Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/mUlWun6okGpXWk8DJXV0ksak18c.roa
File:                     mUlWun6okGpXWk8DJXV0ksak18c.roa (raw, json)
Hash identifier:          JExaI5wWNsGuu3cK5IsS5PrW6vNnJRD2oshT5e/YVLc=
Subject key identifier:   99:49:56:BA:7E:A8:90:6A:57:5A:4F:03:25:75:74:92:C6:A4:D7:C7
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       018CC500A5A66CEE7F823112E0680A111C77
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/mUlWun6okGpXWk8DJXV0ksak18c.roa
Signing time:             Mon 01 Jan 2024 12:30:03 +0000
ROA not before:           Mon 01 Jan 2024 12:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211184
IP address blocks:        2a12:4946:4000::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a5:a6:6c:ee:7f:82:31:12:e0:68:0a:11:1c:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Jan  1 12:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=994956ba7ea8906a575a4f0325757492c6a4d7c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fc:4c:f2:e4:8c:9c:63:52:dd:e9:b7:9d:62:
                    ae:62:4c:6f:0d:44:85:99:2b:ae:42:15:39:00:e8:
                    3c:e0:40:d6:4b:de:ce:19:d2:48:4b:61:38:76:5f:
                    41:47:a4:6f:bf:cc:5c:17:77:e0:27:85:8e:8d:58:
                    d2:e8:f5:2e:d7:05:f9:6f:21:67:ce:ef:39:db:9d:
                    a6:e6:84:3d:c0:e4:35:c1:47:e6:16:c1:5b:c5:eb:
                    fe:03:97:48:86:02:f4:a7:8c:2d:e3:8a:62:2d:b3:
                    fb:f0:74:ee:15:bd:47:77:27:c4:35:f6:64:dd:52:
                    66:97:82:b3:1c:2d:9c:1e:13:65:bd:29:60:58:38:
                    d0:24:9d:9a:93:77:66:74:c2:97:24:0e:a8:63:2a:
                    38:ca:cc:10:87:bf:4a:13:a0:b6:91:c7:e3:06:8f:
                    79:df:6f:10:d0:bb:2c:c7:36:42:0e:b5:f1:0c:6c:
                    ca:5a:06:2d:23:cf:14:5f:cc:da:28:92:ba:61:4f:
                    80:c2:86:b7:d5:64:5e:ee:99:7d:0b:18:50:0f:74:
                    b7:df:7c:ec:dc:6f:dc:f3:1c:08:da:7e:f0:83:44:
                    20:62:30:75:32:9e:ad:81:cd:f9:f6:f3:5d:a9:65:
                    a9:69:00:76:d8:cb:3c:d9:42:ec:8a:48:5f:39:8f:
                    47:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:49:56:BA:7E:A8:90:6A:57:5A:4F:03:25:75:74:92:C6:A4:D7:C7
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/mUlWun6okGpXWk8DJXV0ksak18c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4946:4000::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:0b:a2:5a:e1:87:bc:27:fb:15:90:88:d9:ce:c8:6d:9e:7f:
         c3:fb:8f:de:5e:1a:89:dc:0b:92:28:ce:e3:b3:95:64:30:52:
         6f:a9:1e:76:3b:d7:2b:a0:08:6e:0e:c0:54:9b:ee:04:de:81:
         3f:80:95:2c:db:39:9b:d4:57:65:87:f3:41:c0:08:c3:cf:a2:
         66:cf:e9:b7:ec:08:78:96:29:b6:dd:ab:95:10:c7:cd:b6:fb:
         05:5d:f1:86:eb:af:ad:5b:50:b2:45:1d:6d:a5:fa:20:0d:4f:
         d9:e9:39:2d:4b:4a:31:bd:59:07:ab:20:04:e2:be:3e:e9:6a:
         16:34:22:bd:5a:f0:60:35:c0:c7:3e:d0:33:77:de:3a:3b:f4:
         0e:99:cd:4b:ff:48:9e:66:a9:f9:b1:f9:ff:4b:62:a1:ac:41:
         f4:17:47:47:84:44:ab:59:82:ad:5d:73:8d:cc:89:d6:b8:53:
         de:89:aa:b9:43:cd:31:a3:ec:f1:d4:15:34:24:d6:92:31:00:
         f6:67:5a:a0:22:3b:3e:e3:56:54:a1:c1:52:fa:d9:58:12:49:
         98:26:83:14:c4:d7:78:39:49:3e:e5:85:d2:30:e2:e8:aa:b0:
         65:68:db:3d:e7:25:b0:3d:a9:5e:62:52:c1:0c:66:cc:e1:5e:
         a6:ba:40:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAKWmbO5/gjES4GgKERx3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjQwMTAxMTIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTQ5NTZiYTdlYTg5MDZhNTc1YTRmMDMyNTc1NzQ5MmM2YTRkN2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovxM8uSMnGNS3em3nWKuYkxvDUSF
mSuuQhU5AOg84EDWS97OGdJIS2E4dl9BR6Rvv8xcF3fgJ4WOjVjS6PUu1wX5byFn
zu85252m5oQ9wOQ1wUfmFsFbxev+A5dIhgL0p4wt44piLbP78HTuFb1HdyfENfZk
3VJml4KzHC2cHhNlvSlgWDjQJJ2ak3dmdMKXJA6oYyo4yswQh79KE6C2kcfjBo95
328Q0LssxzZCDrXxDGzKWgYtI88UX8zaKJK6YU+Awoa31WRe7pl9CxhQD3S333zs
3G/c8xwI2n7wg0QgYjB1Mp6tgc359vNdqWWpaQB22Ms82ULsikhfOY9HtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJlJVrp+qJBqV1pPAyV1dJLGpNfHMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvbVVsV3VuNm9rR3BYV2s4REpYVjBrc2FrMThjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhJJRkAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBlC6Ja4Ye8J/sVkIjZzshtnn/D+4/eXhqJ3AuS
KM7js5VkMFJvqR52O9croAhuDsBUm+4E3oE/gJUs2zmb1Fdlh/NBwAjDz6Jmz+m3
7Ah4lim23auVEMfNtvsFXfGG66+tW1CyRR1tpfogDU/Z6TktS0oxvVkHqyAE4r4+
6WoWNCK9WvBgNcDHPtAzd946O/QOmc1L/0ieZqn5sfn/S2KhrEH0F0dHhESrWYKt
XXONzInWuFPeiaq5Q80xo+zx1BU0JNaSMQD2Z1qgIjs+41ZUocFS+tlYEkmYJoMU
xNd4OUk+5YXSMOLoqrBlaNs95yWwPaleYlLBDGbM4V6mukAs
-----END CERTIFICATE-----