Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/86ff77-9772-4b28-aa12-89ff06f79635/1/LnOKhHlXHgf9Bc7By8RdD87CENc.roa
File:                     LnOKhHlXHgf9Bc7By8RdD87CENc.roa (raw, json)
Hash identifier:          SBq8tD3nAGx2l0m6YmZ4sb5xKbi6vLmOJJ/u4lHDzyQ=
Subject key identifier:   2E:73:8A:84:79:57:1E:07:FD:05:CE:C1:CB:C4:5D:0F:CE:C2:10:D7
Certificate issuer:       /CN=3ce7566bb5b19e700f48e25e07506c2f222df384
Certificate serial:       019420683107E85FE96D24F03765379D91DF
Authority key identifier: 3C:E7:56:6B:B5:B1:9E:70:0F:48:E2:5E:07:50:6C:2F:22:2D:F3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/POdWa7WxnnAPSOJeB1BsLyIt84Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/86ff77-9772-4b28-aa12-89ff06f79635/1/LnOKhHlXHgf9Bc7By8RdD87CENc.roa
Signing time:             Wed 01 Jan 2025 05:48:06 +0000
ROA not before:           Wed 01 Jan 2025 05:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51396
IP address blocks:        2a12:2640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/86ff77-9772-4b28-aa12-89ff06f79635/1/POdWa7WxnnAPSOJeB1BsLyIt84Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/86ff77-9772-4b28-aa12-89ff06f79635/1/POdWa7WxnnAPSOJeB1BsLyIt84Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/POdWa7WxnnAPSOJeB1BsLyIt84Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:31:07:e8:5f:e9:6d:24:f0:37:65:37:9d:91:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ce7566bb5b19e700f48e25e07506c2f222df384
        Validity
            Not Before: Jan  1 05:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e738a8479571e07fd05cec1cbc45d0fcec210d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b0:53:bd:92:ee:3d:cf:33:f6:58:9a:13:5c:
                    29:47:69:51:2e:c2:52:4e:9d:e6:3a:98:87:85:a0:
                    01:0a:25:45:69:af:8e:99:e8:ac:39:58:21:4f:bd:
                    7a:49:96:28:ca:74:24:6d:d8:67:9a:29:80:26:fb:
                    d0:25:f6:c8:9b:4e:d8:b6:fc:ad:72:ee:b9:f9:f0:
                    1a:d3:53:8e:90:4a:86:c9:d8:e5:45:10:cb:e6:03:
                    0b:df:73:57:44:1a:5b:4e:d9:cf:dd:ab:fa:bf:ac:
                    a6:0c:ad:1a:f9:67:f3:18:12:34:17:b5:04:71:67:
                    a2:c9:50:2c:f5:17:b6:1f:27:76:05:b4:5f:a5:db:
                    57:e0:4b:ca:56:ff:aa:36:1f:dd:5b:6a:a5:29:a6:
                    29:14:b9:e3:0f:0c:60:4f:f0:44:1e:2c:60:fe:68:
                    c0:4c:cb:67:72:55:2f:9b:44:39:99:a8:2e:8d:e9:
                    b0:b5:31:fc:b2:2f:1a:77:dc:d2:5c:a9:b8:78:8b:
                    2d:1d:97:14:cf:c7:26:09:9a:c7:e3:63:05:f5:de:
                    df:bc:f0:af:17:f9:9c:67:dc:7c:2d:d4:d5:09:f2:
                    d8:4c:36:30:31:a2:ac:04:74:ae:e3:01:3e:f3:f2:
                    5f:9e:6f:1e:65:f2:60:43:fc:01:eb:96:4d:27:a1:
                    05:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:73:8A:84:79:57:1E:07:FD:05:CE:C1:CB:C4:5D:0F:CE:C2:10:D7
            X509v3 Authority Key Identifier:
                keyid:3C:E7:56:6B:B5:B1:9E:70:0F:48:E2:5E:07:50:6C:2F:22:2D:F3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/POdWa7WxnnAPSOJeB1BsLyIt84Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/86ff77-9772-4b28-aa12-89ff06f79635/1/LnOKhHlXHgf9Bc7By8RdD87CENc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/86ff77-9772-4b28-aa12-89ff06f79635/1/POdWa7WxnnAPSOJeB1BsLyIt84Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:2640::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:44:d8:59:7f:48:2d:7a:90:04:82:a9:43:63:ba:a8:bf:91:
         f6:48:f7:21:b8:55:53:6c:28:e0:f8:ff:69:35:45:76:e7:b9:
         5a:1a:86:a4:23:46:98:5b:ba:f3:c7:38:b2:a7:e2:54:f9:17:
         05:eb:21:ed:db:36:36:e3:34:dc:c2:ae:67:73:10:01:80:cf:
         f7:8f:5f:b0:52:df:63:38:f2:1f:cb:33:22:ab:2d:95:f5:11:
         e0:58:3a:3b:1c:ed:be:dc:0c:32:ed:df:bf:ca:e0:25:cf:7d:
         3d:91:87:f7:94:2b:1c:89:55:c2:9a:15:65:32:6f:9a:e2:b9:
         76:a1:b8:13:8a:b0:a3:b9:e1:1f:51:b8:ae:8c:85:d0:af:d4:
         81:4c:30:08:5a:40:3d:a7:9d:a0:07:0b:de:c5:2c:57:ab:20:
         89:a5:ad:d4:d6:ca:45:be:8b:a5:49:a6:16:3a:ba:f1:b7:5f:
         49:5b:c0:b7:0e:f0:08:5c:27:35:0b:9c:5c:fe:ba:f5:5f:8b:
         f7:8f:7e:da:4d:fa:c8:9c:2d:92:71:8b:f9:8d:80:6a:07:a1:
         ac:81:03:f1:03:b1:af:cb:44:b2:29:fc:ab:45:61:b4:43:19:
         50:91:fc:1d:30:3a:b5:bd:6e:db:da:f1:2b:0c:a1:f6:1a:b0:
         90:9c:2c:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgaDEH6F/pbSTwN2U3nZHfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZTc1NjZiYjViMTllNzAwZjQ4ZTI1ZTA3NTA2YzJmMjIy
ZGYzODQwHhcNMjUwMTAxMDU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTczOGE4NDc5NTcxZTA3ZmQwNWNlYzFjYmM0NWQwZmNlYzIxMGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrBTvZLuPc8z9liaE1wpR2lRLsJS
Tp3mOpiHhaABCiVFaa+OmeisOVghT716SZYoynQkbdhnmimAJvvQJfbIm07Ytvyt
cu65+fAa01OOkEqGydjlRRDL5gML33NXRBpbTtnP3av6v6ymDK0a+WfzGBI0F7UE
cWeiyVAs9Re2Hyd2BbRfpdtX4EvKVv+qNh/dW2qlKaYpFLnjDwxgT/BEHixg/mjA
TMtnclUvm0Q5magujemwtTH8si8ad9zSXKm4eIstHZcUz8cmCZrH42MF9d7fvPCv
F/mcZ9x8LdTVCfLYTDYwMaKsBHSu4wE+8/Jfnm8eZfJgQ/wB65ZNJ6EFoQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC5zioR5Vx4H/QXOwcvEXQ/OwhDXMB8GA1UdIwQY
MBaAFDznVmu1sZ5wD0jiXgdQbC8iLfOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE9kV2E3V3hubkFQU09KZUIxQnNMeUl0ODRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84NmZmNzctOTc3Mi00YjI4LWFhMTIt
ODlmZjA2Zjc5NjM1LzEvTG5PS2hIbFhIZ2Y5QmM3Qnk4UmREODdDRU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84NmZmNzctOTc3Mi00YjI4LWFhMTItODlmZjA2Zjc5NjM1
LzEvUE9kV2E3V3hubkFQU09KZUIxQnNMeUl0ODRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhImQDAN
BgkqhkiG9w0BAQsFAAOCAQEApETYWX9ILXqQBIKpQ2O6qL+R9kj3IbhVU2wo4Pj/
aTVFdue5WhqGpCNGmFu688c4sqfiVPkXBesh7ds2NuM03MKuZ3MQAYDP949fsFLf
YzjyH8szIqstlfUR4Fg6OxztvtwMMu3fv8rgJc99PZGH95QrHIlVwpoVZTJvmuK5
dqG4E4qwo7nhH1G4royF0K/UgUwwCFpAPaedoAcL3sUsV6sgiaWt1NbKRb6LpUmm
Fjq68bdfSVvAtw7wCFwnNQucXP669V+L949+2k36yJwtknGL+Y2AagehrIED8QOx
r8tEsin8q0VhtEMZUJH8HTA6tb1u29rxKwyh9hqwkJws/Q==
-----END CERTIFICATE-----