Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/JHm9DlVoCa9GNkJZBuc6icEEKnY.roa
File:                     JHm9DlVoCa9GNkJZBuc6icEEKnY.roa (raw, json)
Hash identifier:          piCHNKHJCXVn7DVI9vFWcAl90i+AgLw2euOpQ4qh1mk=
Subject key identifier:   24:79:BD:0E:55:68:09:AF:46:36:42:59:06:E7:3A:89:C1:04:2A:76
Certificate issuer:       /CN=7981ea4d507fb0ae07159f6f88def958430fd070
Certificate serial:       018CC86F4A4B2E8964EE15D28F3198D3DFA3
Authority key identifier: 79:81:EA:4D:50:7F:B0:AE:07:15:9F:6F:88:DE:F9:58:43:0F:D0:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eYHqTVB_sK4HFZ9viN75WEMP0HA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/JHm9DlVoCa9GNkJZBuc6icEEKnY.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60542
IP address blocks:        2a12:eb80:1::/48 maxlen: 48
                          2a12:eb80:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/eYHqTVB_sK4HFZ9viN75WEMP0HA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/eYHqTVB_sK4HFZ9viN75WEMP0HA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eYHqTVB_sK4HFZ9viN75WEMP0HA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4a:4b:2e:89:64:ee:15:d2:8f:31:98:d3:df:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7981ea4d507fb0ae07159f6f88def958430fd070
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2479bd0e556809af4636425906e73a89c1042a76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:8f:07:79:42:0c:c8:1e:cb:f7:49:7a:3d:93:
                    8d:f7:52:be:33:58:a4:b4:e9:b8:5d:36:1f:3d:86:
                    89:e0:a2:5a:ce:0b:e7:09:68:69:08:a0:2c:51:f4:
                    da:b6:42:e1:f1:46:78:87:cc:3f:29:d1:81:90:36:
                    7d:c4:c2:b0:ad:17:58:76:81:d3:08:73:c9:07:43:
                    0a:de:a2:5f:8c:bc:f7:6b:86:00:95:98:0c:39:92:
                    fc:7e:7f:7c:34:ba:b8:93:a5:b6:12:4e:4b:02:55:
                    e5:51:17:a5:a9:b6:af:91:d7:00:ef:a8:6a:3b:f9:
                    f7:59:76:6a:32:3c:d1:7d:a0:69:b9:99:db:6a:19:
                    c1:35:5a:b5:57:6b:40:83:bb:3a:cb:bf:97:f4:37:
                    f7:60:72:ec:dc:dd:88:2a:b4:0d:c4:b1:99:9d:48:
                    ec:88:5e:71:dc:9c:e8:f0:d0:e7:7f:49:c0:0d:54:
                    20:61:87:d7:41:44:57:45:ad:17:4c:df:5c:e6:15:
                    97:31:69:fb:f3:00:a4:f5:ad:59:73:76:08:5a:06:
                    f5:0b:81:df:34:aa:3b:3c:df:67:8f:61:17:77:fb:
                    c9:95:00:24:71:f2:62:04:de:bb:b8:95:5d:23:d5:
                    32:bb:17:f2:b6:56:c1:01:f8:a2:7a:76:ad:0b:c5:
                    7d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:79:BD:0E:55:68:09:AF:46:36:42:59:06:E7:3A:89:C1:04:2A:76
            X509v3 Authority Key Identifier:
                keyid:79:81:EA:4D:50:7F:B0:AE:07:15:9F:6F:88:DE:F9:58:43:0F:D0:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eYHqTVB_sK4HFZ9viN75WEMP0HA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/JHm9DlVoCa9GNkJZBuc6icEEKnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e44bd7-0f70-45c8-856e-40e2ef3383b0/1/eYHqTVB_sK4HFZ9viN75WEMP0HA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:eb80:1::-2a12:eb80:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         7c:77:cf:30:bd:ba:91:a1:53:d1:33:9a:ce:d4:b3:61:7d:bd:
         99:41:62:c1:06:52:06:94:06:8d:b2:ae:b1:fb:75:87:33:95:
         c6:7b:ab:23:39:1d:81:07:35:c6:58:76:e4:8d:c8:19:00:fb:
         58:0f:77:e3:41:16:8e:a2:12:d5:51:c5:1e:45:bf:25:5e:97:
         7d:40:68:b0:64:b6:6b:f0:ba:98:82:7c:ff:13:4f:2b:73:2b:
         5a:59:38:81:19:9b:56:9f:fd:b0:69:65:6d:73:9b:5c:b4:3b:
         41:96:fb:3f:f6:79:0f:df:45:83:fc:0c:bc:94:42:ce:e2:73:
         f5:a7:e2:cb:ae:cd:71:c8:d3:38:29:d9:6d:c2:8e:60:25:02:
         9f:62:90:40:8c:f1:dd:98:25:17:35:44:84:cd:ae:8d:91:e3:
         fc:65:f2:b7:d8:d3:0d:94:4d:cf:27:88:3f:4a:90:82:0f:1c:
         08:e4:ea:87:80:91:7f:1b:4b:4a:a2:ce:b4:a8:48:15:de:d3:
         d7:58:b4:ea:6f:6b:8a:37:a5:b8:76:a4:98:ad:bf:c2:22:a7:
         be:01:20:4e:d2:48:c5:f9:34:59:a1:ea:25:db:0a:9f:c1:66:
         01:95:de:83:3f:29:f9:77:2e:0f:8c:cc:53:01:35:89:50:e6:
         a9:d5:db:2c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzIb0pLLolk7hXSjzGY09+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ODFlYTRkNTA3ZmIwYWUwNzE1OWY2Zjg4ZGVmOTU4NDMw
ZmQwNzAwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDc5YmQwZTU1NjgwOWFmNDYzNjQyNTkwNmU3M2E4OWMxMDQyYTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0o8HeUIMyB7L90l6PZON91K+M1ik
tOm4XTYfPYaJ4KJazgvnCWhpCKAsUfTatkLh8UZ4h8w/KdGBkDZ9xMKwrRdYdoHT
CHPJB0MK3qJfjLz3a4YAlZgMOZL8fn98NLq4k6W2Ek5LAlXlURelqbavkdcA76hq
O/n3WXZqMjzRfaBpuZnbahnBNVq1V2tAg7s6y7+X9Df3YHLs3N2IKrQNxLGZnUjs
iF5x3Jzo8NDnf0nADVQgYYfXQURXRa0XTN9c5hWXMWn78wCk9a1Zc3YIWgb1C4Hf
NKo7PN9nj2EXd/vJlQAkcfJiBN67uJVdI9UyuxfytlbBAfiienatC8V9dQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCR5vQ5VaAmvRjZCWQbnOonBBCp2MB8GA1UdIwQY
MBaAFHmB6k1Qf7CuBxWfb4je+VhDD9BwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVlIcVRWQl9zSzRIRlo5dmlONzVXRU1QMEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lNDRiZDctMGY3MC00NWM4LTg1NmUt
NDBlMmVmMzM4M2IwLzEvSkhtOURsVm9DYTlHTmtKWkJ1YzZpY0VFS25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lNDRiZDctMGY3MC00NWM4LTg1NmUtNDBlMmVmMzM4M2Iw
LzEvZVlIcVRWQl9zSzRIRlo5dmlONzVXRU1QMEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqEuuA
AAEDBwAqEuuAAAIwDQYJKoZIhvcNAQELBQADggEBAHx3zzC9upGhU9Ezms7Us2F9
vZlBYsEGUgaUBo2yrrH7dYczlcZ7qyM5HYEHNcZYduSNyBkA+1gPd+NBFo6iEtVR
xR5FvyVel31AaLBktmvwupiCfP8TTytzK1pZOIEZm1af/bBpZW1zm1y0O0GW+z/2
eQ/fRYP8DLyUQs7ic/Wn4suuzXHI0zgp2W3CjmAlAp9ikECM8d2YJRc1RITNro2R
4/xl8rfY0w2UTc8niD9KkIIPHAjk6oeAkX8bS0qizrSoSBXe09dYtOpva4o3pbh2
pJitv8Iip74BIE7SSMX5NFmh6iXbCp/BZgGV3oM/Kfl3Lg+MzFMBNYlQ5qnV2yw=
-----END CERTIFICATE-----