Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/0301d4-4805-405c-a6e0-a42e1f1f4798/1/nxOt0xkNSt9v0qTkLyAPqs9uGVk.roa
File:                     nxOt0xkNSt9v0qTkLyAPqs9uGVk.roa (raw, json)
Hash identifier:          yI7C7IM5KVS250xTqUpI5kH1Z9T0wf9vBuCJWDd68Rw=
Subject key identifier:   9F:13:AD:D3:19:0D:4A:DF:6F:D2:A4:E4:2F:20:0F:AA:CF:6E:19:59
Certificate issuer:       /CN=a9b5ffd24d2eb5d5c1e1cfe78b003c4bab5a2f13
Certificate serial:       01926C42383FCDED2628D20E7FD3E1B29CE3
Authority key identifier: A9:B5:FF:D2:4D:2E:B5:D5:C1:E1:CF:E7:8B:00:3C:4B:AB:5A:2F:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qbX_0k0utdXB4c_niwA8S6taLxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/0301d4-4805-405c-a6e0-a42e1f1f4798/1/nxOt0xkNSt9v0qTkLyAPqs9uGVk.roa
Signing time:             Tue 08 Oct 2024 13:12:11 +0000
ROA not before:           Tue 08 Oct 2024 13:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50907
IP address blocks:        2a12:bc0:5::/48 maxlen: 48
                          2a12:bc0:6::/48 maxlen: 48
                          2a12:bc0:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/0301d4-4805-405c-a6e0-a42e1f1f4798/1/qbX_0k0utdXB4c_niwA8S6taLxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/0301d4-4805-405c-a6e0-a42e1f1f4798/1/qbX_0k0utdXB4c_niwA8S6taLxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qbX_0k0utdXB4c_niwA8S6taLxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6c:42:38:3f:cd:ed:26:28:d2:0e:7f:d3:e1:b2:9c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9b5ffd24d2eb5d5c1e1cfe78b003c4bab5a2f13
        Validity
            Not Before: Oct  8 13:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f13add3190d4adf6fd2a4e42f200faacf6e1959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:47:a7:67:ae:6e:e4:c3:a4:3c:23:74:2a:23:
                    e1:04:cf:9a:a3:cd:95:67:8f:61:dd:e3:fd:c6:6d:
                    b4:0f:25:08:8b:07:f3:23:e1:eb:3c:d6:0a:f5:97:
                    ad:c8:9b:b5:ec:20:67:ca:84:7b:13:df:f5:1c:94:
                    11:4f:8d:0b:f0:91:8e:5c:19:05:af:21:e5:37:a4:
                    1e:98:8f:d5:2a:cd:e4:7d:e8:9f:95:d7:5e:23:0d:
                    cf:c7:ee:91:13:f9:a0:7d:8f:85:89:2c:bc:8e:5f:
                    89:50:31:f8:76:b1:db:df:03:9f:3a:e3:fd:0f:ef:
                    11:95:54:fa:ec:99:0c:67:68:cf:17:35:d6:15:a1:
                    3c:d0:0a:43:1d:ad:d5:7b:8e:f8:16:d3:9b:8c:16:
                    ef:d2:e8:f9:d3:b9:c8:3a:03:0c:b9:54:68:f1:61:
                    e3:9d:d6:e5:7b:7f:9d:96:b6:b7:d0:64:8f:6e:bc:
                    76:4b:fc:1d:e1:ec:09:81:e9:e0:4b:c3:17:1c:46:
                    9d:e6:23:ac:ff:e6:f3:cb:d9:3b:18:b8:c8:39:88:
                    a5:26:09:32:3c:c2:fd:d5:0d:2e:9e:0a:fc:9d:04:
                    c6:7c:df:40:4f:0b:1f:d8:ef:42:f1:1d:49:dc:6d:
                    b2:c2:bb:27:d9:72:7b:a4:ba:8c:a2:2f:0b:fc:ce:
                    af:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:13:AD:D3:19:0D:4A:DF:6F:D2:A4:E4:2F:20:0F:AA:CF:6E:19:59
            X509v3 Authority Key Identifier:
                keyid:A9:B5:FF:D2:4D:2E:B5:D5:C1:E1:CF:E7:8B:00:3C:4B:AB:5A:2F:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbX_0k0utdXB4c_niwA8S6taLxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/0301d4-4805-405c-a6e0-a42e1f1f4798/1/nxOt0xkNSt9v0qTkLyAPqs9uGVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/0301d4-4805-405c-a6e0-a42e1f1f4798/1/qbX_0k0utdXB4c_niwA8S6taLxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bc0:5::-2a12:bc0:7:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         50:4c:30:76:ee:5e:37:16:a1:b7:e7:ca:a9:1c:c9:12:56:08:
         04:20:8f:63:a1:af:e5:14:13:c7:e9:4e:92:45:22:4b:0e:ba:
         48:33:1a:00:af:c2:1a:1f:1a:91:05:32:ad:c5:3b:ce:77:b8:
         b4:cc:78:ec:55:97:4b:47:06:5e:08:f8:ad:e0:58:41:57:d1:
         93:b1:7b:6f:45:74:e4:27:19:55:a2:6a:aa:f0:56:54:68:f6:
         cd:70:a6:61:79:04:3a:c5:d4:60:03:0e:b1:1b:2c:48:41:7a:
         61:9c:53:59:83:96:a2:b7:41:e9:ea:0b:4d:b4:4f:7a:55:22:
         e4:12:a6:99:64:51:b9:66:96:a8:48:dd:7b:d1:aa:f3:dd:ae:
         d2:22:b4:a0:ec:7d:3b:a8:ae:b8:98:57:c0:58:3d:98:c1:0a:
         b6:f9:8c:ac:80:88:be:60:19:ce:48:84:a4:46:98:d5:67:37:
         6e:5a:16:cf:01:54:26:09:36:cb:07:d8:01:b4:18:5c:b8:3d:
         8b:85:62:26:02:8f:c7:aa:5a:60:e2:33:16:1f:d2:da:67:35:
         9b:d1:96:f3:5a:7a:f1:ce:3d:32:63:f9:a3:15:6b:ad:9d:16:
         ea:d4:ed:af:e2:60:91:9a:89:eb:0c:c3:44:e0:83:a3:9c:02:
         ca:57:d4:1d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZJsQjg/ze0mKNIOf9PhspzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YjVmZmQyNGQyZWI1ZDVjMWUxY2ZlNzhiMDAzYzRiYWI1
YTJmMTMwHhcNMjQxMDA4MTMxMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjEzYWRkMzE5MGQ0YWRmNmZkMmE0ZTQyZjIwMGZhYWNmNmUxOTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0enZ65u5MOkPCN0KiPhBM+ao82V
Z49h3eP9xm20DyUIiwfzI+HrPNYK9ZetyJu17CBnyoR7E9/1HJQRT40L8JGOXBkF
ryHlN6QemI/VKs3kfeiflddeIw3Px+6RE/mgfY+FiSy8jl+JUDH4drHb3wOfOuP9
D+8RlVT67JkMZ2jPFzXWFaE80ApDHa3Ve474FtObjBbv0uj507nIOgMMuVRo8WHj
ndble3+dlra30GSPbrx2S/wd4ewJgengS8MXHEad5iOs/+bzy9k7GLjIOYilJgky
PML91Q0ungr8nQTGfN9ATwsf2O9C8R1J3G2ywrsn2XJ7pLqMoi8L/M6vswIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJ8TrdMZDUrfb9Kk5C8gD6rPbhlZMB8GA1UdIwQY
MBaAFKm1/9JNLrXVweHP54sAPEurWi8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJYXzBrMHV0ZFhCNGNfbml3QThTNnRhTHhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8wMzAxZDQtNDgwNS00MDVjLWE2ZTAt
YTQyZTFmMWY0Nzk4LzEvbnhPdDB4a05TdDl2MHFUa0x5QVBxczl1R1ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8wMzAxZDQtNDgwNS00MDVjLWE2ZTAtYTQyZTFmMWY0Nzk4
LzEvcWJYXzBrMHV0ZFhCNGNfbml3QThTNnRhTHhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqEgvA
AAUDBwMqEgvAAAAwDQYJKoZIhvcNAQELBQADggEBAFBMMHbuXjcWobfnyqkcyRJW
CAQgj2Ohr+UUE8fpTpJFIksOukgzGgCvwhofGpEFMq3FO853uLTMeOxVl0tHBl4I
+K3gWEFX0ZOxe29FdOQnGVWiaqrwVlRo9s1wpmF5BDrF1GADDrEbLEhBemGcU1mD
lqK3QenqC020T3pVIuQSpplkUblmlqhI3XvRqvPdrtIitKDsfTuorriYV8BYPZjB
Crb5jKyAiL5gGc5IhKRGmNVnN25aFs8BVCYJNssH2AG0GFy4PYuFYiYCj8eqWmDi
MxYf0tpnNZvRlvNaevHOPTJj+aMVa62dFurU7a/iYJGaiesMw0Tgg6OcAspX1B0=
-----END CERTIFICATE-----