Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/HyBO-kPJAbMiovl3TVObdnE2fq8.roa
File:                     HyBO-kPJAbMiovl3TVObdnE2fq8.roa (raw, json)
Hash identifier:          /K56UaCly/iwzc2xB4maljrtRqL+LegerhVqI0vl+Kk=
Subject key identifier:   1F:20:4E:FA:43:C9:01:B3:22:A2:F9:77:4D:53:9B:76:71:36:7E:AF
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       018FB87F50BBB3382C4F4D511C92898D4728
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/HyBO-kPJAbMiovl3TVObdnE2fq8.roa
Signing time:             Mon 27 May 2024 05:21:42 +0000
ROA not before:           Mon 27 May 2024 05:21:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212144
IP address blocks:        2a12:7700::/29 maxlen: 29
                          2a12:7700::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b8:7f:50:bb:b3:38:2c:4f:4d:51:1c:92:89:8d:47:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: May 27 05:21:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f204efa43c901b322a2f9774d539b7671367eaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a8:fe:40:e7:01:6a:f6:14:fa:51:77:c9:8e:
                    9e:fd:5a:d3:a9:1a:7b:0e:84:2f:72:86:4e:e1:1d:
                    1d:a4:c5:b8:84:4b:dc:08:f3:bb:48:bd:84:d0:79:
                    5b:e1:5a:54:1d:89:ae:33:1c:52:6b:9a:f4:8e:ba:
                    e7:e7:22:80:ed:22:ba:b8:9e:3c:19:7d:81:3b:19:
                    a3:a1:d8:f1:16:0f:30:2c:f0:f0:73:43:d7:14:ca:
                    01:f3:bd:2f:b2:b6:cf:0b:e8:0b:18:d6:0e:cf:6b:
                    44:fb:5c:e1:0a:be:d1:f9:c1:9d:e6:da:b3:f8:69:
                    ca:31:de:39:d9:71:0d:cc:b6:aa:24:2b:81:ca:93:
                    6d:81:be:7b:b5:8a:72:a2:cf:0e:1a:c7:4f:b2:3f:
                    30:02:19:40:d2:f5:55:9c:d6:3f:ce:92:f2:5c:c6:
                    36:93:6d:ab:04:f1:de:08:06:4d:6f:2d:18:67:88:
                    9b:4b:f6:e0:a3:26:bc:55:ba:c4:9d:1a:cc:32:a9:
                    43:17:01:90:71:49:02:e3:a4:e0:b3:e7:da:c0:3c:
                    aa:b6:38:5f:e0:cf:95:25:2e:05:3b:fe:51:e2:d3:
                    0a:56:72:bc:c3:1c:ff:b0:0c:78:1f:a9:d6:4f:6e:
                    9f:fa:2a:86:e9:c8:8e:81:69:40:b0:75:7f:73:ac:
                    49:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:20:4E:FA:43:C9:01:B3:22:A2:F9:77:4D:53:9B:76:71:36:7E:AF
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/HyBO-kPJAbMiovl3TVObdnE2fq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:7700::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:b8:34:ed:fa:27:91:f7:fc:8d:dd:a8:44:4a:7c:47:ad:77:
         49:3a:dc:5e:5d:66:a7:39:b5:3f:16:51:2d:d0:d8:2b:1c:c9:
         44:91:69:b7:5f:c8:08:3e:5f:86:5b:cb:b5:12:c8:2d:65:1f:
         69:66:2c:34:47:7c:6e:48:61:db:ca:c7:85:1c:1e:bc:cb:bd:
         29:dd:37:62:f5:4b:22:94:60:f9:d9:e5:51:54:af:90:7a:76:
         13:77:a8:34:a7:95:65:de:93:a8:57:ef:6d:93:81:3f:86:8d:
         8b:46:40:b0:7b:f6:34:a6:de:cb:54:d1:58:d7:ea:b1:83:c9:
         10:33:56:f2:67:8e:97:c1:26:77:e4:ef:0f:ea:db:fd:ef:31:
         87:17:73:66:eb:31:36:9b:46:63:94:92:01:20:6d:59:96:7a:
         3a:8d:99:0e:59:94:7f:a2:0a:65:bc:85:74:f9:2b:58:b9:17:
         46:06:48:05:09:85:38:a5:75:f1:60:ce:23:a8:fb:32:1a:dd:
         f6:61:6e:65:75:ce:cd:64:69:55:06:61:3f:d5:27:d4:8e:43:
         c5:17:54:a3:3a:ea:a1:8d:9a:d2:0c:41:41:8d:e4:d7:9c:5a:
         a1:b8:96:b0:46:a0:fb:83:46:9f:af:22:f4:f4:98:ca:80:65:
         b6:5d:64:f7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY+4f1C7szgsT01RHJKJjUcoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjQwNTI3MDUyMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjIwNGVmYTQzYzkwMWIzMjJhMmY5Nzc0ZDUzOWI3NjcxMzY3ZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKj+QOcBavYU+lF3yY6e/VrTqRp7
DoQvcoZO4R0dpMW4hEvcCPO7SL2E0Hlb4VpUHYmuMxxSa5r0jrrn5yKA7SK6uJ48
GX2BOxmjodjxFg8wLPDwc0PXFMoB870vsrbPC+gLGNYOz2tE+1zhCr7R+cGd5tqz
+GnKMd452XENzLaqJCuBypNtgb57tYpyos8OGsdPsj8wAhlA0vVVnNY/zpLyXMY2
k22rBPHeCAZNby0YZ4ibS/bgoya8VbrEnRrMMqlDFwGQcUkC46Tgs+fawDyqtjhf
4M+VJS4FO/5R4tMKVnK8wxz/sAx4H6nWT26f+iqG6ciOgWlAsHV/c6xJ9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFB8gTvpDyQGzIqL5d01Tm3ZxNn6vMB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvSHlCTy1rUEpBYk1pb3ZsM1RWT2JkbkUyZnE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhJ3ADAN
BgkqhkiG9w0BAQsFAAOCAQEAWbg07fonkff8jd2oREp8R613STrcXl1mpzm1PxZR
LdDYKxzJRJFpt1/ICD5fhlvLtRLILWUfaWYsNEd8bkhh28rHhRwevMu9Kd03YvVL
IpRg+dnlUVSvkHp2E3eoNKeVZd6TqFfvbZOBP4aNi0ZAsHv2NKbey1TRWNfqsYPJ
EDNW8meOl8Emd+TvD+rb/e8xhxdzZusxNptGY5SSASBtWZZ6Oo2ZDlmUf6IKZbyF
dPkrWLkXRgZIBQmFOKV18WDOI6j7Mhrd9mFuZXXOzWRpVQZhP9Un1I5DxRdUozrq
oY2a0gxBQY3k15xaobiWsEag+4NGn68i9PSYyoBltl1k9w==
-----END CERTIFICATE-----