Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/52bbe0-4cf3-4e31-9273-31668ae3b166/1/DsRkFERg3safkrDbHQgR2WE6irI.roa
File:                     DsRkFERg3safkrDbHQgR2WE6irI.roa (raw, json)
Hash identifier:          FlIuzROuwU5rHrxY2Sgd5Z3T0xShaWYQyIPOnsjMPmk=
Subject key identifier:   0E:C4:64:14:44:60:DE:C6:9F:92:B0:DB:1D:08:11:D9:61:3A:8A:B2
Certificate issuer:       /CN=2437736e6f55900adbfb0456c4164f67b453ac8f
Certificate serial:       018D3AEF350CEF948EC72AF736F44224797B
Authority key identifier: 24:37:73:6E:6F:55:90:0A:DB:FB:04:56:C4:16:4F:67:B4:53:AC:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JDdzbm9VkArb-wRWxBZPZ7RTrI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/52bbe0-4cf3-4e31-9273-31668ae3b166/1/DsRkFERg3safkrDbHQgR2WE6irI.roa
Signing time:             Wed 24 Jan 2024 10:06:11 +0000
ROA not before:           Wed 24 Jan 2024 10:06:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215707
IP address blocks:        2a12:4046::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/52bbe0-4cf3-4e31-9273-31668ae3b166/1/JDdzbm9VkArb-wRWxBZPZ7RTrI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/52bbe0-4cf3-4e31-9273-31668ae3b166/1/JDdzbm9VkArb-wRWxBZPZ7RTrI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JDdzbm9VkArb-wRWxBZPZ7RTrI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3a:ef:35:0c:ef:94:8e:c7:2a:f7:36:f4:42:24:79:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2437736e6f55900adbfb0456c4164f67b453ac8f
        Validity
            Not Before: Jan 24 10:06:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ec464144460dec69f92b0db1d0811d9613a8ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:28:79:c6:c8:f6:83:a2:ad:cb:76:60:c1:75:
                    a9:39:ee:08:13:64:74:ce:18:bc:88:87:c0:53:e9:
                    44:f1:bb:ff:f4:dd:34:aa:d9:7f:86:d1:0e:2a:82:
                    94:f2:72:5b:26:48:52:49:e7:be:51:62:b9:6d:0a:
                    12:62:74:5d:3d:16:8e:84:00:3c:b8:0a:a0:4f:69:
                    48:36:8b:d6:d8:ef:34:ac:e6:73:b5:63:96:d5:80:
                    6f:d0:fa:22:7c:0f:ee:35:10:bd:99:de:00:93:3c:
                    c4:64:3b:3b:a1:a8:63:e0:9f:0b:97:3e:31:b3:dd:
                    6b:04:7b:0f:59:1b:70:3b:78:18:e7:94:9f:e2:08:
                    6e:7d:91:7d:d5:9f:f9:b6:40:a0:13:90:45:92:21:
                    f8:14:93:16:83:8d:0f:d7:58:1f:d6:cc:c6:6d:ec:
                    a1:8c:53:de:50:c5:6f:30:9d:39:f0:c4:2e:28:9d:
                    f0:c1:19:46:a8:d5:0d:7b:06:ee:05:7d:01:16:02:
                    97:73:94:92:15:b2:e8:dd:ea:2e:f6:ec:24:42:86:
                    6f:00:ad:5d:7f:70:19:07:85:9b:0e:ec:c5:b5:28:
                    96:c9:e9:46:a5:70:a9:cb:e2:68:5b:13:c4:9f:eb:
                    dc:34:73:87:33:e6:f6:8f:65:ca:8f:24:28:7d:91:
                    55:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:C4:64:14:44:60:DE:C6:9F:92:B0:DB:1D:08:11:D9:61:3A:8A:B2
            X509v3 Authority Key Identifier:
                keyid:24:37:73:6E:6F:55:90:0A:DB:FB:04:56:C4:16:4F:67:B4:53:AC:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JDdzbm9VkArb-wRWxBZPZ7RTrI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/52bbe0-4cf3-4e31-9273-31668ae3b166/1/DsRkFERg3safkrDbHQgR2WE6irI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/52bbe0-4cf3-4e31-9273-31668ae3b166/1/JDdzbm9VkArb-wRWxBZPZ7RTrI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4046::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:02:e2:be:51:dc:b2:59:2f:87:0d:c4:0d:cb:9d:07:1a:36:
         9a:49:a4:9c:1b:c8:13:4d:70:b8:dd:83:6d:fe:cf:44:7a:04:
         89:93:a2:74:20:71:d6:a1:67:b2:f6:cb:66:79:02:8a:93:9b:
         18:58:51:ec:b1:cf:7c:20:2f:11:3b:fd:64:d1:c5:45:48:a7:
         8d:bf:8c:51:13:20:03:32:a5:8c:b6:bb:bb:24:18:cd:4c:26:
         26:22:31:d4:31:6a:34:27:de:21:09:a4:5f:6a:48:cf:c1:d2:
         39:2c:04:48:1f:6c:1d:8f:91:35:6d:ba:46:0e:19:2c:9c:f3:
         08:29:fc:19:48:64:f7:0b:c1:f2:64:ad:e5:59:fd:1f:b4:7d:
         78:49:ab:bb:17:4f:df:95:da:4d:2e:6c:e0:47:a4:28:ed:ec:
         90:62:37:17:57:8d:f7:19:8c:1f:a4:11:8a:b9:75:80:5c:71:
         2d:0d:02:69:11:85:f7:fa:5e:70:0c:ca:71:0f:cb:2a:16:28:
         3b:04:83:ac:b2:f9:10:4e:1f:38:66:33:45:24:9e:3a:bd:28:
         cf:b5:ef:16:ce:cf:d8:ae:92:b4:c7:dd:2d:30:ce:7e:46:41:
         8c:6f:f3:e5:90:65:8d:c0:3d:ed:9c:e9:4b:71:23:07:f3:ac:
         d9:6b:fe:6a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY067zUM75SOxyr3NvRCJHl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0Mzc3MzZlNmY1NTkwMGFkYmZiMDQ1NmM0MTY0ZjY3YjQ1
M2FjOGYwHhcNMjQwMTI0MTAwNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWM0NjQxNDQ0NjBkZWM2OWY5MmIwZGIxZDA4MTFkOTYxM2E4YWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzih5xsj2g6Kty3ZgwXWpOe4IE2R0
zhi8iIfAU+lE8bv/9N00qtl/htEOKoKU8nJbJkhSSee+UWK5bQoSYnRdPRaOhAA8
uAqgT2lINovW2O80rOZztWOW1YBv0PoifA/uNRC9md4AkzzEZDs7oahj4J8Llz4x
s91rBHsPWRtwO3gY55Sf4ghufZF91Z/5tkCgE5BFkiH4FJMWg40P11gf1szGbeyh
jFPeUMVvMJ058MQuKJ3wwRlGqNUNewbuBX0BFgKXc5SSFbLo3eou9uwkQoZvAK1d
f3AZB4WbDuzFtSiWyelGpXCpy+JoWxPEn+vcNHOHM+b2j2XKjyQofZFVXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA7EZBREYN7Gn5Kw2x0IEdlhOoqyMB8GA1UdIwQY
MBaAFCQ3c25vVZAK2/sEVsQWT2e0U6yPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkRkemJtOVZrQXJiLXdSV3hCWlBaN1JUckk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi81MmJiZTAtNGNmMy00ZTMxLTkyNzMt
MzE2NjhhZTNiMTY2LzEvRHNSa0ZFUmczc2Fma3JEYkhRZ1IyV0U2aXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi81MmJiZTAtNGNmMy00ZTMxLTkyNzMtMzE2NjhhZTNiMTY2
LzEvSkRkemJtOVZrQXJiLXdSV3hCWlBaN1JUckk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJARjAN
BgkqhkiG9w0BAQsFAAOCAQEAhALivlHcslkvhw3EDcudBxo2mkmknBvIE01wuN2D
bf7PRHoEiZOidCBx1qFnsvbLZnkCipObGFhR7LHPfCAvETv9ZNHFRUinjb+MURMg
AzKljLa7uyQYzUwmJiIx1DFqNCfeIQmkX2pIz8HSOSwESB9sHY+RNW26Rg4ZLJzz
CCn8GUhk9wvB8mSt5Vn9H7R9eEmruxdP35XaTS5s4EekKO3skGI3F1eN9xmMH6QR
irl1gFxxLQ0CaRGF9/pecAzKcQ/LKhYoOwSDrLL5EE4fOGYzRSSeOr0oz7XvFs7P
2K6StMfdLTDOfkZBjG/z5ZBljcA97ZzpS3EjB/Os2Wv+ag==
-----END CERTIFICATE-----