49:4b:48:ae:63:f9:98:c9:2a:b2:b2:47:d0:61:52:
                    c6:ab:26:20:bf:0f:3c:f5:bd:b2:84:fc:4a:d8:8d:
                    e0:2b:d8:da:c3:5a:9a:90:c5:47:da:3a:96:0e:cf:
                    c7:57:4d:d0:09:37:1d:50:ee:f5:53:11:26:00:87:
                    8a:69:df:a9:3d:67:80:29:9c:09:bf:cd:2b:9f:ba:
                    73:bd:db:b6:5c:ba:c5:a3:d0:36:07:97:22:78:d8:
                    0e:19:ff:f1:b3:e5:dd:04:2c:ad:b2:a3:d6:68:79:
                    91:2a:80:ec:91:83:9f:51:7f:0b:28:8b:69:1b:59:
                    51:97:f5:b4:80:83:e4:f8:a4:3a:b4:95:35:fe:1f:
                    67:e9:90:b4:ee:ec:df:a8:16:00:26:06:90:d6:76:
                    85:b0:d1:b0:36:15:da:bd:74:fb:ff:86:24:7d:47:
                    e9:e8:0f:25:44:19:e9:3e:9a:da:ea:44:a3:ea:ee:
                    7c:de:db:5a:a9:ea:0f:2e:e0:56:93:67:9a:0c:7d:
                    bf:97:1f:8e:3e:68:08:5a:c1:2a:22:59:72:a9:47:
                    1a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:AF:FE:FB:9D:76:01:7B:BC:A1:01:AE:7F:DE:67:A4:96:16:31:79
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/Xa_--512AXu8oQGuf95npJYWMXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4946:4020::/44

    Signature Algorithm: sha256WithRSAEncryption
         a0:40:20:fa:8c:77:48:1f:62:61:e2:e8:ad:75:2c:11:5b:f1:
         d4:c3:b5:2f:ef:bf:3a:6c:a4:b1:be:bc:f8:fa:df:b1:ec:89:
         51:f4:28:a4:9b:3c:9e:3b:98:9b:9a:25:9e:54:8b:ed:6a:d5:
         a1:d1:e9:15:0f:83:c6:87:26:32:29:71:c5:16:f0:ba:7d:aa:
         bf:6a:95:95:b3:6a:64:af:73:8e:80:7d:34:f6:80:af:81:20:
         39:29:59:9e:a2:8b:ce:ee:33:66:47:8d:6e:3a:ad:b2:43:b4:
         9a:ae:c0:a1:05:ce:9b:56:52:c9:70:56:33:b2:28:d1:ce:ba:
         46:5e:08:6d:15:af:aa:b0:9f:e4:73:e8:6f:9c:50:ce:c1:d0:
         e0:b2:43:6f:e4:42:d1:a0:12:e2:c2:db:22:56:49:8a:f5:e8:
         cf:86:eb:5f:d1:78:de:7e:01:16:df:2c:64:3c:20:61:d2:57:
         9d:40:83:13:53:0a:83:e3:ac:76:ac:a8:15:5e:82:49:2c:41:
         c6:c6:1e:3b:fd:5b:42:d3:10:47:a9:c2:ff:6a:85:0f:95:89:
         bf:02:00:fa:da:ba:e0:6a:e6:58:59:1a:f0:6f:3f:29:68:79:
         c5:bd:0b:9e:20:34:39:a4:aa:cf:c8:cb:fa:59:f7:92:6b:b7:
         0c:93:4f:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAKOxzxT3T8D5sFPnkgjjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjQwMTAxMTIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGFmZmVmYjlkNzYwMTdiYmNhMTAxYWU3ZmRlNjdhNDk2MTYzMTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHePKj48Nf9ESFd47PSGeKUqQQsf
inGqPNyipmRzKmpVjkFZApHOVaufzm1JS0iuY/mYySqyskfQYVLGqyYgvw889b2y
hPxK2I3gK9jaw1qakMVH2jqWDs/HV03QCTcdUO71UxEmAIeKad+pPWeAKZwJv80r
n7pzvdu2XLrFo9A2B5cieNgOGf/xs+XdBCytsqPWaHmRKoDskYOfUX8LKItpG1lR
l/W0gIPk+KQ6tJU1/h9n6ZC07uzfqBYAJgaQ1naFsNGwNhXavXT7/4YkfUfp6A8l
RBnpPpra6kSj6u583ttaqeoPLuBWk2eaDH2/lx+OPmgIWsEqIllyqUcaJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF2v/vuddgF7vKEBrn/eZ6SWFjF5MB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvWGFfLS01MTJBWHU4b1FHdWY5NW5wSllXTVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhJJRkAg
MA0GCSqGSIb3DQEBCwUAA4IBAQCgQCD6jHdIH2Jh4uitdSwRW/HUw7Uv7786bKSx
vrz4+t+x7IlR9CikmzyeO5ibmiWeVIvtatWh0ekVD4PGhyYyKXHFFvC6faq/apWV
s2pkr3OOgH009oCvgSA5KVmeoovO7jNmR41uOq2yQ7SarsChBc6bVlLJcFYzsijR
zrpGXghtFa+qsJ/kc+hvnFDOwdDgskNv5ELRoBLiwtsiVkmK9ejPhutf0XjefgEW
3yxkPCBh0ledQIMTUwqD46x2rKgVXoJJLEHGxh47/VtC0xBHqcL/aoUPlYm/AgD6
2rrgauZYWRrwbz8paHnFvQueIDQ5pKrPyMv6WfeSa7cMk09s
-----END CERTIFICATE-----