Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/QBpqlWvc3yb35mRLTb_pFbzXRVw.roa
File:                     QBpqlWvc3yb35mRLTb_pFbzXRVw.roa (raw, json)
Hash identifier:          z+CCvUY9oDoFBNK+B2q1D/oBzzvbXKBlkcn7BrRbfZw=
Subject key identifier:   40:1A:6A:95:6B:DC:DF:26:F7:E6:64:4B:4D:BF:E9:15:BC:D7:45:5C
Certificate issuer:       /CN=1cecefd9eadb2d5284d713b94b56d3abbc10e9e5
Certificate serial:       018CC4938D7F6629C941AFA94E74C071F2C8
Authority key identifier: 1C:EC:EF:D9:EA:DB:2D:52:84:D7:13:B9:4B:56:D3:AB:BC:10:E9:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HOzv2erbLVKE1xO5S1bTq7wQ6eU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/QBpqlWvc3yb35mRLTb_pFbzXRVw.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51205
IP address blocks:        2a12:9140::/48 maxlen: 48
                          2a12:9140:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/HOzv2erbLVKE1xO5S1bTq7wQ6eU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/HOzv2erbLVKE1xO5S1bTq7wQ6eU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HOzv2erbLVKE1xO5S1bTq7wQ6eU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8d:7f:66:29:c9:41:af:a9:4e:74:c0:71:f2:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cecefd9eadb2d5284d713b94b56d3abbc10e9e5
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=401a6a956bdcdf26f7e6644b4dbfe915bcd7455c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3e:0c:04:f2:5e:06:81:cc:80:18:e3:84:d4:
                    b7:6c:b7:1b:6a:51:32:5c:5e:0c:7b:b8:00:2f:22:
                    4c:c5:bd:4c:66:b2:42:67:38:cf:d2:9d:2e:56:08:
                    73:b4:2f:49:d2:4d:05:d0:92:3c:04:e3:12:a1:71:
                    32:ff:5b:12:b6:4e:98:30:99:be:1d:f4:b8:36:b9:
                    b2:55:76:6d:7e:7f:69:83:08:85:df:e3:7f:c3:71:
                    4c:17:61:a4:bb:d6:7a:ce:82:dc:c7:80:2c:a2:5b:
                    9a:1a:f3:b6:f5:80:80:c1:2f:20:25:46:b8:dd:8b:
                    df:17:28:19:50:8f:52:52:26:39:d0:e4:c6:da:0e:
                    6e:16:14:de:65:03:3f:2f:3d:c9:cb:03:d7:4c:0a:
                    4e:e4:55:a6:c6:5d:3b:04:40:a9:0d:01:39:43:e3:
                    62:7d:9e:bf:ca:a8:3b:6f:de:1c:16:20:be:79:dc:
                    0d:88:78:ae:76:1a:d2:09:7e:46:9c:1a:64:3a:c9:
                    74:2e:5f:98:21:cf:f3:f5:33:ee:61:58:4e:89:28:
                    d2:5a:6c:2e:08:c8:70:77:07:90:af:5c:83:ec:ec:
                    7a:92:45:52:55:5b:4b:1c:2e:16:20:42:76:62:2b:
                    89:58:4e:23:38:cf:7c:b6:7a:d9:5e:c7:57:11:98:
                    f6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1A:6A:95:6B:DC:DF:26:F7:E6:64:4B:4D:BF:E9:15:BC:D7:45:5C
            X509v3 Authority Key Identifier:
                keyid:1C:EC:EF:D9:EA:DB:2D:52:84:D7:13:B9:4B:56:D3:AB:BC:10:E9:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HOzv2erbLVKE1xO5S1bTq7wQ6eU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/QBpqlWvc3yb35mRLTb_pFbzXRVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/HOzv2erbLVKE1xO5S1bTq7wQ6eU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:9140::/47

    Signature Algorithm: sha256WithRSAEncryption
         30:2d:ea:c2:bd:b8:ab:9e:30:74:b2:f0:fe:08:68:bd:48:83:
         91:2f:a6:25:21:94:52:d5:52:4b:f7:b1:b0:2d:1c:47:57:fb:
         61:9a:55:6a:97:19:a1:91:b8:70:48:62:35:a9:83:fa:a2:de:
         12:45:5c:a8:fa:7c:fc:89:97:ff:e9:94:65:1a:a5:36:3d:2c:
         b2:8a:18:24:63:06:74:72:f1:0c:c1:5e:49:5f:46:8a:5a:24:
         35:57:73:d7:dc:f6:fd:bb:ae:a4:b0:46:87:03:17:5e:70:8d:
         3c:15:1b:f6:55:6a:9a:27:36:cf:6a:db:bc:44:a0:9f:84:f7:
         24:64:24:37:4d:39:5b:ad:28:5f:69:47:b2:00:d0:1a:b1:a1:
         6d:43:e7:07:73:d7:a1:11:90:ea:8b:85:6e:b5:60:b3:58:7c:
         12:16:ea:89:24:28:26:a6:f0:78:8d:8d:1f:a8:b0:4a:4f:64:
         12:59:92:60:59:6d:83:ab:55:71:00:96:85:2e:45:ad:f3:d2:
         ef:c4:c2:85:77:a9:04:48:98:62:fa:c7:b6:81:38:4c:9f:c7:
         d1:27:6e:6b:9c:76:e1:24:53:8f:48:99:14:39:f7:74:3a:6f:
         99:4f:9a:90:d9:50:9c:bc:ce:de:be:05:1b:29:d1:08:33:81:
         40:51:b8:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk41/ZinJQa+pTnTAcfLIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZWNlZmQ5ZWFkYjJkNTI4NGQ3MTNiOTRiNTZkM2FiYmMx
MGU5ZTUwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDFhNmE5NTZiZGNkZjI2ZjdlNjY0NGI0ZGJmZTkxNWJjZDc0NTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmD4MBPJeBoHMgBjjhNS3bLcbalEy
XF4Me7gALyJMxb1MZrJCZzjP0p0uVghztC9J0k0F0JI8BOMSoXEy/1sStk6YMJm+
HfS4NrmyVXZtfn9pgwiF3+N/w3FMF2Gku9Z6zoLcx4AsoluaGvO29YCAwS8gJUa4
3YvfFygZUI9SUiY50OTG2g5uFhTeZQM/Lz3JywPXTApO5FWmxl07BECpDQE5Q+Ni
fZ6/yqg7b94cFiC+edwNiHiudhrSCX5GnBpkOsl0Ll+YIc/z9TPuYVhOiSjSWmwu
CMhwdweQr1yD7Ox6kkVSVVtLHC4WIEJ2YiuJWE4jOM98tnrZXsdXEZj2TQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEAaapVr3N8m9+ZkS02/6RW810VcMB8GA1UdIwQY
MBaAFBzs79nq2y1ShNcTuUtW06u8EOnlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE96djJlcmJMVktFMXhPNVMxYlRxN3dRNmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8xZWViYTgtNzM5OS00YmNhLTkzNDEt
Y2U4ODJhNTA1NGM2LzEvUUJwcWxXdmMzeWIzNW1STFRiX3BGYnpYUlZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8xZWViYTgtNzM5OS00YmNhLTkzNDEtY2U4ODJhNTA1NGM2
LzEvSE96djJlcmJMVktFMXhPNVMxYlRxN3dRNmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhKRQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAwLerCvbirnjB0svD+CGi9SIORL6YlIZRS1VJL
97GwLRxHV/thmlVqlxmhkbhwSGI1qYP6ot4SRVyo+nz8iZf/6ZRlGqU2PSyyihgk
YwZ0cvEMwV5JX0aKWiQ1V3PX3Pb9u66ksEaHAxdecI08FRv2VWqaJzbPatu8RKCf
hPckZCQ3TTlbrShfaUeyANAasaFtQ+cHc9ehEZDqi4VutWCzWHwSFuqJJCgmpvB4
jY0fqLBKT2QSWZJgWW2Dq1VxAJaFLkWt89LvxMKFd6kESJhi+se2gThMn8fRJ25r
nHbhJFOPSJkUOfd0Om+ZT5qQ2VCcvM7evgUbKdEIM4FAUbi2
-----END CERTIFICATE-----