Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/VzB0p7pCZsQMiGHUlZc1UelTzYY.roa
File:                     VzB0p7pCZsQMiGHUlZc1UelTzYY.roa (raw, json)
Hash identifier:          BzzAqeicP4DohtRLpuezZoWn//Z3/wAyEJHVc5sVYtU=
Subject key identifier:   57:30:74:A7:BA:42:66:C4:0C:88:61:D4:95:97:35:51:E9:53:CD:86
Certificate issuer:       /CN=4354a419225d5d79f4a1ae1520a3b1a56d45268c
Certificate serial:       0194B6732325936FE16D29AA5FDD7175671A
Authority key identifier: 43:54:A4:19:22:5D:5D:79:F4:A1:AE:15:20:A3:B1:A5:6D:45:26:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q1SkGSJdXXn0oa4VIKOxpW1FJow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/VzB0p7pCZsQMiGHUlZc1UelTzYY.roa
Signing time:             Thu 30 Jan 2025 09:03:06 +0000
ROA not before:           Thu 30 Jan 2025 09:03:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213943
IP address blocks:        2a12:7a40:1112::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/Q1SkGSJdXXn0oa4VIKOxpW1FJow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/Q1SkGSJdXXn0oa4VIKOxpW1FJow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q1SkGSJdXXn0oa4VIKOxpW1FJow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b6:73:23:25:93:6f:e1:6d:29:aa:5f:dd:71:75:67:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4354a419225d5d79f4a1ae1520a3b1a56d45268c
        Validity
            Not Before: Jan 30 09:03:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=573074a7ba4266c40c8861d495973551e953cd86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f8:42:6b:d2:3f:31:17:b2:6c:f6:5f:2a:87:
                    f3:17:c1:b4:0f:71:59:72:d0:25:23:5a:83:a9:e0:
                    78:3a:80:c1:61:b8:06:61:41:8e:87:51:11:4f:f2:
                    45:4f:83:e9:d2:d1:b2:b9:b8:4e:0b:48:69:a0:6a:
                    ce:3d:34:90:78:b8:8c:0b:dc:74:a4:d2:3f:0e:19:
                    1f:3c:0c:f3:c7:9b:3a:0e:71:b5:f3:91:c3:ef:7d:
                    6e:c0:5b:2e:41:fc:a0:90:63:64:be:2e:65:30:72:
                    82:6a:17:ec:1a:0d:77:af:f8:92:d2:67:60:06:8f:
                    a5:15:84:3b:a4:b9:29:24:d3:8f:95:61:17:6a:e9:
                    65:4e:87:82:b6:df:5a:fb:e3:86:62:a7:59:66:d6:
                    cb:b4:ab:f8:c3:45:77:a5:0f:a0:96:72:5a:fd:d1:
                    94:99:1f:00:00:e4:3c:20:e9:3c:7d:d1:fb:8b:1a:
                    d9:b6:63:4a:06:c9:56:b4:eb:bf:c8:24:62:64:4b:
                    ca:c9:fe:93:9d:ff:6b:59:68:92:11:5e:30:0f:7f:
                    ae:68:e2:b6:7d:72:7b:78:4a:7f:26:d6:54:1c:b6:
                    b4:65:e5:92:98:83:58:b8:de:68:7f:b2:64:3b:7a:
                    9c:f2:71:2d:20:b9:a6:ce:0d:27:2e:ec:b0:9b:b3:
                    02:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:30:74:A7:BA:42:66:C4:0C:88:61:D4:95:97:35:51:E9:53:CD:86
            X509v3 Authority Key Identifier:
                keyid:43:54:A4:19:22:5D:5D:79:F4:A1:AE:15:20:A3:B1:A5:6D:45:26:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1SkGSJdXXn0oa4VIKOxpW1FJow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/VzB0p7pCZsQMiGHUlZc1UelTzYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/0fddf0-8bbf-4350-bffa-688d51a44448/1/Q1SkGSJdXXn0oa4VIKOxpW1FJow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:7a40:1112::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:c5:97:cf:01:2d:c7:2d:e8:55:59:fb:46:38:81:20:c1:ca:
         2c:6a:18:d8:04:40:28:ac:91:34:01:df:db:77:81:c8:af:2e:
         ad:99:ae:4e:a3:25:82:3a:53:07:ab:54:d0:82:4b:ad:ae:8e:
         1d:3b:2c:24:67:10:42:80:51:0c:e3:60:7c:7b:e7:c3:d9:9b:
         8f:6c:75:8d:85:e1:8d:ac:4b:07:7c:34:0c:78:0d:a5:df:b7:
         37:7a:5d:ff:4f:3d:34:f3:5b:11:8c:a6:34:95:ad:87:a2:c4:
         1e:53:6a:64:a4:a5:89:33:07:8d:00:e5:46:f3:17:26:32:74:
         ad:a2:a1:fc:68:3e:2f:fb:cd:31:4b:01:e3:ff:d7:ff:29:68:
         58:03:bf:94:44:dd:e8:71:a6:7c:0f:e8:5c:52:57:18:a2:8d:
         f8:92:a7:da:df:d1:04:4d:cb:2b:f5:d1:78:2d:c2:a6:2e:e5:
         5a:0f:cd:69:4e:fd:a7:70:5a:d6:91:15:5b:7c:3d:b4:6e:a4:
         a0:1a:86:ed:3a:4a:73:4f:5e:c2:8c:22:82:89:53:72:21:ed:
         85:5e:ef:57:bc:00:5b:a3:71:eb:2a:36:e6:ee:7e:11:56:db:
         80:53:9b:1d:16:70:dd:79:82:48:1e:36:43:2f:91:ce:b2:e8:
         f0:f6:06:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZS2cyMlk2/hbSmqX91xdWcaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTRhNDE5MjI1ZDVkNzlmNGExYWUxNTIwYTNiMWE1NmQ0
NTI2OGMwHhcNMjUwMTMwMDkwMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzMwNzRhN2JhNDI2NmM0MGM4ODYxZDQ5NTk3MzU1MWU5NTNjZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfhCa9I/MReybPZfKofzF8G0D3FZ
ctAlI1qDqeB4OoDBYbgGYUGOh1ERT/JFT4Pp0tGyubhOC0hpoGrOPTSQeLiMC9x0
pNI/DhkfPAzzx5s6DnG185HD731uwFsuQfygkGNkvi5lMHKCahfsGg13r/iS0mdg
Bo+lFYQ7pLkpJNOPlWEXaullToeCtt9a++OGYqdZZtbLtKv4w0V3pQ+glnJa/dGU
mR8AAOQ8IOk8fdH7ixrZtmNKBslWtOu/yCRiZEvKyf6Tnf9rWWiSEV4wD3+uaOK2
fXJ7eEp/JtZUHLa0ZeWSmINYuN5of7JkO3qc8nEtILmmzg0nLuywm7MCBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFcwdKe6QmbEDIhh1JWXNVHpU82GMB8GA1UdIwQY
MBaAFENUpBkiXV159KGuFSCjsaVtRSaMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFTa0dTSmRYWG4wb2E0VklLT3hwVzFGSm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wZmRkZjAtOGJiZi00MzUwLWJmZmEt
Njg4ZDUxYTQ0NDQ4LzEvVnpCMHA3cENac1FNaUdIVWxaYzFVZWxUellZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wZmRkZjAtOGJiZi00MzUwLWJmZmEtNjg4ZDUxYTQ0NDQ4
LzEvUTFTa0dTSmRYWG4wb2E0VklLT3hwVzFGSm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhJ6QBES
MA0GCSqGSIb3DQEBCwUAA4IBAQBSxZfPAS3HLehVWftGOIEgwcosahjYBEAorJE0
Ad/bd4HIry6tma5OoyWCOlMHq1TQgkutro4dOywkZxBCgFEM42B8e+fD2ZuPbHWN
heGNrEsHfDQMeA2l37c3el3/Tz0081sRjKY0la2HosQeU2pkpKWJMweNAOVG8xcm
MnStoqH8aD4v+80xSwHj/9f/KWhYA7+URN3ocaZ8D+hcUlcYoo34kqfa39EETcsr
9dF4LcKmLuVaD81pTv2ncFrWkRVbfD20bqSgGobtOkpzT17CjCKCiVNyIe2FXu9X
vABbo3HrKjbm7n4RVtuAU5sdFnDdeYJIHjZDL5HOsujw9gaM
-----END CERTIFICATE-----