Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/KEc2xuqUXfK6skp9bZzVvlyu4lI.roa
File:                     KEc2xuqUXfK6skp9bZzVvlyu4lI.roa (raw, json)
Hash identifier:          TQCYWjTA3yRTifr6iA2gnwXl+XLnBqvJroz5wVwsxhQ=
Subject key identifier:   28:47:36:C6:EA:94:5D:F2:BA:B2:4A:7D:6D:9C:D5:BE:5C:AE:E2:52
Certificate issuer:       /CN=53c35ca83fcdf71b244ed803ac468e1453d8268f
Certificate serial:       018CC8DF3020A71111BF0E074B62905575AB
Authority key identifier: 53:C3:5C:A8:3F:CD:F7:1B:24:4E:D8:03:AC:46:8E:14:53:D8:26:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/KEc2xuqUXfK6skp9bZzVvlyu4lI.roa
Signing time:             Tue 02 Jan 2024 06:31:59 +0000
ROA not before:           Tue 02 Jan 2024 06:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        2a12:e341::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:30:20:a7:11:11:bf:0e:07:4b:62:90:55:75:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c35ca83fcdf71b244ed803ac468e1453d8268f
        Validity
            Not Before: Jan  2 06:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=284736c6ea945df2bab24a7d6d9cd5be5caee252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ed:05:23:26:b8:ba:be:2c:2e:bf:d4:15:e5:
                    88:db:01:ca:41:ae:f4:aa:99:dd:d6:54:bc:c7:f3:
                    36:98:1c:a4:01:03:60:a9:96:47:ca:4e:fb:a9:d5:
                    cc:3e:9d:17:f6:d4:93:4e:f4:24:41:a8:3e:0d:fa:
                    8a:14:e5:75:34:2d:7a:34:37:77:a3:7d:03:62:d0:
                    e2:f8:7e:7f:8c:15:16:b5:fb:20:e3:6c:e4:c6:bc:
                    c9:d6:ec:c7:9c:6a:cc:2e:04:12:60:72:7e:bf:96:
                    e7:9b:00:d4:ad:fc:9c:88:5a:e1:27:e3:ab:c4:7a:
                    c3:fc:b8:3a:c3:0a:75:2d:87:10:36:27:80:2c:b2:
                    d6:96:9f:79:eb:69:08:6c:31:39:7f:15:07:82:ba:
                    ba:ea:83:ed:b2:00:b6:3b:7f:9f:b2:de:90:a6:06:
                    a7:eb:50:3e:12:6d:74:94:32:f7:35:64:6f:f4:14:
                    64:5a:4f:5e:9f:2a:85:40:7f:2f:c2:36:21:3e:c4:
                    4c:4c:1a:68:15:04:77:2c:72:36:06:09:13:9f:b9:
                    0b:3d:02:ec:94:41:9d:4a:00:63:ec:ba:53:7a:db:
                    44:11:55:a7:96:3d:57:c0:f3:25:d3:9e:46:79:37:
                    20:6e:d9:49:69:2b:4a:c6:80:3c:1d:56:96:fd:9f:
                    ba:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:47:36:C6:EA:94:5D:F2:BA:B2:4A:7D:6D:9C:D5:BE:5C:AE:E2:52
            X509v3 Authority Key Identifier:
                keyid:53:C3:5C:A8:3F:CD:F7:1B:24:4E:D8:03:AC:46:8E:14:53:D8:26:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/KEc2xuqUXfK6skp9bZzVvlyu4lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:e341::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:a8:27:24:59:a8:69:cc:e4:59:fe:4f:c4:68:d7:c0:0a:69:
         38:0c:45:5c:a0:8c:c8:cc:08:24:1e:fd:9f:29:95:2f:71:c8:
         24:86:28:e8:f7:c4:0d:d0:70:5b:a9:3d:69:1c:66:40:ec:cb:
         4f:91:9c:9e:e0:8b:4e:d5:5e:77:30:c6:39:74:7b:a9:07:b6:
         8a:bd:ba:bb:32:03:9b:84:bf:28:d7:7b:90:31:67:cf:b4:e8:
         f0:47:8b:f5:af:5f:fe:de:8b:0f:66:76:eb:6d:68:b6:fa:c0:
         fc:24:61:c8:1b:71:94:a8:5f:e8:f2:75:01:09:17:ef:8c:dd:
         44:b4:e2:5b:e3:9c:a9:ce:69:79:b2:0a:f7:69:4e:58:1c:15:
         67:dc:ac:b7:68:6e:2d:69:9f:8c:d7:e9:04:2b:22:9e:3f:cd:
         c5:01:7a:90:43:38:a4:b7:15:ec:70:7a:4b:5a:39:4b:d1:37:
         c9:1c:23:c2:7d:a1:53:1e:55:89:13:63:cd:4c:69:b5:84:73:
         e1:f7:2c:c9:3e:a4:52:e4:5b:00:9f:b3:e5:6e:2b:6c:07:35:
         48:bb:2e:2e:a8:0a:8d:e5:3e:f3:f6:5f:0e:4a:ab:7a:3e:bb:
         48:a0:e7:0e:42:9d:08:7b:68:52:d1:d0:9e:75:c9:31:e8:1c:
         d7:c8:a6:b1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3zAgpxERvw4HS2KQVXWrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzM1Y2E4M2ZjZGY3MWIyNDRlZDgwM2FjNDY4ZTE0NTNk
ODI2OGYwHhcNMjQwMTAyMDYzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODQ3MzZjNmVhOTQ1ZGYyYmFiMjRhN2Q2ZDljZDViZTVjYWVlMjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmu0FIya4ur4sLr/UFeWI2wHKQa70
qpnd1lS8x/M2mBykAQNgqZZHyk77qdXMPp0X9tSTTvQkQag+DfqKFOV1NC16NDd3
o30DYtDi+H5/jBUWtfsg42zkxrzJ1uzHnGrMLgQSYHJ+v5bnmwDUrfyciFrhJ+Or
xHrD/Lg6wwp1LYcQNieALLLWlp9562kIbDE5fxUHgrq66oPtsgC2O3+fst6Qpgan
61A+Em10lDL3NWRv9BRkWk9enyqFQH8vwjYhPsRMTBpoFQR3LHI2BgkTn7kLPQLs
lEGdSgBj7LpTettEEVWnlj1XwPMl055GeTcgbtlJaStKxoA8HVaW/Z+6MwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFChHNsbqlF3yurJKfW2c1b5cruJSMB8GA1UdIwQY
MBaAFFPDXKg/zfcbJE7YA6xGjhRT2CaPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThOY3FEX045eHNrVHRnRHJFYU9GRlBZSm84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9mZWYyZTAtYmEzNy00ODEyLTk1YWQt
NDExYTI3MTIxNjRkLzEvS0VjMnh1cVVYZks2c2twOWJaelZ2bHl1NGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9mZWYyZTAtYmEzNy00ODEyLTk1YWQtNDExYTI3MTIxNjRk
LzEvVThOY3FEX045eHNrVHRnRHJFYU9GRlBZSm84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhLjQTAN
BgkqhkiG9w0BAQsFAAOCAQEAh6gnJFmoaczkWf5PxGjXwAppOAxFXKCMyMwIJB79
nymVL3HIJIYo6PfEDdBwW6k9aRxmQOzLT5GcnuCLTtVedzDGOXR7qQe2ir26uzID
m4S/KNd7kDFnz7To8EeL9a9f/t6LD2Z2621otvrA/CRhyBtxlKhf6PJ1AQkX74zd
RLTiW+Ocqc5pebIK92lOWBwVZ9yst2huLWmfjNfpBCsinj/NxQF6kEM4pLcV7HB6
S1o5S9E3yRwjwn2hUx5ViRNjzUxptYRz4fcsyT6kUuRbAJ+z5W4rbAc1SLsuLqgK
jeU+8/ZfDkqrej67SKDnDkKdCHtoUtHQnnXJMegc18imsQ==
-----END CERTIFICATE-----