Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/Y13ILNS63KARDK76GHeup0uuPmo.roa
File:                     Y13ILNS63KARDK76GHeup0uuPmo.roa (raw, json)
Hash identifier:          PcJwuBhDphQip+GtQQkq37CDhvrIrOsQRyfq31PfBMM=
Subject key identifier:   63:5D:C8:2C:D4:BA:DC:A0:11:0C:AE:FA:18:77:AE:A7:4B:AE:3E:6A
Certificate issuer:       /CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Certificate serial:       018F0C4300574D31B00BFF2B65E0E3618045
Authority key identifier: 2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/Y13ILNS63KARDK76GHeup0uuPmo.roa
Signing time:             Tue 23 Apr 2024 18:41:08 +0000
ROA not before:           Tue 23 Apr 2024 18:41:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a12:9503::/32 maxlen: 32
                          2a12:9505::/32 maxlen: 32
                          2a12:9506::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Nov 2024 14:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0c:43:00:57:4d:31:b0:0b:ff:2b:65:e0:e3:61:80:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
        Validity
            Not Before: Apr 23 18:41:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=635dc82cd4badca0110caefa1877aea74bae3e6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9c:ec:92:e4:df:f5:4a:75:c6:ed:4f:41:f5:
                    cc:2c:04:b1:30:14:9e:c6:15:a8:f9:5e:e6:c9:71:
                    e5:f0:14:84:6b:fb:64:16:70:b4:e6:c2:38:17:2f:
                    de:4d:57:1c:0a:3e:76:94:fc:b8:8a:de:f3:44:b3:
                    7a:83:bb:e7:c2:e5:2d:c6:71:08:eb:a2:ad:c2:c5:
                    cc:20:2e:d2:ae:46:14:ac:53:28:c3:a6:80:00:b2:
                    e9:c6:26:12:f8:46:34:e4:55:f9:12:23:c4:f0:d1:
                    e4:48:99:70:18:9f:7d:c5:4d:13:38:96:d8:e4:d4:
                    df:5d:1e:25:02:89:09:61:d8:11:24:7f:1c:7a:66:
                    44:bc:7e:a2:78:3e:96:77:8e:67:16:65:88:29:1b:
                    ad:18:bc:68:f2:79:73:39:85:c0:1b:df:4f:34:0b:
                    5f:3e:08:41:d2:aa:03:56:8e:ea:17:fd:92:ef:f3:
                    91:cc:d6:26:48:67:42:f8:92:d5:5e:de:bf:3f:bb:
                    eb:c3:f7:8a:55:dd:73:79:4b:c3:34:4d:5c:2d:61:
                    bd:a4:9e:d4:ae:30:8b:ba:33:dd:6a:91:61:4e:3b:
                    7f:48:14:f7:d7:f1:2c:da:b4:ef:19:c9:2c:6d:40:
                    ec:84:05:f5:a8:17:df:29:23:82:e7:00:ca:99:42:
                    0d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:5D:C8:2C:D4:BA:DC:A0:11:0C:AE:FA:18:77:AE:A7:4B:AE:3E:6A
            X509v3 Authority Key Identifier:
                keyid:2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/Y13ILNS63KARDK76GHeup0uuPmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:9503::/32
                  2a12:9505::-2a12:9506:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         d0:77:ca:51:3a:1e:80:bc:0d:8a:9d:c3:43:df:eb:cf:61:2a:
         11:d5:59:fd:ff:da:dc:13:b6:98:03:0e:86:c4:07:0a:e1:53:
         1c:53:f6:2f:86:f7:99:c8:35:cd:f2:9c:8b:cb:0c:8a:4a:65:
         44:32:3f:20:73:a8:f7:ca:12:5b:14:b8:4f:4a:48:cd:b6:32:
         8e:18:d6:8b:3b:ad:d1:7f:a2:94:ac:dc:9b:a5:de:22:70:51:
         fc:c0:08:66:78:4f:69:ab:3f:0c:c4:01:59:ef:6b:de:6e:30:
         f7:ed:e2:28:ac:3d:f2:9c:cc:a8:54:54:ee:6f:51:9e:19:b2:
         a3:28:68:95:16:9c:95:e5:08:16:41:2b:f7:3e:81:d6:f2:d0:
         8a:8a:47:5c:36:52:6b:8e:35:16:38:54:bb:33:ba:c3:91:f0:
         c1:58:af:ec:df:d7:32:4b:f9:74:1c:75:a2:3d:4a:9c:de:6a:
         75:67:0a:e5:5e:ad:aa:5f:9e:1e:c4:b0:66:61:8f:a7:fe:3d:
         13:48:36:f0:74:fd:fe:ee:d6:af:d2:88:ce:40:2f:1e:82:c0:
         54:1a:41:4f:b9:fd:b4:81:5d:61:a3:ee:a6:c6:09:5c:29:b3:
         44:d2:da:67:39:6e:99:f1:28:d2:13:e2:72:43:13:1b:07:9a:
         39:dd:69:c5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY8MQwBXTTGwC/8rZeDjYYBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhYjhhMDlhOWZkZTIzYzk2MzVmOGUxNjRhZWYwOWUx
Nzk0OGMwHhcNMjQwNDIzMTg0MTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzVkYzgyY2Q0YmFkY2EwMTEwY2FlZmExODc3YWVhNzRiYWUzZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5zskuTf9Up1xu1PQfXMLASxMBSe
xhWo+V7myXHl8BSEa/tkFnC05sI4Fy/eTVccCj52lPy4it7zRLN6g7vnwuUtxnEI
66KtwsXMIC7SrkYUrFMow6aAALLpxiYS+EY05FX5EiPE8NHkSJlwGJ99xU0TOJbY
5NTfXR4lAokJYdgRJH8cemZEvH6ieD6Wd45nFmWIKRutGLxo8nlzOYXAG99PNAtf
PghB0qoDVo7qF/2S7/ORzNYmSGdC+JLVXt6/P7vrw/eKVd1zeUvDNE1cLWG9pJ7U
rjCLujPdapFhTjt/SBT31/Es2rTvGcksbUDshAX1qBffKSOC5wDKmUINLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGNdyCzUutygEQyu+hh3rqdLrj5qMB8GA1UdIwQY
MBaAFC9cq4oJqf3iPJY1+OFkrvCeF5SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUt
MDAyZjI2ZTNiODk4LzEvWTEzSUxOUzYzS0FSREs3NkdIZXVwMHV1UG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUtMDAyZjI2ZTNiODk4
LzEvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXAwUAKhKVAzAO
AwUAKhKVBQMFACoSlQYwDQYJKoZIhvcNAQELBQADggEBANB3ylE6HoC8DYqdw0Pf
689hKhHVWf3/2twTtpgDDobEBwrhUxxT9i+G95nINc3ynIvLDIpKZUQyPyBzqPfK
ElsUuE9KSM22Mo4Y1os7rdF/opSs3Jul3iJwUfzACGZ4T2mrPwzEAVnva95uMPft
4iisPfKczKhUVO5vUZ4ZsqMoaJUWnJXlCBZBK/c+gdby0IqKR1w2UmuONRY4VLsz
usOR8MFYr+zf1zJL+XQcdaI9SpzeanVnCuVerapfnh7EsGZhj6f+PRNINvB0/f7u
1q/SiM5ALx6CwFQaQU+5/bSBXWGj7qbGCVwps0TS2mc5bpnxKNIT4nJDExsHmjnd
acU=
-----END CERTIFICATE-----