Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/ht12_jPsrQs-Ia-EeFdDyTZTEyI.roa
File:                     ht12_jPsrQs-Ia-EeFdDyTZTEyI.roa (raw, json)
Hash identifier:          5/C7CIXxUr5KWkDhcytj4BxuIsR/V3hD3EqW/EbSjHc=
Subject key identifier:   86:DD:76:FE:33:EC:AD:0B:3E:21:AF:84:78:57:43:C9:36:53:13:22
Certificate issuer:       /CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
Certificate serial:       019425FDCD3819F02B7132196A2093C9BA40
Authority key identifier: BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/ht12_jPsrQs-Ia-EeFdDyTZTEyI.roa
Signing time:             Thu 02 Jan 2025 07:49:37 +0000
ROA not before:           Thu 02 Jan 2025 07:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9083
IP address blocks:        212.96.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:cd:38:19:f0:2b:71:32:19:6a:20:93:c9:ba:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
        Validity
            Not Before: Jan  2 07:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86dd76fe33ecad0b3e21af84785743c936531322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f1:06:f3:67:15:61:12:a4:80:35:ac:94:39:
                    de:e4:00:60:12:96:cb:c7:e7:bb:59:1f:25:7d:a8:
                    d3:25:b6:eb:87:a6:7c:8f:2a:3a:11:39:9c:87:b1:
                    8b:13:cc:90:27:66:8c:91:b3:62:59:7c:cc:b4:46:
                    b9:c2:04:89:fe:9e:07:68:30:35:d8:d3:f7:c0:b5:
                    8e:44:37:7a:30:72:c7:fa:94:92:dc:fe:4b:55:c0:
                    67:7e:e9:e6:02:b2:9b:7d:c7:de:95:f2:a0:46:b2:
                    97:eb:37:bc:d8:91:97:6c:eb:7a:b2:22:ef:bf:43:
                    e2:a9:cf:62:b6:19:1a:6d:d8:10:d6:05:b5:8e:96:
                    b5:a3:06:23:0a:2c:f4:78:0e:d5:74:32:74:39:af:
                    cd:e6:a6:26:12:b9:ed:d4:13:29:39:42:a9:4f:21:
                    04:a2:24:0b:b8:7c:ca:28:26:ac:cc:06:15:fa:16:
                    79:5f:3f:af:f8:88:4e:80:9d:6e:99:fe:22:0d:ac:
                    d4:8e:de:f7:f5:49:79:3d:4f:1b:f4:43:85:0d:9a:
                    f0:ce:59:5d:97:13:aa:61:86:f3:41:87:07:6c:31:
                    d9:83:d9:7a:62:dc:4f:4b:bd:20:38:36:9b:6e:bc:
                    51:5d:c2:20:db:b1:cc:c9:04:07:e8:9d:0d:ba:e9:
                    dc:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:DD:76:FE:33:EC:AD:0B:3E:21:AF:84:78:57:43:C9:36:53:13:22
            X509v3 Authority Key Identifier:
                keyid:BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/ht12_jPsrQs-Ia-EeFdDyTZTEyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.96.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1b:68:4d:a4:40:89:24:d6:48:23:4b:d8:f4:cd:4d:5c:ba:95:
         28:3b:9c:d4:ad:cb:5d:6b:aa:c5:d9:b0:ab:c1:07:76:96:02:
         5a:17:3a:67:18:00:92:5b:37:0e:83:3c:43:54:7a:a7:77:a6:
         a6:90:26:3f:39:5f:ce:e2:94:0e:99:64:30:cb:a0:3c:43:4d:
         ac:2c:2e:3e:6a:8b:f2:97:68:f0:4e:2d:a8:d6:a5:98:7e:48:
         06:ef:18:a6:d4:4a:ba:57:2c:46:77:5e:a4:67:2d:36:5c:83:
         a3:b4:0c:2c:72:80:8f:25:25:88:e2:32:6a:fa:b9:e8:66:2c:
         7c:b9:90:e8:4f:48:3d:16:05:3d:a7:79:59:5d:9d:0b:8e:42:
         c7:da:1a:22:f6:c6:c5:60:a8:05:0a:be:80:59:80:41:e0:49:
         67:b4:e0:b9:88:99:dc:a1:87:1c:a6:f0:51:07:f6:41:4a:30:
         b0:db:c9:cd:9f:b1:82:e7:b0:61:f5:ce:72:27:6e:85:da:ae:
         82:39:f2:3d:bf:f5:ca:66:f6:22:a7:54:f0:a4:c2:1f:40:38:
         00:71:bb:29:ad:6a:49:33:03:90:95:20:06:ab:42:15:2f:e4:
         1b:f9:04:d6:e5:5b:07:68:20:d3:cd:c6:62:24:1a:10:1a:80:
         e1:f3:ef:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/c04GfArcTIZaiCTybpAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjM2EyNTJhOGZjY2EwMzYxZGEyMzRhNGYzZGRiOTU3Nzg5
ZDBlNTUwHhcNMjUwMTAyMDc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmRkNzZmZTMzZWNhZDBiM2UyMWFmODQ3ODU3NDNjOTM2NTMxMzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvEG82cVYRKkgDWslDne5ABgEpbL
x+e7WR8lfajTJbbrh6Z8jyo6ETmch7GLE8yQJ2aMkbNiWXzMtEa5wgSJ/p4HaDA1
2NP3wLWORDd6MHLH+pSS3P5LVcBnfunmArKbfcfelfKgRrKX6ze82JGXbOt6siLv
v0Piqc9ithkabdgQ1gW1jpa1owYjCiz0eA7VdDJ0Oa/N5qYmErnt1BMpOUKpTyEE
oiQLuHzKKCaszAYV+hZ5Xz+v+IhOgJ1umf4iDazUjt739Ul5PU8b9EOFDZrwzlld
lxOqYYbzQYcHbDHZg9l6YtxPS70gODabbrxRXcIg27HMyQQH6J0NuuncDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbddv4z7K0LPiGvhHhXQ8k2UxMiMB8GA1UdIwQY
MBaAFLw6JSqPzKA2HaI0pPPduVd4nQ5VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDkt
MGExOTUxOGY3MzU4LzEvaHQxMl9qUHNyUXMtSWEtRWVGZER5VFpURXlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDktMGExOTUxOGY3MzU4
LzEvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1GCAMA0G
CSqGSIb3DQEBCwUAA4IBAQAbaE2kQIkk1kgjS9j0zU1cupUoO5zUrctda6rF2bCr
wQd2lgJaFzpnGACSWzcOgzxDVHqnd6amkCY/OV/O4pQOmWQwy6A8Q02sLC4+aovy
l2jwTi2o1qWYfkgG7xim1Eq6VyxGd16kZy02XIOjtAwscoCPJSWI4jJq+rnoZix8
uZDoT0g9FgU9p3lZXZ0LjkLH2hoi9sbFYKgFCr6AWYBB4ElntOC5iJncoYccpvBR
B/ZBSjCw28nNn7GC57Bh9c5yJ26F2q6COfI9v/XKZvYip1TwpMIfQDgAcbsprWpJ
MwOQlSAGq0IVL+Qb+QTW5VsHaCDTzcZiJBoQGoDh8+9K
-----END CERTIFICATE-----