Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/MIcKbcX6sCg2UYL51k9PfAb2yXk.roa
File:                     MIcKbcX6sCg2UYL51k9PfAb2yXk.roa (raw, json)
Hash identifier:          kvxBXVnEalI9jTyDI+HBKgmRDyoiQHFIPceL8IvKfYg=
Subject key identifier:   30:87:0A:6D:C5:FA:B0:28:36:51:82:F9:D6:4F:4F:7C:06:F6:C9:79
Certificate issuer:       /CN=7a550c8065bf6033fcc6a3b03813ef9271924196
Certificate serial:       01942444F74A41FC896E13AD3BEA9C85AA2A
Authority key identifier: 7A:55:0C:80:65:BF:60:33:FC:C6:A3:B0:38:13:EF:92:71:92:41:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/MIcKbcX6sCg2UYL51k9PfAb2yXk.roa
Signing time:             Wed 01 Jan 2025 23:48:06 +0000
ROA not before:           Wed 01 Jan 2025 23:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35913
IP address blocks:        2a12:8940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:f7:4a:41:fc:89:6e:13:ad:3b:ea:9c:85:aa:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a550c8065bf6033fcc6a3b03813ef9271924196
        Validity
            Not Before: Jan  1 23:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30870a6dc5fab028365182f9d64f4f7c06f6c979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:06:f6:77:5c:18:db:c1:8c:4a:22:4e:e3:4a:
                    8c:f4:7d:68:fa:67:cd:72:36:8f:4c:97:0c:ae:e6:
                    63:90:63:63:40:ba:c5:2f:e6:54:98:2c:3c:a6:d5:
                    dc:77:58:1e:64:f0:ee:31:27:24:7b:4b:d6:d9:4f:
                    08:ef:48:da:e8:52:e6:d8:1c:86:cf:08:68:f6:ca:
                    52:93:af:48:4a:02:64:d2:76:4c:f7:67:a0:20:00:
                    c9:71:7b:53:2e:76:53:27:41:fe:ea:ee:35:bd:36:
                    56:ce:a8:a6:a3:71:56:4e:87:46:e0:e6:3e:cf:70:
                    70:c9:4d:8c:94:50:d8:39:65:6f:eb:44:6d:c4:15:
                    a1:a5:3d:57:39:f6:87:b9:ad:55:6d:c5:00:f6:63:
                    38:d5:ea:5e:64:fa:41:71:db:b9:8f:fb:18:83:43:
                    9c:91:ca:de:c8:d2:0f:22:87:00:55:9a:0e:39:9e:
                    ed:c5:97:72:a5:57:76:41:60:39:df:59:2f:7b:98:
                    fb:bf:bc:45:d3:c0:f3:9a:35:84:37:a5:a2:1c:c1:
                    0b:74:9d:da:6e:7a:6d:4c:31:e0:a2:2a:11:82:cc:
                    36:bf:aa:e8:49:b0:2b:86:1a:55:f4:c3:eb:63:01:
                    ad:74:76:fc:32:17:b3:76:f2:07:1e:91:b6:20:5b:
                    2b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:87:0A:6D:C5:FA:B0:28:36:51:82:F9:D6:4F:4F:7C:06:F6:C9:79
            X509v3 Authority Key Identifier:
                keyid:7A:55:0C:80:65:BF:60:33:FC:C6:A3:B0:38:13:EF:92:71:92:41:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/MIcKbcX6sCg2UYL51k9PfAb2yXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8940::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:84:09:11:e8:e9:43:ba:86:77:d3:ea:29:19:13:a7:b4:a2:
         b8:62:5c:da:40:fc:45:03:38:ce:7d:08:eb:93:94:c5:3b:41:
         10:9f:cd:2c:09:cf:54:99:ec:74:8f:25:d1:0f:3e:7e:15:9f:
         00:1a:6c:10:fa:88:0c:5d:9a:19:46:0f:fd:26:1d:79:d2:37:
         47:25:9d:f6:82:db:75:8b:e8:fe:0b:02:e7:8b:a6:4b:0e:70:
         12:76:ca:02:d6:39:83:a9:eb:28:86:7a:45:cd:74:6d:68:de:
         75:87:0f:de:89:38:45:1c:cd:98:9a:d3:c6:d6:e7:db:74:4d:
         29:27:bb:d9:49:0d:ab:dd:d9:be:d6:81:3a:21:e8:86:53:f7:
         39:54:a4:ef:9b:b5:08:63:38:e7:14:04:b6:67:19:87:8e:11:
         ba:42:3a:38:1f:dc:92:f8:c4:09:0f:f0:3e:09:a5:9b:00:48:
         2a:e4:f9:cf:75:d9:47:00:35:80:28:74:0d:e5:84:8f:24:46:
         e6:26:7e:24:d1:5d:d8:65:93:db:9d:b4:50:fd:d3:c4:3d:67:
         b8:4a:b2:f8:01:29:04:9a:cd:9e:ae:4b:ea:0a:42:4d:c2:d7:
         c4:bf:45:d2:39:0c:aa:aa:fc:6d:b1:24:b8:0e:0f:59:16:4e:
         e9:11:b0:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRPdKQfyJbhOtO+qchaoqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhNTUwYzgwNjViZjYwMzNmY2M2YTNiMDM4MTNlZjkyNzE5
MjQxOTYwHhcNMjUwMTAxMjM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDg3MGE2ZGM1ZmFiMDI4MzY1MTgyZjlkNjRmNGY3YzA2ZjZjOTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2wb2d1wY28GMSiJO40qM9H1o+mfN
cjaPTJcMruZjkGNjQLrFL+ZUmCw8ptXcd1geZPDuMScke0vW2U8I70ja6FLm2ByG
zwho9spSk69ISgJk0nZM92egIADJcXtTLnZTJ0H+6u41vTZWzqimo3FWTodG4OY+
z3BwyU2MlFDYOWVv60RtxBWhpT1XOfaHua1VbcUA9mM41epeZPpBcdu5j/sYg0Oc
kcreyNIPIocAVZoOOZ7txZdypVd2QWA531kve5j7v7xF08DzmjWEN6WiHMELdJ3a
bnptTDHgoioRgsw2v6roSbArhhpV9MPrYwGtdHb8MhezdvIHHpG2IFsrKwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDCHCm3F+rAoNlGC+dZPT3wG9sl5MB8GA1UdIwQY
MBaAFHpVDIBlv2Az/MajsDgT75JxkkGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWxVTWdHV19ZRFA4eHFPd09CUHZrbkdTUVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS81MmZiMDktNmEyNy00MzY5LWJiZGIt
ODdiZmMzN2YwZWMyLzEvTUljS2JjWDZzQ2cyVVlMNTFrOVBmQWIyeVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS81MmZiMDktNmEyNy00MzY5LWJiZGItODdiZmMzN2YwZWMy
LzEvZWxVTWdHV19ZRFA4eHFPd09CUHZrbkdTUVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhKJQDAN
BgkqhkiG9w0BAQsFAAOCAQEAhoQJEejpQ7qGd9PqKRkTp7SiuGJc2kD8RQM4zn0I
65OUxTtBEJ/NLAnPVJnsdI8l0Q8+fhWfABpsEPqIDF2aGUYP/SYdedI3RyWd9oLb
dYvo/gsC54umSw5wEnbKAtY5g6nrKIZ6Rc10bWjedYcP3ok4RRzNmJrTxtbn23RN
KSe72UkNq93ZvtaBOiHohlP3OVSk75u1CGM45xQEtmcZh44RukI6OB/ckvjECQ/w
PgmlmwBIKuT5z3XZRwA1gCh0DeWEjyRG5iZ+JNFd2GWT2520UP3TxD1nuEqy+AEp
BJrNnq5L6gpCTcLXxL9F0jkMqqr8bbEkuA4PWRZO6RGwQQ==
-----END CERTIFICATE-----