Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/ytH8aQtAcOdvBqtDKYBg0LxE0f0.roa
File:                     ytH8aQtAcOdvBqtDKYBg0LxE0f0.roa (raw, json)
Hash identifier:          5zz9Iy5Rw0SOMGzRpjJgWquWO9+jEkUF8anl1sq0FcQ=
Subject key identifier:   CA:D1:FC:69:0B:40:70:E7:6F:06:AB:43:29:80:60:D0:BC:44:D1:FD
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       018CC3B74344966D1D33FB71E2A9E70F0EB2
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/ytH8aQtAcOdvBqtDKYBg0LxE0f0.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45036
IP address blocks:        2a12:a4c2::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:43:44:96:6d:1d:33:fb:71:e2:a9:e7:0f:0e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cad1fc690b4070e76f06ab43298060d0bc44d1fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d7:f0:16:9a:f0:f1:07:f9:de:03:da:e4:9e:
                    58:79:0d:f7:67:ad:3a:f1:0e:c8:7c:96:f2:e6:fe:
                    c9:e7:45:2d:33:4e:1e:2d:65:ec:e0:25:28:ed:f2:
                    04:e2:5a:87:59:c8:89:06:a1:a2:6c:27:7e:ac:ad:
                    36:48:b2:bf:9c:7a:2e:fa:1e:ac:d9:7a:33:ea:80:
                    d1:a8:5e:3a:8f:46:0e:bd:5b:9a:01:c6:f0:57:58:
                    bd:e9:bb:d1:29:b6:ae:d5:f3:04:9e:94:4b:d2:98:
                    36:ef:a6:30:06:d7:c9:45:de:40:4f:52:65:5e:9f:
                    fe:c4:43:84:ca:95:e9:b2:26:df:26:0d:4d:8e:fb:
                    a8:c0:c7:51:37:4c:7d:2d:5e:79:3a:fe:c2:b4:08:
                    25:59:96:87:0f:a1:11:fd:ba:b0:7e:ec:8a:7a:37:
                    22:d5:5c:21:55:f5:f8:4f:bf:7b:5b:96:bd:19:a4:
                    82:30:a8:60:66:84:a4:cd:81:61:e0:06:1b:f1:d9:
                    2b:10:bf:0c:88:0e:2f:1d:80:b5:f8:a1:b7:4f:89:
                    f2:e8:f1:42:5f:9f:0b:29:f3:be:33:55:ef:3b:87:
                    89:13:20:a6:f9:83:d2:f3:ec:8d:d9:1d:25:af:51:
                    52:8e:8c:d3:e9:a9:ab:1e:d2:8c:92:94:1b:6e:bc:
                    9a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D1:FC:69:0B:40:70:E7:6F:06:AB:43:29:80:60:D0:BC:44:D1:FD
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/ytH8aQtAcOdvBqtDKYBg0LxE0f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a4c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:9f:37:d6:ec:57:1d:d5:2d:e8:16:33:99:57:d2:47:f3:e9:
         45:75:c1:db:c4:17:64:ec:2b:bb:ef:70:c2:53:30:ca:14:41:
         76:bf:87:b2:20:31:e0:3f:bb:66:24:db:f9:cd:fc:9a:79:5f:
         94:26:da:7c:84:e2:13:ac:a3:d7:ea:0e:6b:a8:64:dc:11:1a:
         68:16:87:39:75:66:02:d7:03:02:54:39:09:ff:43:c8:5e:09:
         26:77:b2:b3:51:b3:ad:54:e3:4b:c5:47:a4:26:16:5d:eb:78:
         36:79:3a:b1:23:8d:5e:60:4d:d0:60:35:24:61:08:52:f9:86:
         7b:3c:b3:1e:0a:4d:ac:56:0c:0a:e9:1b:f6:77:5c:57:f6:e0:
         0c:a6:4c:e1:c2:45:a0:f5:ff:5d:5d:2c:00:0f:bd:80:16:a5:
         22:6b:80:81:8c:7a:5e:96:97:f5:17:67:0c:bc:9a:1f:41:27:
         82:2d:82:3e:f0:d5:a6:0b:c5:47:d8:20:cb:83:ad:c8:c6:1b:
         d8:91:60:08:77:3c:e5:17:5c:07:5a:1b:c5:0e:93:af:9e:a3:
         1e:da:80:a8:42:a9:24:35:0d:23:e3:44:92:4c:f4:28:8a:07:
         a5:df:e1:a5:ba:80:cc:8a:84:5f:c3:b9:1d:e0:1e:4b:ec:10:
         92:9f:60:c8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDt0NElm0dM/tx4qnnDw6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQxZmM2OTBiNDA3MGU3NmYwNmFiNDMyOTgwNjBkMGJjNDRkMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNfwFprw8Qf53gPa5J5YeQ33Z606
8Q7IfJby5v7J50UtM04eLWXs4CUo7fIE4lqHWciJBqGibCd+rK02SLK/nHou+h6s
2Xoz6oDRqF46j0YOvVuaAcbwV1i96bvRKbau1fMEnpRL0pg276YwBtfJRd5AT1Jl
Xp/+xEOEypXpsibfJg1NjvuowMdRN0x9LV55Ov7CtAglWZaHD6ER/bqwfuyKejci
1VwhVfX4T797W5a9GaSCMKhgZoSkzYFh4AYb8dkrEL8MiA4vHYC1+KG3T4ny6PFC
X58LKfO+M1XvO4eJEyCm+YPS8+yN2R0lr1FSjozT6amrHtKMkpQbbryafQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMrR/GkLQHDnbwarQymAYNC8RNH9MB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEveXRIOGFRdEFjT2R2QnF0REtZQmcwTHhFMGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhKkwjAN
BgkqhkiG9w0BAQsFAAOCAQEABJ831uxXHdUt6BYzmVfSR/PpRXXB28QXZOwru+9w
wlMwyhRBdr+HsiAx4D+7ZiTb+c38mnlflCbafITiE6yj1+oOa6hk3BEaaBaHOXVm
AtcDAlQ5Cf9DyF4JJneys1GzrVTjS8VHpCYWXet4Nnk6sSONXmBN0GA1JGEIUvmG
ezyzHgpNrFYMCukb9ndcV/bgDKZM4cJFoPX/XV0sAA+9gBalImuAgYx6XpaX9Rdn
DLyaH0Engi2CPvDVpgvFR9ggy4OtyMYb2JFgCHc85RdcB1obxQ6Tr56jHtqAqEKp
JDUNI+NEkkz0KIoHpd/hpbqAzIqEX8O5HeAeS+wQkp9gyA==
-----END CERTIFICATE-----