Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/ya4I2oit5Ql7746tNVY3wVkI2Yw.roa
File:                     ya4I2oit5Ql7746tNVY3wVkI2Yw.roa (raw, json)
Hash identifier:          UoAK/lGdT/OZcG2WP0u+o0g9cgnW6nrpGjaN0M7ctZE=
Subject key identifier:   C9:AE:08:DA:88:AD:E5:09:7B:EF:8E:AD:35:56:37:C1:59:08:D9:8C
Certificate issuer:       /CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
Certificate serial:       01916C8A83AA4C07EAADFAB0E849273FCC48
Authority key identifier: 31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/ya4I2oit5Ql7746tNVY3wVkI2Yw.roa
Signing time:             Mon 19 Aug 2024 21:28:22 +0000
ROA not before:           Mon 19 Aug 2024 21:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30788
IP address blocks:        2a12:3740::/29 maxlen: 29
                          2a12:46c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Sep 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6c:8a:83:aa:4c:07:ea:ad:fa:b0:e8:49:27:3f:cc:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
        Validity
            Not Before: Aug 19 21:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9ae08da88ade5097bef8ead355637c15908d98c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b8:90:db:5a:75:fa:84:5f:19:c6:16:43:72:
                    84:95:70:11:ed:6d:6a:be:5b:cc:37:f6:12:8f:6b:
                    da:60:4d:73:15:2f:66:3a:6a:ac:e1:f3:e1:32:8c:
                    ea:ee:9c:44:88:8e:a4:da:20:8c:c6:13:a1:1c:ed:
                    c7:21:63:d0:74:2c:ab:27:cf:f0:18:ae:00:f3:74:
                    f5:b0:75:f3:a3:00:90:68:f7:38:e8:c5:11:40:d8:
                    ee:cb:4c:0a:09:d2:1b:2d:5e:3d:9d:10:01:49:cf:
                    34:46:fe:07:59:4d:a3:14:33:34:4a:85:f0:36:32:
                    20:cb:20:97:ba:db:75:10:e4:83:ee:6d:69:cd:27:
                    d1:8b:e5:2e:ff:88:8f:8e:d2:8c:72:d2:41:c2:c1:
                    70:64:fd:7f:74:11:7d:38:57:19:ba:1d:dc:6a:8d:
                    84:5e:36:47:f5:e8:54:9f:16:c7:9c:93:b8:64:78:
                    3d:95:30:fc:b2:28:24:ee:01:ce:4d:2e:5f:a5:20:
                    76:b7:ac:8a:c5:82:58:d5:b6:f2:f3:ec:b2:f3:ca:
                    80:c1:13:bd:b5:96:c1:81:b3:0b:2f:6f:5c:5f:ef:
                    45:6d:95:1c:6a:74:11:b3:0a:18:f4:d0:6d:c3:c5:
                    09:9c:7b:ea:5e:29:55:80:26:b0:dc:d4:a1:d6:01:
                    29:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:AE:08:DA:88:AD:E5:09:7B:EF:8E:AD:35:56:37:C1:59:08:D9:8C
            X509v3 Authority Key Identifier:
                keyid:31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/ya4I2oit5Ql7746tNVY3wVkI2Yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3740::/29
                  2a12:46c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:c7:02:72:ed:1d:72:da:78:92:5d:c8:39:c2:71:48:9d:af:
         06:92:87:a6:f4:0e:26:e9:4d:91:dd:8e:7c:b3:9f:53:aa:4e:
         b1:33:c7:fc:4b:f9:21:13:9f:4b:dd:13:72:f6:d9:f4:8e:4f:
         e8:16:fa:00:0c:6c:c4:1e:f0:75:b7:15:c6:93:c4:65:6e:3c:
         fc:64:6e:35:f3:64:af:25:a0:4d:55:f8:28:b9:0a:6b:2f:3b:
         4f:58:f2:1c:e8:12:d4:19:d2:45:b1:f4:08:d1:f3:9c:9b:85:
         9d:53:4d:26:b4:77:0b:46:b0:08:51:97:bc:41:e3:2c:20:17:
         fc:1e:37:62:78:61:55:60:62:13:1f:a0:8e:2a:79:98:89:4b:
         27:96:99:f3:1d:bd:90:26:b1:5d:85:cf:15:be:b5:60:d7:6d:
         30:dd:aa:48:7b:62:92:98:e8:b8:b4:40:ad:31:c5:52:48:00:
         e8:2d:17:b4:b6:fb:63:3d:aa:dd:6a:18:23:9b:50:fc:d4:c4:
         ec:da:7a:c4:cf:de:b0:bd:3f:47:f3:0c:54:5f:a2:38:0f:7d:
         a9:46:bb:b6:83:4b:29:48:df:cf:c2:20:bd:47:ec:42:25:42:
         f0:5b:0a:03:3b:fc:9d:6d:55:f1:46:77:f1:ef:54:df:ed:33:
         32:a1:6c:7f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZFsioOqTAfqrfqw6EknP8xIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMGIwNTI1MTM3ODk5NGNmYTgwODhkMjNiNmVlZWQ0ZTll
NmFiMDgwHhcNMjQwODE5MjEyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWFlMDhkYTg4YWRlNTA5N2JlZjhlYWQzNTU2MzdjMTU5MDhkOThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbiQ21p1+oRfGcYWQ3KElXAR7W1q
vlvMN/YSj2vaYE1zFS9mOmqs4fPhMozq7pxEiI6k2iCMxhOhHO3HIWPQdCyrJ8/w
GK4A83T1sHXzowCQaPc46MURQNjuy0wKCdIbLV49nRABSc80Rv4HWU2jFDM0SoXw
NjIgyyCXutt1EOSD7m1pzSfRi+Uu/4iPjtKMctJBwsFwZP1/dBF9OFcZuh3cao2E
XjZH9ehUnxbHnJO4ZHg9lTD8sigk7gHOTS5fpSB2t6yKxYJY1bby8+yy88qAwRO9
tZbBgbMLL29cX+9FbZUcanQRswoY9NBtw8UJnHvqXilVgCaw3NSh1gEptwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMmuCNqIreUJe++OrTVWN8FZCNmMMB8GA1UdIwQY
MBaAFDELBSUTeJlM+oCI0jtu7tTp5qsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEt
N2NmZGYyZGY2NjMyLzEveWE0STJvaXQ1UWw3NzQ2dE5WWTN3VmtJMll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEtN2NmZGYyZGY2NjMy
LzEvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhI3QAMF
AyoSRsAwDQYJKoZIhvcNAQELBQADggEBAKvHAnLtHXLaeJJdyDnCcUidrwaSh6b0
DibpTZHdjnyzn1OqTrEzx/xL+SETn0vdE3L22fSOT+gW+gAMbMQe8HW3FcaTxGVu
PPxkbjXzZK8loE1V+Ci5CmsvO09Y8hzoEtQZ0kWx9AjR85ybhZ1TTSa0dwtGsAhR
l7xB4ywgF/weN2J4YVVgYhMfoI4qeZiJSyeWmfMdvZAmsV2FzxW+tWDXbTDdqkh7
YpKY6Li0QK0xxVJIAOgtF7S2+2M9qt1qGCObUPzUxOzaesTP3rC9P0fzDFRfojgP
falGu7aDSylI38/CIL1H7EIlQvBbCgM7/J1tVfFGd/HvVN/tMzKhbH8=
-----END CERTIFICATE-----