Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/00c3x0XcacqEJub_lSBunjx1rFQ.roa
File:                     00c3x0XcacqEJub_lSBunjx1rFQ.roa (raw, json)
Hash identifier:          cIESwl8qhg0xbmFzW/qeKrcmNJbwPfzfFbmCCRhJHwI=
Subject key identifier:   D3:47:37:C7:45:DC:69:CA:84:26:E6:FF:95:20:6E:9E:3C:75:AC:54
Certificate issuer:       /CN=334f9f83d2d74c0c0fd00da735578f737dd7da03
Certificate serial:       019254F0A07E709F59E9FB5A85DF2C13DC70
Authority key identifier: 33:4F:9F:83:D2:D7:4C:0C:0F:D0:0D:A7:35:57:8F:73:7D:D7:DA:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M0-fg9LXTAwP0A2nNVePc33X2gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/00c3x0XcacqEJub_lSBunjx1rFQ.roa
Signing time:             Fri 04 Oct 2024 00:31:48 +0000
ROA not before:           Fri 04 Oct 2024 00:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201949
IP address blocks:        2a12:5343:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/M0-fg9LXTAwP0A2nNVePc33X2gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/M0-fg9LXTAwP0A2nNVePc33X2gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M0-fg9LXTAwP0A2nNVePc33X2gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:54:f0:a0:7e:70:9f:59:e9:fb:5a:85:df:2c:13:dc:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=334f9f83d2d74c0c0fd00da735578f737dd7da03
        Validity
            Not Before: Oct  4 00:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d34737c745dc69ca8426e6ff95206e9e3c75ac54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6a:64:d4:42:29:df:45:1b:7a:7c:e8:f3:bb:
                    bc:e8:5b:2b:09:70:93:07:06:57:7c:12:de:b4:7e:
                    25:a3:90:56:2b:7b:fb:40:24:9f:63:b1:74:5f:5c:
                    6b:02:08:01:77:e3:1a:e3:72:74:a1:7b:32:30:82:
                    42:d7:1d:d7:f8:29:35:a1:a3:d5:9b:43:0d:c5:14:
                    a8:f3:e6:49:ba:76:6d:74:36:dc:5f:ea:3e:fe:68:
                    c3:f8:ce:1f:f5:0b:75:ac:f2:a2:38:d2:23:58:f4:
                    a5:b5:bb:26:65:1f:8f:7c:f7:8e:f8:7d:21:17:2e:
                    ac:0b:af:78:28:21:46:76:be:b3:c4:87:06:ad:4c:
                    f6:88:7f:e4:8c:a6:21:bd:f5:78:24:ad:d3:08:f5:
                    66:e3:64:f6:ce:18:18:49:44:0e:a3:5a:45:46:10:
                    72:01:74:93:0d:5c:09:f5:78:17:a8:a9:21:22:13:
                    0b:bc:60:85:2f:2d:90:20:3f:11:41:ce:71:48:d7:
                    9b:6d:e5:41:10:b3:ab:23:7f:44:ce:0d:c2:ab:ce:
                    25:c4:5e:40:fa:03:ba:dc:5d:21:a7:ec:35:85:94:
                    34:f2:9c:1f:a2:99:78:54:3b:0d:c6:e8:fc:02:55:
                    1f:f0:d5:ac:67:27:0f:d9:30:4c:ec:3e:92:b9:fc:
                    fd:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:47:37:C7:45:DC:69:CA:84:26:E6:FF:95:20:6E:9E:3C:75:AC:54
            X509v3 Authority Key Identifier:
                keyid:33:4F:9F:83:D2:D7:4C:0C:0F:D0:0D:A7:35:57:8F:73:7D:D7:DA:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M0-fg9LXTAwP0A2nNVePc33X2gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/00c3x0XcacqEJub_lSBunjx1rFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/M0-fg9LXTAwP0A2nNVePc33X2gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5343:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:0f:86:bd:82:a6:4c:a5:d1:1d:16:6b:63:d1:97:84:3e:bf:
         63:01:24:cd:f5:6b:51:7e:09:fb:cb:16:9b:19:76:55:21:70:
         fb:29:5b:10:a7:e2:b6:4c:6a:44:bf:8e:a4:b1:f2:2b:7a:c1:
         9b:90:3e:40:3f:15:4a:12:14:76:26:c7:b9:4c:29:57:12:e6:
         64:6e:33:4a:5f:e7:ae:59:e7:ff:eb:d6:bc:ad:19:51:74:09:
         54:7b:2a:ef:02:d7:96:bf:04:34:18:92:1e:17:7f:c7:e6:85:
         32:f9:00:88:6e:d0:e3:41:12:f4:5b:36:ab:62:14:42:43:9e:
         b1:5f:dd:99:d7:2f:64:a9:b9:44:8b:93:4c:d4:e3:70:32:cd:
         cf:24:92:11:da:e5:1d:f3:03:15:26:f4:fb:ac:a4:3d:29:ac:
         3a:5d:05:9f:a2:9b:ce:e8:8b:38:e3:ae:e8:28:b1:2d:3f:b2:
         08:3d:c1:ff:8d:b7:a8:4f:fd:2a:91:b5:33:9d:c2:dc:2e:9c:
         2c:55:d0:c7:b2:19:42:b7:78:5e:77:90:48:eb:4d:58:c6:2f:
         e4:71:6d:fc:62:1a:ac:48:a6:f2:9c:41:f3:7f:27:5d:27:59:
         66:c7:29:43:44:b3:33:e6:78:4f:88:fe:7a:ff:24:54:38:37:
         f0:a4:12:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJU8KB+cJ9Z6ftahd8sE9xwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNGY5ZjgzZDJkNzRjMGMwZmQwMGRhNzM1NTc4ZjczN2Rk
N2RhMDMwHhcNMjQxMDA0MDAzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzQ3MzdjNzQ1ZGM2OWNhODQyNmU2ZmY5NTIwNmU5ZTNjNzVhYzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Wpk1EIp30Ubenzo87u86FsrCXCT
BwZXfBLetH4lo5BWK3v7QCSfY7F0X1xrAggBd+Ma43J0oXsyMIJC1x3X+Ck1oaPV
m0MNxRSo8+ZJunZtdDbcX+o+/mjD+M4f9Qt1rPKiONIjWPSltbsmZR+PfPeO+H0h
Fy6sC694KCFGdr6zxIcGrUz2iH/kjKYhvfV4JK3TCPVm42T2zhgYSUQOo1pFRhBy
AXSTDVwJ9XgXqKkhIhMLvGCFLy2QID8RQc5xSNebbeVBELOrI39Ezg3Cq84lxF5A
+gO63F0hp+w1hZQ08pwfopl4VDsNxuj8AlUf8NWsZycP2TBM7D6Sufz9FwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNNHN8dF3GnKhCbm/5Ugbp48daxUMB8GA1UdIwQY
MBaAFDNPn4PS10wMD9ANpzVXj3N919oDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTAtZmc5TFhUQXdQMEEybk5WZVBjMzNYMmdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85YzVmMDYtNTlhNy00NTg4LWFjMjgt
ZWZkMjBmNmMyZWMzLzEvMDBjM3gwWGNhY3FFSnViX2xTQnVuangxckZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85YzVmMDYtNTlhNy00NTg4LWFjMjgtZWZkMjBmNmMyZWMz
LzEvTTAtZmc5TFhUQXdQMEEybk5WZVBjMzNYMmdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhJTQwAG
MA0GCSqGSIb3DQEBCwUAA4IBAQB8D4a9gqZMpdEdFmtj0ZeEPr9jASTN9WtRfgn7
yxabGXZVIXD7KVsQp+K2TGpEv46ksfIresGbkD5APxVKEhR2Jse5TClXEuZkbjNK
X+euWef/69a8rRlRdAlUeyrvAteWvwQ0GJIeF3/H5oUy+QCIbtDjQRL0WzarYhRC
Q56xX92Z1y9kqblEi5NM1ONwMs3PJJIR2uUd8wMVJvT7rKQ9Kaw6XQWfopvO6Is4
467oKLEtP7IIPcH/jbeoT/0qkbUzncLcLpwsVdDHshlCt3hed5BI601Yxi/kcW38
YhqsSKbynEHzfyddJ1lmxylDRLMz5nhPiP56/yRUODfwpBKW
-----END CERTIFICATE-----