Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/1mv2Yh7ffmw5gs_fcsIn6nYkw_E.roa
File:                     1mv2Yh7ffmw5gs_fcsIn6nYkw_E.roa (raw, json)
Hash identifier:          uyk9N/dNf91GJbQ206XOU9+aaT8zP6upgopKdY+Gfso=
Subject key identifier:   D6:6B:F6:62:1E:DF:7E:6C:39:82:CF:DF:72:C2:27:EA:76:24:C3:F1
Certificate issuer:       /CN=7981ea4d507fb0ae07159f6f88def958430fd070
Certificate serial:       018CC86F49FF07FAD63440F927689C15F9DB
Authority key identifier: 79:81:EA:4D:50:7F:B0:AE:07:15:9F:6F:88:DE:F9:58:43:0F:D0:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eYHqTVB_sK4HFZ9viN75WEMP0HA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/1mv2Yh7ffmw5gs_fcsIn6nYkw_E.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47285
IP address blocks:        2a12:eb80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/eYHqTVB_sK4HFZ9viN75WEMP0HA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/eYHqTVB_sK4HFZ9viN75WEMP0HA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eYHqTVB_sK4HFZ9viN75WEMP0HA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:49:ff:07:fa:d6:34:40:f9:27:68:9c:15:f9:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7981ea4d507fb0ae07159f6f88def958430fd070
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d66bf6621edf7e6c3982cfdf72c227ea7624c3f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bb:84:ba:e8:5f:df:41:55:59:3f:dc:fa:1c:
                    d0:3a:23:d6:2b:0c:e8:d0:83:f2:62:24:b7:ab:46:
                    9e:2f:ab:68:0f:9b:8b:46:cf:1e:4f:cb:1e:2f:c0:
                    81:a2:04:7f:5d:a7:7c:98:32:3b:9b:4e:83:08:06:
                    0c:d7:f9:34:48:1f:79:d2:68:04:17:06:dd:55:50:
                    02:44:6a:2f:cf:1c:67:fe:00:cd:41:52:aa:22:e5:
                    6f:6b:e4:01:13:09:4b:6b:38:39:5e:84:f3:1d:5f:
                    74:94:77:34:01:57:f5:23:81:c0:fa:cd:68:cd:ee:
                    a1:ac:36:6f:e6:0c:5c:2e:6f:a2:48:68:68:24:c9:
                    b8:93:bf:6c:71:fc:67:ab:a4:1d:fa:ce:ae:e3:4b:
                    a2:c9:d1:d1:73:03:0e:2d:51:2b:62:68:e1:0e:8f:
                    50:3b:c8:8a:11:8d:be:e3:99:d8:f9:6d:70:bd:f5:
                    53:02:ae:c6:2b:0b:de:83:a2:e9:4f:e5:52:83:32:
                    e2:a2:4b:e4:42:b1:f6:ba:af:ab:0b:f8:48:97:a6:
                    64:0a:e1:9c:c4:4b:d1:ae:c6:bf:8c:80:52:b6:1b:
                    06:28:2e:ee:db:27:66:c5:a2:c9:b1:b4:ec:ac:cf:
                    b7:cd:65:ce:8c:db:e8:b4:fb:92:fc:b1:2a:f5:6c:
                    53:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:6B:F6:62:1E:DF:7E:6C:39:82:CF:DF:72:C2:27:EA:76:24:C3:F1
            X509v3 Authority Key Identifier:
                keyid:79:81:EA:4D:50:7F:B0:AE:07:15:9F:6F:88:DE:F9:58:43:0F:D0:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eYHqTVB_sK4HFZ9viN75WEMP0HA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/1mv2Yh7ffmw5gs_fcsIn6nYkw_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/eYHqTVB_sK4HFZ9viN75WEMP0HA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:eb80::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:72:42:4b:12:10:e6:90:3c:90:82:e9:0f:fb:1c:58:e0:3d:
         cd:34:59:12:11:c3:36:93:ae:c1:59:97:df:b4:8a:de:00:23:
         2c:fd:05:25:3e:f5:87:d0:3a:fd:71:7c:1b:9f:fe:e4:a2:b9:
         85:71:8d:76:b8:22:06:c2:dd:ba:a3:b4:f4:a1:c2:c1:82:d9:
         be:02:9c:18:54:05:69:b0:25:dc:05:99:6c:02:15:35:59:a4:
         c6:4d:0b:43:33:32:39:ab:5b:d7:69:43:bb:e2:d9:0e:a0:83:
         d4:aa:00:da:dd:f5:c0:9a:b8:fd:13:57:22:d6:52:a8:33:c5:
         85:a3:71:fb:aa:8d:35:55:2b:4a:26:02:8e:e8:08:eb:42:51:
         da:4f:98:cf:c3:87:cd:5e:0b:77:92:d2:ec:67:c8:69:3b:05:
         f3:ac:70:22:d2:33:c1:80:9c:54:f8:4a:0f:5b:c4:7f:67:99:
         10:3e:55:5e:62:54:49:3e:e0:2d:87:62:02:a7:5e:4e:1c:89:
         aa:cc:df:80:98:68:ca:50:67:31:45:3d:3f:fd:dc:58:ae:e4:
         e5:0a:05:73:99:02:e6:a9:a2:4e:c1:eb:52:45:6d:28:28:fa:
         a5:f5:5b:e9:03:e6:ff:96:73:2b:7d:8b:1f:54:ca:8a:cc:19:
         d4:6a:2a:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb0n/B/rWNED5J2icFfnbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ODFlYTRkNTA3ZmIwYWUwNzE1OWY2Zjg4ZGVmOTU4NDMw
ZmQwNzAwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjZiZjY2MjFlZGY3ZTZjMzk4MmNmZGY3MmMyMjdlYTc2MjRjM2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLuEuuhf30FVWT/c+hzQOiPWKwzo
0IPyYiS3q0aeL6toD5uLRs8eT8seL8CBogR/Xad8mDI7m06DCAYM1/k0SB950mgE
FwbdVVACRGovzxxn/gDNQVKqIuVva+QBEwlLazg5XoTzHV90lHc0AVf1I4HA+s1o
ze6hrDZv5gxcLm+iSGhoJMm4k79scfxnq6Qd+s6u40uiydHRcwMOLVErYmjhDo9Q
O8iKEY2+45nY+W1wvfVTAq7GKwveg6LpT+VSgzLiokvkQrH2uq+rC/hIl6ZkCuGc
xEvRrsa/jIBSthsGKC7u2ydmxaLJsbTsrM+3zWXOjNvotPuS/LEq9WxT1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNZr9mIe335sOYLP33LCJ+p2JMPxMB8GA1UdIwQY
MBaAFHmB6k1Qf7CuBxWfb4je+VhDD9BwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVlIcVRWQl9zSzRIRlo5dmlONzVXRU1QMEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lNDRiZDctMGY3MC00NWM4LTg1NmUt
NDBlMmVmMzM4M2IwLzEvMW12MlloN2ZmbXc1Z3NfZmNzSW42bllrd19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lNDRiZDctMGY3MC00NWM4LTg1NmUtNDBlMmVmMzM4M2Iw
LzEvZVlIcVRWQl9zSzRIRlo5dmlONzVXRU1QMEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLrgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA6ckJLEhDmkDyQgukP+xxY4D3NNFkSEcM2k67B
WZfftIreACMs/QUlPvWH0Dr9cXwbn/7kormFcY12uCIGwt26o7T0ocLBgtm+ApwY
VAVpsCXcBZlsAhU1WaTGTQtDMzI5q1vXaUO74tkOoIPUqgDa3fXAmrj9E1ci1lKo
M8WFo3H7qo01VStKJgKO6AjrQlHaT5jPw4fNXgt3ktLsZ8hpOwXzrHAi0jPBgJxU
+EoPW8R/Z5kQPlVeYlRJPuAth2ICp15OHImqzN+AmGjKUGcxRT0//dxYruTlCgVz
mQLmqaJOwetSRW0oKPql9VvpA+b/lnMrfYsfVMqKzBnUaioj
-----END CERTIFICATE-----