Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/jMo_zU9oPYD4-ORBa0HOxz6ElxQ.roa
File:                     jMo_zU9oPYD4-ORBa0HOxz6ElxQ.roa (raw, json)
Hash identifier:          B6xq/IGkR0N1YUdtA/OK7mLlIr8yn5LM2g8dHTL3gUI=
Subject key identifier:   8C:CA:3F:CD:4F:68:3D:80:F8:F8:E4:41:6B:41:CE:C7:3E:84:97:14
Certificate issuer:       /CN=53c35ca83fcdf71b244ed803ac468e1453d8268f
Certificate serial:       019421B24F5F03BF443B494C0B0C30319E83
Authority key identifier: 53:C3:5C:A8:3F:CD:F7:1B:24:4E:D8:03:AC:46:8E:14:53:D8:26:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/jMo_zU9oPYD4-ORBa0HOxz6ElxQ.roa
Signing time:             Wed 01 Jan 2025 11:48:41 +0000
ROA not before:           Wed 01 Jan 2025 11:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203647
IP address blocks:        2a12:e340::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4f:5f:03:bf:44:3b:49:4c:0b:0c:30:31:9e:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c35ca83fcdf71b244ed803ac468e1453d8268f
        Validity
            Not Before: Jan  1 11:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cca3fcd4f683d80f8f8e4416b41cec73e849714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:47:78:e6:c0:b8:a7:47:60:eb:26:bb:c2:86:
                    d5:f5:d9:27:80:b7:02:f6:c2:62:eb:17:3b:8a:c4:
                    5b:06:6c:5e:fa:dc:03:8c:1e:11:11:7b:71:80:83:
                    4f:d0:f2:89:0f:56:f8:6a:24:9a:50:04:07:86:d4:
                    7e:07:7b:77:ec:cc:fb:a3:ab:8e:d1:86:ff:e5:e0:
                    23:dd:fa:04:ef:4f:f7:14:d2:cf:8d:12:54:dc:b9:
                    b0:49:ba:e4:8d:36:80:6a:3f:7c:81:9c:31:f9:79:
                    37:0a:95:71:77:c6:76:bd:90:6e:db:3b:86:f9:42:
                    7d:fd:57:3f:8c:19:43:ed:ce:33:fd:f9:4a:01:9f:
                    37:19:7a:db:ac:1f:d2:6b:fe:62:32:bb:c5:62:c5:
                    61:bf:0c:4d:08:44:30:3a:89:ac:08:99:b6:be:45:
                    23:1b:41:67:37:1e:c7:86:e8:87:f5:cb:f1:76:8f:
                    89:bb:3f:0c:f6:1b:66:34:5e:1b:cf:2d:73:aa:10:
                    22:fb:9b:55:a4:a5:f0:20:d7:7c:f7:51:0d:b9:f6:
                    1f:41:03:bc:4a:43:aa:90:f5:fa:95:9c:da:bf:7e:
                    bd:9e:4b:27:bd:0b:0d:ac:e3:a7:f7:a3:54:69:38:
                    a7:10:ee:db:b6:88:c6:f3:64:3c:6a:d3:a5:45:37:
                    bc:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:CA:3F:CD:4F:68:3D:80:F8:F8:E4:41:6B:41:CE:C7:3E:84:97:14
            X509v3 Authority Key Identifier:
                keyid:53:C3:5C:A8:3F:CD:F7:1B:24:4E:D8:03:AC:46:8E:14:53:D8:26:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/jMo_zU9oPYD4-ORBa0HOxz6ElxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:e340::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:5b:d2:10:ef:a9:6a:1e:4f:5c:43:22:77:70:c3:21:09:5a:
         f1:cb:9e:a1:d5:a7:5a:cf:33:e3:d3:52:eb:7d:30:0b:a7:dc:
         22:00:84:59:49:8f:42:99:9a:90:d9:85:8b:5c:65:f8:89:a7:
         33:2d:d3:d4:c7:cb:c9:d3:36:4c:c2:9d:33:7f:25:f0:2e:30:
         25:07:0a:9d:69:de:dc:52:d7:b1:d2:27:18:aa:59:74:7e:01:
         40:49:61:32:bd:0e:63:d5:d6:f1:8a:82:f8:d8:ad:c3:6c:5c:
         6d:94:a8:d3:7a:cc:8f:e2:6e:9d:13:68:be:31:74:8c:a0:82:
         f5:96:d4:4b:c7:8a:94:ad:f8:ec:e3:a2:64:04:84:ca:10:94:
         0e:85:e2:05:63:93:91:8d:66:8a:36:48:4f:24:c8:6e:ed:06:
         56:53:35:6f:da:9a:5c:8b:44:80:49:dd:7d:39:3b:60:cf:0b:
         53:54:32:38:5f:02:33:f3:7a:cc:59:a1:96:65:c9:98:46:cf:
         af:d6:8a:72:59:00:2f:51:4a:6b:82:51:a4:32:57:82:eb:6c:
         f1:fd:ef:79:fb:6b:70:82:44:aa:9e:8c:1d:1f:f6:28:ba:7a:
         f5:bd:12:45:f7:6e:78:8e:fb:27:b2:4d:c2:a2:2b:fc:eb:73:
         60:cf:ce:24
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhsk9fA79EO0lMCwwwMZ6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzM1Y2E4M2ZjZGY3MWIyNDRlZDgwM2FjNDY4ZTE0NTNk
ODI2OGYwHhcNMjUwMTAxMTE0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2NhM2ZjZDRmNjgzZDgwZjhmOGU0NDE2YjQxY2VjNzNlODQ5NzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0d45sC4p0dg6ya7wobV9dkngLcC
9sJi6xc7isRbBmxe+twDjB4REXtxgINP0PKJD1b4aiSaUAQHhtR+B3t37Mz7o6uO
0Yb/5eAj3foE70/3FNLPjRJU3LmwSbrkjTaAaj98gZwx+Xk3CpVxd8Z2vZBu2zuG
+UJ9/Vc/jBlD7c4z/flKAZ83GXrbrB/Sa/5iMrvFYsVhvwxNCEQwOomsCJm2vkUj
G0FnNx7HhuiH9cvxdo+Juz8M9htmNF4bzy1zqhAi+5tVpKXwINd891ENufYfQQO8
SkOqkPX6lZzav369nksnvQsNrOOn96NUaTinEO7btojG82Q8atOlRTe8ywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIzKP81PaD2A+PjkQWtBzsc+hJcUMB8GA1UdIwQY
MBaAFFPDXKg/zfcbJE7YA6xGjhRT2CaPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThOY3FEX045eHNrVHRnRHJFYU9GRlBZSm84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9mZWYyZTAtYmEzNy00ODEyLTk1YWQt
NDExYTI3MTIxNjRkLzEvak1vX3pVOW9QWUQ0LU9SQmEwSE94ejZFbHhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9mZWYyZTAtYmEzNy00ODEyLTk1YWQtNDExYTI3MTIxNjRk
LzEvVThOY3FEX045eHNrVHRnRHJFYU9GRlBZSm84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhLjQDAN
BgkqhkiG9w0BAQsFAAOCAQEAFlvSEO+pah5PXEMid3DDIQla8cueodWnWs8z49NS
630wC6fcIgCEWUmPQpmakNmFi1xl+ImnMy3T1MfLydM2TMKdM38l8C4wJQcKnWne
3FLXsdInGKpZdH4BQElhMr0OY9XW8YqC+Nitw2xcbZSo03rMj+JunRNovjF0jKCC
9ZbUS8eKlK347OOiZASEyhCUDoXiBWOTkY1mijZITyTIbu0GVlM1b9qaXItEgEnd
fTk7YM8LU1QyOF8CM/N6zFmhlmXJmEbPr9aKclkAL1FKa4JRpDJXguts8f3veftr
cIJEqp6MHR/2KLp69b0SRfdueI77J7JNwqIr/OtzYM/OJA==
-----END CERTIFICATE-----