Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/wUXpSMF0Bnsox9S71vCi0cuf-FQ.roa
File:                     wUXpSMF0Bnsox9S71vCi0cuf-FQ.roa (raw, json)
Hash identifier:          PBQa0RvUJ8qvQ3qh4O1IbiFlZi9YSOC6kCbf43wr7kE=
Subject key identifier:   C1:45:E9:48:C1:74:06:7B:28:C7:D4:BB:D6:F0:A2:D1:CB:9F:F8:54
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       018D6698097FDF1E7C6760460E33B3C03D6A
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/wUXpSMF0Bnsox9S71vCi0cuf-FQ.roa
Signing time:             Thu 01 Feb 2024 21:34:16 +0000
ROA not before:           Thu 01 Feb 2024 21:34:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215767
IP address blocks:        2a12:4946:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:66:98:09:7f:df:1e:7c:67:60:46:0e:33:b3:c0:3d:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Feb  1 21:34:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c145e948c174067b28c7d4bbd6f0a2d1cb9ff854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:30:ef:27:3f:71:28:4b:05:c2:f2:6e:48:7a:
                    47:0d:b0:5a:71:dc:c8:65:c4:1a:91:af:bd:f9:45:
                    0f:a8:32:10:2b:0b:aa:3c:32:68:e4:90:8d:50:5e:
                    1d:1c:25:72:ac:24:b7:b4:11:4b:86:55:a1:09:7a:
                    57:35:b6:25:c6:e9:56:42:01:0e:1a:ad:9e:d8:f6:
                    4f:55:97:2a:4a:80:79:50:ba:a2:40:91:4e:d2:47:
                    c8:a3:4a:ae:28:6c:a1:24:87:3b:ee:bc:6a:87:be:
                    c4:b0:5c:2b:87:c5:5c:b2:32:26:f6:bb:21:fe:5c:
                    82:a7:a0:d3:b4:55:b6:22:40:60:b6:32:1d:51:45:
                    28:6b:48:1c:db:a0:f9:c1:d2:6b:1d:e1:8d:f0:4e:
                    30:83:e3:7b:6d:ad:79:4d:cb:dc:ee:24:93:1a:03:
                    b5:bc:10:16:15:83:47:a4:d5:07:1f:02:19:ba:08:
                    4c:f4:ab:2b:c5:d7:15:5f:0a:af:32:83:e6:80:1a:
                    de:d4:b0:47:0b:e0:df:89:e2:1e:d1:93:0c:23:89:
                    a1:35:bf:7d:03:8c:15:93:58:fa:9b:b0:9b:9c:21:
                    75:96:33:0b:62:65:c2:b8:8a:a9:45:d5:9b:f6:71:
                    c3:ab:f1:ac:b9:70:0a:61:6e:20:fa:22:f4:c2:2d:
                    f6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:45:E9:48:C1:74:06:7B:28:C7:D4:BB:D6:F0:A2:D1:CB:9F:F8:54
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/wUXpSMF0Bnsox9S71vCi0cuf-FQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4946:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:ca:b8:a5:50:23:b9:52:05:3b:8f:88:0a:64:19:e5:33:57:
         78:e8:35:f8:3b:ba:ff:d1:f1:24:b6:71:7d:1c:29:31:77:82:
         b2:aa:2d:35:0b:e3:23:7a:42:c2:7c:e1:37:61:65:2f:c8:19:
         b6:a9:b6:f9:02:7a:23:0b:42:82:97:7e:4b:4e:58:28:a3:3a:
         43:2a:b7:a5:04:ed:cf:08:3b:12:e7:63:68:2a:70:13:e2:75:
         54:68:d4:ad:9f:6e:b6:21:19:09:a8:62:86:cb:e5:da:6b:ea:
         59:aa:fc:c2:bf:9e:80:17:1a:ca:5f:08:e5:f8:c5:23:07:a6:
         ba:7f:0b:e8:a8:b3:6b:f1:07:89:e7:77:6a:15:ab:b9:41:35:
         6b:50:0e:99:08:43:14:2d:24:8b:b2:45:4e:bc:41:22:ff:32:
         ef:e3:24:75:f3:69:23:13:19:1c:fb:52:cc:03:29:8e:68:8c:
         bd:f5:8b:d7:6d:10:38:a4:f6:e0:d5:22:2e:aa:f5:e2:ae:9d:
         54:0f:7a:85:79:e8:b8:77:3b:d8:bb:d8:22:ed:ba:ae:af:1f:
         21:c9:39:71:c3:5e:7e:df:8a:77:1b:44:51:19:bc:b2:50:7e:
         38:2b:0c:52:df:0b:7f:a0:65:44:b7:c3:34:5b:a1:ac:c9:99:
         37:05:f9:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1mmAl/3x58Z2BGDjOzwD1qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjQwMjAxMjEzNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTQ1ZTk0OGMxNzQwNjdiMjhjN2Q0YmJkNmYwYTJkMWNiOWZmODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzDvJz9xKEsFwvJuSHpHDbBacdzI
ZcQaka+9+UUPqDIQKwuqPDJo5JCNUF4dHCVyrCS3tBFLhlWhCXpXNbYlxulWQgEO
Gq2e2PZPVZcqSoB5ULqiQJFO0kfIo0quKGyhJIc77rxqh77EsFwrh8VcsjIm9rsh
/lyCp6DTtFW2IkBgtjIdUUUoa0gc26D5wdJrHeGN8E4wg+N7ba15Tcvc7iSTGgO1
vBAWFYNHpNUHHwIZughM9KsrxdcVXwqvMoPmgBre1LBHC+DfieIe0ZMMI4mhNb99
A4wVk1j6m7CbnCF1ljMLYmXCuIqpRdWb9nHDq/GsuXAKYW4g+iL0wi32TwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMFF6UjBdAZ7KMfUu9bwotHLn/hUMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvd1VYcFNNRjBCbnNveDlTNzF2Q2kwY3VmLUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhJJRiAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB/yrilUCO5UgU7j4gKZBnlM1d46DX4O7r/0fEk
tnF9HCkxd4Kyqi01C+MjekLCfOE3YWUvyBm2qbb5AnojC0KCl35LTlgoozpDKrel
BO3PCDsS52NoKnAT4nVUaNStn262IRkJqGKGy+Xaa+pZqvzCv56AFxrKXwjl+MUj
B6a6fwvoqLNr8QeJ53dqFau5QTVrUA6ZCEMULSSLskVOvEEi/zLv4yR182kjExkc
+1LMAymOaIy99YvXbRA4pPbg1SIuqvXirp1UD3qFeei4dzvYu9gi7bqurx8hyTlx
w15+34p3G0RRGbyyUH44KwxS3wt/oGVEt8M0W6GsyZk3Bfm7
-----END CERTIFICATE-----