Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/yCvmEb_k9jqfpmxKScsdu0ukXQo.roa
File:                     yCvmEb_k9jqfpmxKScsdu0ukXQo.roa (raw, json)
Hash identifier:          STE6R8LxRHdLstxqSGEOZBWnOgMySPMmqMZCSShLv8g=
Subject key identifier:   C8:2B:E6:11:BF:E4:F6:3A:9F:A6:6C:4A:49:CB:1D:BB:4B:A4:5D:0A
Certificate issuer:       /CN=823b6f3b7af87bb8ef6dd843bebd6d81b0559213
Certificate serial:       018CC26D7555DBEF9D875E29F15F48F56446
Authority key identifier: 82:3B:6F:3B:7A:F8:7B:B8:EF:6D:D8:43:BE:BD:6D:81:B0:55:92:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gjtvO3r4e7jvbdhDvr1tgbBVkhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/yCvmEb_k9jqfpmxKScsdu0ukXQo.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        2a12:8440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/gjtvO3r4e7jvbdhDvr1tgbBVkhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/gjtvO3r4e7jvbdhDvr1tgbBVkhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gjtvO3r4e7jvbdhDvr1tgbBVkhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 19:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:75:55:db:ef:9d:87:5e:29:f1:5f:48:f5:64:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=823b6f3b7af87bb8ef6dd843bebd6d81b0559213
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c82be611bfe4f63a9fa66c4a49cb1dbb4ba45d0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:40:d6:84:08:81:1f:0e:bb:f5:44:dd:e1:f9:
                    57:d6:1d:3f:72:6c:33:9f:33:f5:2d:48:79:53:e9:
                    5f:5d:05:bd:02:ba:98:8e:8e:b5:4f:e8:b2:88:fe:
                    58:c8:55:0c:16:ea:c8:65:5c:67:70:bd:8f:ba:78:
                    d2:fe:83:cc:79:f3:31:9d:19:5a:0e:b2:4c:b3:5a:
                    53:bf:e6:1f:65:d9:f2:66:2d:08:8d:d0:b1:fd:ac:
                    be:51:08:0b:0e:e5:d2:34:b8:73:f8:ad:6a:81:9f:
                    f9:5e:5f:a4:43:c9:80:31:98:46:f6:c0:2c:c4:55:
                    f5:51:f2:86:8f:23:2a:af:05:ed:eb:7a:fc:40:c8:
                    99:b5:9e:ac:a8:0c:4d:20:53:59:0f:3d:22:e2:95:
                    5e:d3:be:91:7d:3f:47:21:88:22:c9:04:24:f7:bf:
                    19:ae:08:14:8b:fb:71:48:f7:ce:77:18:5e:89:87:
                    87:7f:b2:d4:27:be:f7:6f:b8:ec:cc:0e:d3:13:e3:
                    7a:b3:fe:88:14:a8:6d:6a:34:85:ba:ec:99:d3:dd:
                    5d:97:f8:b4:ca:9a:77:64:23:57:6b:fd:84:b0:68:
                    bb:bc:85:c4:bf:cc:f1:96:b9:25:14:c3:d8:00:99:
                    e3:79:41:55:5e:54:ef:3b:3c:7c:85:bb:ad:63:1b:
                    ef:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:2B:E6:11:BF:E4:F6:3A:9F:A6:6C:4A:49:CB:1D:BB:4B:A4:5D:0A
            X509v3 Authority Key Identifier:
                keyid:82:3B:6F:3B:7A:F8:7B:B8:EF:6D:D8:43:BE:BD:6D:81:B0:55:92:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gjtvO3r4e7jvbdhDvr1tgbBVkhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/yCvmEb_k9jqfpmxKScsdu0ukXQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/gjtvO3r4e7jvbdhDvr1tgbBVkhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8440::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:7e:ca:1b:c9:68:fb:f7:b8:7c:a7:f6:5a:0c:ed:5b:a0:36:
         c1:51:b3:38:11:54:bb:2d:51:26:32:57:35:8a:99:49:dc:39:
         71:de:55:bf:74:7a:25:b4:cc:06:23:4d:35:55:51:47:e5:c4:
         c3:eb:70:f1:66:b1:f8:4d:10:4b:d6:ad:ce:5e:0f:ce:7a:71:
         48:93:81:3f:3d:83:77:17:dd:d9:1a:91:49:6c:7e:90:ed:1b:
         d7:b0:ef:6c:3a:ae:4b:be:c3:12:a2:6f:4b:36:4e:97:d8:eb:
         86:26:12:33:5e:25:18:94:17:98:19:5e:de:53:6e:a0:d4:82:
         a2:d4:df:16:94:d8:bc:c9:47:c3:f9:68:ee:8f:c0:75:eb:f6:
         31:38:19:95:7d:4a:9f:64:ec:ca:e3:65:23:98:b7:06:61:8a:
         f9:ab:69:b8:a1:de:79:23:d8:b7:ed:72:26:c7:5f:f8:40:9d:
         0b:e8:55:7c:83:33:ed:12:10:b1:45:cb:af:fa:16:a3:89:b3:
         b4:06:88:4d:82:00:d9:cf:00:6a:85:de:1e:09:4d:c9:21:f0:
         ac:1f:d9:84:8b:ef:0d:8e:78:c4:f6:58:c3:6e:d1:65:2c:46:
         b9:45:65:78:01:f9:0e:16:c1:19:ec:7c:58:57:99:49:bf:22:
         fa:e9:7a:66
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbXVV2++dh14p8V9I9WRGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyM2I2ZjNiN2FmODdiYjhlZjZkZDg0M2JlYmQ2ZDgxYjA1
NTkyMTMwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODJiZTYxMWJmZTRmNjNhOWZhNjZjNGE0OWNiMWRiYjRiYTQ1ZDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkDWhAiBHw679UTd4flX1h0/cmwz
nzP1LUh5U+lfXQW9ArqYjo61T+iyiP5YyFUMFurIZVxncL2PunjS/oPMefMxnRla
DrJMs1pTv+YfZdnyZi0IjdCx/ay+UQgLDuXSNLhz+K1qgZ/5Xl+kQ8mAMZhG9sAs
xFX1UfKGjyMqrwXt63r8QMiZtZ6sqAxNIFNZDz0i4pVe076RfT9HIYgiyQQk978Z
rggUi/txSPfOdxheiYeHf7LUJ773b7jszA7TE+N6s/6IFKhtajSFuuyZ091dl/i0
ypp3ZCNXa/2EsGi7vIXEv8zxlrklFMPYAJnjeUFVXlTvOzx8hbutYxvvywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMgr5hG/5PY6n6ZsSknLHbtLpF0KMB8GA1UdIwQY
MBaAFII7bzt6+Hu4723YQ769bYGwVZITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2p0dk8zcjRlN2p2YmRoRHZyMXRnYkJWa2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jNDk0Y2ItMjUxNy00MWE4LWE0NTct
ZTcxMGMyYTE0YmNlLzEveUN2bUViX2s5anFmcG14S1Njc2R1MHVrWFFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jNDk0Y2ItMjUxNy00MWE4LWE0NTctZTcxMGMyYTE0YmNl
LzEvZ2p0dk8zcjRlN2p2YmRoRHZyMXRnYkJWa2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhKEQDAN
BgkqhkiG9w0BAQsFAAOCAQEAW37KG8lo+/e4fKf2WgztW6A2wVGzOBFUuy1RJjJX
NYqZSdw5cd5Vv3R6JbTMBiNNNVVRR+XEw+tw8Wax+E0QS9atzl4PznpxSJOBPz2D
dxfd2RqRSWx+kO0b17DvbDquS77DEqJvSzZOl9jrhiYSM14lGJQXmBle3lNuoNSC
otTfFpTYvMlHw/lo7o/Adev2MTgZlX1Kn2TsyuNlI5i3BmGK+atpuKHeeSPYt+1y
Jsdf+ECdC+hVfIMz7RIQsUXLr/oWo4mztAaITYIA2c8AaoXeHglNySHwrB/ZhIvv
DY54xPZYw27RZSxGuUVleAH5DhbBGex8WFeZSb8i+ul6Zg==
-----END CERTIFICATE-----