Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/Yj4cx2MU-1NPjYSOEmwmI9bvguc.roa
File:                     Yj4cx2MU-1NPjYSOEmwmI9bvguc.roa (raw, json)
Hash identifier:          6ypBLrwgz3ycyNt5AhOmLHLfJ0QJLbuWZZtSCJONAeg=
Subject key identifier:   62:3E:1C:C7:63:14:FB:53:4F:8D:84:8E:12:6C:26:23:D6:EF:82:E7
Certificate issuer:       /CN=334f9f83d2d74c0c0fd00da735578f737dd7da03
Certificate serial:       019254F0A132640B0608D758F4FE59B8F4F5
Authority key identifier: 33:4F:9F:83:D2:D7:4C:0C:0F:D0:0D:A7:35:57:8F:73:7D:D7:DA:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M0-fg9LXTAwP0A2nNVePc33X2gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/Yj4cx2MU-1NPjYSOEmwmI9bvguc.roa
Signing time:             Fri 04 Oct 2024 00:31:48 +0000
ROA not before:           Fri 04 Oct 2024 00:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208685
IP address blocks:        2a12:5343:1::/48 maxlen: 48
                          2a12:5343:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/M0-fg9LXTAwP0A2nNVePc33X2gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/M0-fg9LXTAwP0A2nNVePc33X2gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M0-fg9LXTAwP0A2nNVePc33X2gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:54:f0:a1:32:64:0b:06:08:d7:58:f4:fe:59:b8:f4:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=334f9f83d2d74c0c0fd00da735578f737dd7da03
        Validity
            Not Before: Oct  4 00:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=623e1cc76314fb534f8d848e126c2623d6ef82e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f8:54:58:95:eb:75:fa:2b:cb:c0:c7:d0:f2:
                    00:6c:65:ab:f4:5d:fa:65:87:f0:7c:a0:1a:c1:2c:
                    3e:c6:c8:e7:dc:00:13:75:2c:8d:99:1b:f3:70:8a:
                    cc:2f:3b:82:1b:71:21:62:b7:5a:5a:37:ee:14:f0:
                    bc:c8:e1:71:78:7b:0c:cb:79:9b:bf:84:81:15:57:
                    2d:66:9c:ed:94:2c:64:96:18:44:00:b4:ef:e6:df:
                    e3:02:aa:e3:40:b9:c1:71:fd:af:e5:94:1a:b4:74:
                    2b:ff:8c:a4:5f:9c:da:f1:98:0c:5b:22:88:47:48:
                    03:f1:99:a3:0d:ed:2c:cd:3f:7b:6e:aa:3d:55:88:
                    8b:88:c3:1b:f6:40:2a:53:58:52:23:43:46:59:88:
                    83:6f:53:4c:bb:e1:c3:aa:a0:e6:3d:27:4e:eb:4e:
                    6e:17:6f:2c:88:0f:80:e7:cb:14:a8:60:79:06:7e:
                    19:44:22:d6:b1:ef:37:8c:15:b9:57:ca:1b:e1:03:
                    9b:42:89:ca:ea:c2:e6:55:3d:db:ee:95:91:ba:be:
                    34:a6:30:c4:fd:b8:19:d3:88:df:7b:66:42:76:05:
                    0b:2f:d0:a6:b3:e7:e1:42:3f:7e:df:41:f9:27:14:
                    6c:3a:87:88:f6:51:e4:86:c4:68:66:26:6d:4f:e3:
                    a6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:3E:1C:C7:63:14:FB:53:4F:8D:84:8E:12:6C:26:23:D6:EF:82:E7
            X509v3 Authority Key Identifier:
                keyid:33:4F:9F:83:D2:D7:4C:0C:0F:D0:0D:A7:35:57:8F:73:7D:D7:DA:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M0-fg9LXTAwP0A2nNVePc33X2gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/Yj4cx2MU-1NPjYSOEmwmI9bvguc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/M0-fg9LXTAwP0A2nNVePc33X2gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5343:1::-2a12:5343:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         5b:4d:33:1b:37:2b:af:82:dd:86:c6:58:aa:e4:00:60:34:88:
         1e:68:47:dc:2c:52:c5:e1:26:00:fd:b2:29:16:7d:20:3a:6e:
         87:60:7d:5a:cc:7d:b2:c7:3d:a1:af:02:44:0c:0b:bb:e7:d5:
         dd:c4:3d:19:b7:53:05:38:7d:1b:61:9a:2e:05:e8:02:c1:7b:
         73:a2:06:d1:65:c4:ab:bc:20:fe:28:cc:96:7f:a1:d7:f1:6b:
         76:bb:d1:5d:6a:6f:17:18:a0:3d:c7:f3:f2:2b:27:3a:0e:43:
         96:bc:ff:f3:67:21:67:af:0a:0a:bd:77:d1:51:77:59:f2:fa:
         7a:97:10:8b:b9:f5:ff:74:87:bd:c9:d1:11:d1:1d:32:04:6e:
         cc:3f:92:70:9a:2c:f0:b7:b9:c4:ef:c9:d6:86:e8:36:8e:9b:
         d0:9b:84:dd:aa:92:66:8d:66:32:40:af:e0:d0:52:bd:2b:11:
         6d:28:ea:2d:ba:71:93:20:8b:b6:ec:36:c7:97:34:1e:27:6f:
         a7:47:46:38:a9:5e:0d:e5:90:99:16:11:22:0e:bf:ed:eb:e3:
         0a:46:bd:08:a4:f2:3e:91:01:ec:92:c9:a6:d5:e4:73:87:32:
         df:d1:80:45:e4:32:ce:f0:8d:58:d9:c9:a0:5d:6a:9e:85:bf:
         be:06:c0:f3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZJU8KEyZAsGCNdY9P5ZuPT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNGY5ZjgzZDJkNzRjMGMwZmQwMGRhNzM1NTc4ZjczN2Rk
N2RhMDMwHhcNMjQxMDA0MDAzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjNlMWNjNzYzMTRmYjUzNGY4ZDg0OGUxMjZjMjYyM2Q2ZWY4MmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvhUWJXrdfory8DH0PIAbGWr9F36
ZYfwfKAawSw+xsjn3AATdSyNmRvzcIrMLzuCG3EhYrdaWjfuFPC8yOFxeHsMy3mb
v4SBFVctZpztlCxklhhEALTv5t/jAqrjQLnBcf2v5ZQatHQr/4ykX5za8ZgMWyKI
R0gD8ZmjDe0szT97bqo9VYiLiMMb9kAqU1hSI0NGWYiDb1NMu+HDqqDmPSdO605u
F28siA+A58sUqGB5Bn4ZRCLWse83jBW5V8ob4QObQonK6sLmVT3b7pWRur40pjDE
/bgZ04jfe2ZCdgULL9Cms+fhQj9+30H5JxRsOoeI9lHkhsRoZiZtT+OmGQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGI+HMdjFPtTT42EjhJsJiPW74LnMB8GA1UdIwQY
MBaAFDNPn4PS10wMD9ANpzVXj3N919oDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTAtZmc5TFhUQXdQMEEybk5WZVBjMzNYMmdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85YzVmMDYtNTlhNy00NTg4LWFjMjgt
ZWZkMjBmNmMyZWMzLzEvWWo0Y3gyTVUtMU5QallTT0Vtd21JOWJ2Z3VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85YzVmMDYtNTlhNy00NTg4LWFjMjgtZWZkMjBmNmMyZWMz
LzEvTTAtZmc5TFhUQXdQMEEybk5WZVBjMzNYMmdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqElND
AAEDBwAqElNDAAIwDQYJKoZIhvcNAQELBQADggEBAFtNMxs3K6+C3YbGWKrkAGA0
iB5oR9wsUsXhJgD9sikWfSA6bodgfVrMfbLHPaGvAkQMC7vn1d3EPRm3UwU4fRth
mi4F6ALBe3OiBtFlxKu8IP4ozJZ/odfxa3a70V1qbxcYoD3H8/IrJzoOQ5a8//Nn
IWevCgq9d9FRd1ny+nqXEIu59f90h73J0RHRHTIEbsw/knCaLPC3ucTvydaG6DaO
m9CbhN2qkmaNZjJAr+DQUr0rEW0o6i26cZMgi7bsNseXNB4nb6dHRjipXg3lkJkW
ESIOv+3r4wpGvQik8j6RAeySyabV5HOHMt/RgEXkMs7wjVjZyaBdap6Fv74GwPM=
-----END CERTIFICATE-----