Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/jSMmmDD5u-WGjPr0NoF-dAnCro8.roa
File:                     jSMmmDD5u-WGjPr0NoF-dAnCro8.roa (raw, json)
Hash identifier:          HGYnE0kFxYhe3NufQodCWVmaufY4q8Mj0iaqhDWRPg8=
Subject key identifier:   8D:23:26:98:30:F9:BB:E5:86:8C:FA:F4:36:81:7E:74:09:C2:AE:8F
Certificate issuer:       /CN=2c9979ea38b9dbddca74b7bfa73768b57bffc12f
Certificate serial:       018CC64B3E53C342B50AFAB8CEFF36FFACB6
Authority key identifier: 2C:99:79:EA:38:B9:DB:DD:CA:74:B7:BF:A7:37:68:B5:7B:FF:C1:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LJl56ji5293KdLe_pzdotXv_wS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/jSMmmDD5u-WGjPr0NoF-dAnCro8.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197789
IP address blocks:        2a12:9ac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/LJl56ji5293KdLe_pzdotXv_wS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/LJl56ji5293KdLe_pzdotXv_wS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LJl56ji5293KdLe_pzdotXv_wS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3e:53:c3:42:b5:0a:fa:b8:ce:ff:36:ff:ac:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c9979ea38b9dbddca74b7bfa73768b57bffc12f
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d23269830f9bbe5868cfaf436817e7409c2ae8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:8a:20:1c:a1:cd:8a:4d:42:2b:aa:ec:57:7a:
                    38:9e:8e:95:31:c2:86:4e:80:62:4a:be:ab:5b:fa:
                    88:0e:4c:6e:43:38:d0:d1:5f:c1:7b:11:06:36:ca:
                    ee:3f:1f:e6:ca:1e:08:4a:b6:17:25:e8:fe:41:98:
                    fd:3b:31:8b:b6:67:55:4d:ad:55:af:8c:2b:fa:c6:
                    22:5a:34:d1:ab:f1:8d:e3:ee:55:af:39:06:9a:f9:
                    3f:1f:b4:ff:5e:4d:53:de:5e:38:38:7b:5d:1c:5c:
                    e8:bd:77:6e:6b:47:54:ec:2b:18:ef:13:d1:0c:48:
                    6a:84:49:36:1d:3b:91:96:8f:e8:8c:5a:0e:af:5a:
                    4a:87:6c:10:5a:93:19:17:b7:4d:45:22:1b:59:ae:
                    a8:ae:87:b3:2f:fa:86:3c:f6:c8:60:85:8a:f3:30:
                    3f:1b:cb:d2:ed:9b:2b:e4:7a:a9:a3:5c:9c:24:a3:
                    cf:91:1b:6f:25:3f:e3:cc:ab:08:d1:58:b6:de:cb:
                    68:a4:f2:ad:aa:5c:8c:ed:1f:95:c0:80:cd:0d:76:
                    cb:46:39:1a:fe:00:95:ff:a0:54:79:83:72:bd:5b:
                    1a:c6:0e:c4:8e:b5:d7:53:d7:e4:21:bb:fb:5a:1a:
                    30:7b:0b:0b:55:96:d2:26:b4:e9:a1:cd:cf:e7:e8:
                    1b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:23:26:98:30:F9:BB:E5:86:8C:FA:F4:36:81:7E:74:09:C2:AE:8F
            X509v3 Authority Key Identifier:
                keyid:2C:99:79:EA:38:B9:DB:DD:CA:74:B7:BF:A7:37:68:B5:7B:FF:C1:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJl56ji5293KdLe_pzdotXv_wS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/jSMmmDD5u-WGjPr0NoF-dAnCro8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6155f0-4dcb-48ce-a4ed-ac332f8d8c48/1/LJl56ji5293KdLe_pzdotXv_wS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:9ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b7:d5:d4:63:87:9e:ed:41:ad:55:e0:30:d7:4d:cc:50:49:0e:
         51:e8:9e:21:bf:a6:b7:31:f5:7a:56:f8:b9:57:ef:b7:6f:ee:
         30:e6:cc:d4:91:89:4a:31:15:d7:c1:39:0f:48:1b:e5:83:0f:
         f2:83:39:be:96:c2:09:19:e5:3f:e7:f1:02:e1:01:f0:6c:4a:
         c8:4f:05:b9:98:71:98:c0:db:db:6a:43:54:1b:9f:73:f7:11:
         5f:ca:f1:e5:20:ef:4f:ef:cc:9e:71:4b:69:68:b8:c8:af:6f:
         31:b5:a8:40:ef:ca:94:18:fe:9b:0a:8a:24:2e:1c:82:14:ce:
         81:26:cf:a1:ab:10:52:ea:91:c0:18:86:c2:8b:88:ba:e2:49:
         4e:53:33:89:97:4c:b2:fc:b7:f3:ee:2b:8c:b8:58:3d:9d:9c:
         b5:33:f9:cb:be:13:9e:5a:cf:2d:d1:44:b1:d6:ff:12:96:7e:
         58:e3:ef:2c:16:f4:2e:db:6c:58:ae:e4:f5:03:1d:fe:9b:61:
         29:17:01:4a:38:25:84:a4:63:fd:31:6e:ea:83:36:fe:f6:e1:
         ef:5a:c7:3b:b6:57:04:35:21:cf:ea:5a:6e:4e:73:0b:b9:16:
         aa:c5:a7:d9:5e:64:2c:d8:13:5f:76:29:86:93:05:80:a7:ca:
         df:6c:ac:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSz5Tw0K1Cvq4zv82/6y2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOTk3OWVhMzhiOWRiZGRjYTc0YjdiZmE3Mzc2OGI1N2Jm
ZmMxMmYwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDIzMjY5ODMwZjliYmU1ODY4Y2ZhZjQzNjgxN2U3NDA5YzJhZThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIogHKHNik1CK6rsV3o4no6VMcKG
ToBiSr6rW/qIDkxuQzjQ0V/BexEGNsruPx/myh4ISrYXJej+QZj9OzGLtmdVTa1V
r4wr+sYiWjTRq/GN4+5VrzkGmvk/H7T/Xk1T3l44OHtdHFzovXdua0dU7CsY7xPR
DEhqhEk2HTuRlo/ojFoOr1pKh2wQWpMZF7dNRSIbWa6oroezL/qGPPbIYIWK8zA/
G8vS7Zsr5Hqpo1ycJKPPkRtvJT/jzKsI0Vi23stopPKtqlyM7R+VwIDNDXbLRjka
/gCV/6BUeYNyvVsaxg7EjrXXU9fkIbv7WhowewsLVZbSJrTpoc3P5+gbXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFI0jJpgw+bvlhoz69DaBfnQJwq6PMB8GA1UdIwQY
MBaAFCyZeeo4udvdynS3v6c3aLV7/8EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEpsNTZqaTUyOTNLZExlX3B6ZG90WHZfd1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82MTU1ZjAtNGRjYi00OGNlLWE0ZWQt
YWMzMzJmOGQ4YzQ4LzEvalNNbW1ERDV1LVdHalByME5vRi1kQW5Dcm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82MTU1ZjAtNGRjYi00OGNlLWE0ZWQtYWMzMzJmOGQ4YzQ4
LzEvTEpsNTZqaTUyOTNLZExlX3B6ZG90WHZfd1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhKawDAN
BgkqhkiG9w0BAQsFAAOCAQEAt9XUY4ee7UGtVeAw103MUEkOUeieIb+mtzH1elb4
uVfvt2/uMObM1JGJSjEV18E5D0gb5YMP8oM5vpbCCRnlP+fxAuEB8GxKyE8FuZhx
mMDb22pDVBufc/cRX8rx5SDvT+/MnnFLaWi4yK9vMbWoQO/KlBj+mwqKJC4cghTO
gSbPoasQUuqRwBiGwouIuuJJTlMziZdMsvy38+4rjLhYPZ2ctTP5y74TnlrPLdFE
sdb/EpZ+WOPvLBb0LttsWK7k9QMd/pthKRcBSjglhKRj/TFu6oM2/vbh71rHO7ZX
BDUhz+pabk5zC7kWqsWn2V5kLNgTX3YphpMFgKfK32ysCA==
-----END CERTIFICATE-----