Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/amVsCmFqRtNrGMSP_WwvCzZ5wso.roa
File:                     amVsCmFqRtNrGMSP_WwvCzZ5wso.roa (raw, json)
Hash identifier:          9MwvWWx6Lt4DMt7asN6YOaULEhj15jXqmbx/Iy77ccU=
Subject key identifier:   6A:65:6C:0A:61:6A:46:D3:6B:18:C4:8F:FD:6C:2F:0B:36:79:C2:CA
Certificate issuer:       /CN=1a9154e1c5578b0fef8abb779f8117e64e884d18
Certificate serial:       018CC6B9014798B3F5D5EBFB122F761A9A9D
Authority key identifier: 1A:91:54:E1:C5:57:8B:0F:EF:8A:BB:77:9F:81:17:E6:4E:88:4D:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/amVsCmFqRtNrGMSP_WwvCzZ5wso.roa
Signing time:             Mon 01 Jan 2024 20:31:02 +0000
ROA not before:           Mon 01 Jan 2024 20:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13347
IP address blocks:        2a12:f3c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/GpFU4cVXiw_virt3n4EX5k6ITRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/GpFU4cVXiw_virt3n4EX5k6ITRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:01:47:98:b3:f5:d5:eb:fb:12:2f:76:1a:9a:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a9154e1c5578b0fef8abb779f8117e64e884d18
        Validity
            Not Before: Jan  1 20:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a656c0a616a46d36b18c48ffd6c2f0b3679c2ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2c:49:e7:39:2e:16:6b:72:43:a8:50:d9:64:
                    62:a6:91:72:fe:33:d1:84:3f:5b:1f:b9:cf:98:fb:
                    e2:6f:f6:4b:a4:b0:c4:19:ce:57:52:8a:0e:b3:45:
                    26:38:3a:bc:1e:22:38:de:87:63:7c:3a:cd:4f:ee:
                    48:61:e5:ed:ec:ab:31:23:8c:95:04:76:b6:d5:de:
                    29:81:19:f8:d6:dd:97:c4:d6:40:14:48:50:35:9d:
                    be:bb:1d:3f:fc:6e:a6:a3:ef:11:d4:52:14:d8:21:
                    f5:64:45:43:ea:e9:64:f4:c3:40:32:9b:0b:3e:f0:
                    67:3a:4c:75:71:f4:65:32:7d:48:3f:2f:6d:9c:24:
                    d9:f2:3a:1c:e1:2d:e3:86:19:6a:8e:24:33:0e:01:
                    01:bb:1c:6f:0e:8e:08:10:cd:8b:05:e1:bc:30:fa:
                    be:0e:f1:f8:05:9d:78:f0:ff:34:33:95:db:4b:df:
                    05:2d:c6:72:7c:1f:75:03:ff:5b:52:cb:b9:2d:d4:
                    97:2b:d6:b4:2d:7b:08:85:71:1b:88:c2:f4:9d:97:
                    58:8a:ee:a5:ad:2d:40:7a:8e:3f:2f:12:9a:f0:8b:
                    b6:8d:9b:54:42:da:14:05:ee:5f:dd:6f:20:11:c5:
                    f1:8f:c5:8a:99:5e:98:23:21:cc:9a:42:1b:ec:db:
                    f5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:65:6C:0A:61:6A:46:D3:6B:18:C4:8F:FD:6C:2F:0B:36:79:C2:CA
            X509v3 Authority Key Identifier:
                keyid:1A:91:54:E1:C5:57:8B:0F:EF:8A:BB:77:9F:81:17:E6:4E:88:4D:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/amVsCmFqRtNrGMSP_WwvCzZ5wso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/GpFU4cVXiw_virt3n4EX5k6ITRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:28:93:e9:28:1e:c4:03:b5:a1:a0:06:d3:68:ed:fc:96:78:
         98:a6:79:95:24:b4:3d:96:a3:f4:ec:cc:e7:d4:d5:bc:15:3b:
         fe:7f:1c:f8:b3:8d:62:c1:3d:b1:b8:29:66:91:5c:c1:dd:91:
         7c:7b:67:6c:38:66:81:41:9e:f1:7a:bf:54:fc:5e:51:dd:a6:
         9a:33:09:8b:86:bb:73:45:90:22:59:e7:74:17:4d:eb:61:ab:
         f1:35:3e:e0:4a:be:0d:0f:33:1f:78:dc:f7:a4:b2:2c:ea:f5:
         d1:53:48:d7:d4:f5:9f:9d:a2:06:23:a0:76:29:a1:b7:fc:d0:
         ea:0d:18:02:4e:d5:01:ee:8d:2a:13:6d:42:11:b7:2e:4f:3d:
         fd:35:fb:99:33:f9:16:b7:bf:57:ce:0b:21:73:5d:15:2d:bd:
         1f:3f:d2:c1:4f:3c:13:22:39:56:de:32:11:79:78:07:f0:88:
         00:93:6e:5c:fc:4a:8b:93:ed:7e:43:b2:44:18:22:9f:ea:79:
         26:67:4d:4d:bf:c2:ff:77:32:b9:1d:92:c0:7c:a6:cc:96:c8:
         1e:e0:3c:0e:fa:1b:7d:0a:53:ec:90:66:e8:b6:c3:02:ed:0a:
         39:50:44:9a:49:f8:65:6a:a0:39:fd:d6:5c:9d:b8:8a:76:b6:
         43:b3:a3:f1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuQFHmLP11ev7Ei92GpqdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTE1NGUxYzU1NzhiMGZlZjhhYmI3NzlmODExN2U2NGU4
ODRkMTgwHhcNMjQwMTAxMjAzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTY1NmMwYTYxNmE0NmQzNmIxOGM0OGZmZDZjMmYwYjM2NzljMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyxJ5zkuFmtyQ6hQ2WRippFy/jPR
hD9bH7nPmPvib/ZLpLDEGc5XUooOs0UmODq8HiI43odjfDrNT+5IYeXt7KsxI4yV
BHa21d4pgRn41t2XxNZAFEhQNZ2+ux0//G6mo+8R1FIU2CH1ZEVD6ulk9MNAMpsL
PvBnOkx1cfRlMn1IPy9tnCTZ8joc4S3jhhlqjiQzDgEBuxxvDo4IEM2LBeG8MPq+
DvH4BZ148P80M5XbS98FLcZyfB91A/9bUsu5LdSXK9a0LXsIhXEbiML0nZdYiu6l
rS1Aeo4/LxKa8Iu2jZtUQtoUBe5f3W8gEcXxj8WKmV6YIyHMmkIb7Nv1SQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGplbAphakbTaxjEj/1sLws2ecLKMB8GA1UdIwQY
MBaAFBqRVOHFV4sP74q7d5+BF+ZOiE0YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BGVTRjVlhpd192aXJ0M240RVg1azZJVFJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81NGJhYzgtYmY1MC00NGQyLWFkNDIt
Mzg4ZDhhZDJhNWJiLzEvYW1Wc0NtRnFSdE5yR01TUF9Xd3ZDelo1d3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81NGJhYzgtYmY1MC00NGQyLWFkNDItMzg4ZDhhZDJhNWJi
LzEvR3BGVTRjVlhpd192aXJ0M240RVg1azZJVFJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLzwDAN
BgkqhkiG9w0BAQsFAAOCAQEAEiiT6SgexAO1oaAG02jt/JZ4mKZ5lSS0PZaj9OzM
59TVvBU7/n8c+LONYsE9sbgpZpFcwd2RfHtnbDhmgUGe8Xq/VPxeUd2mmjMJi4a7
c0WQIlnndBdN62Gr8TU+4Eq+DQ8zH3jc96SyLOr10VNI19T1n52iBiOgdimht/zQ
6g0YAk7VAe6NKhNtQhG3Lk89/TX7mTP5Fre/V84LIXNdFS29Hz/SwU88EyI5Vt4y
EXl4B/CIAJNuXPxKi5PtfkOyRBgin+p5JmdNTb/C/3cyuR2SwHymzJbIHuA8Dvob
fQpT7JBm6LbDAu0KOVBEmkn4ZWqgOf3WXJ24ina2Q7Oj8Q==
-----END CERTIFICATE-----