Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/zS0L2isHzcXY6TN942Iq7hF3AkM.roa
File:                     zS0L2isHzcXY6TN942Iq7hF3AkM.roa (raw, json)
Hash identifier:          NpJXKVyvgDcgkL0XiTufe40tW+ty2kXLCZSI5E8I8/k=
Subject key identifier:   CD:2D:0B:DA:2B:07:CD:C5:D8:E9:33:7D:E3:62:2A:EE:11:77:02:43
Certificate issuer:       /CN=5fc90518df70b13d706bfe237aa5a76926a576d1
Certificate serial:       0191746E51205CFD8B41926B7596D782648C
Authority key identifier: 5F:C9:05:18:DF:70:B1:3D:70:6B:FE:23:7A:A5:A7:69:26:A5:76:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/zS0L2isHzcXY6TN942Iq7hF3AkM.roa
Signing time:             Wed 21 Aug 2024 10:14:32 +0000
ROA not before:           Wed 21 Aug 2024 10:14:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215707
IP address blocks:        2a12:4046::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:74:6e:51:20:5c:fd:8b:41:92:6b:75:96:d7:82:64:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc90518df70b13d706bfe237aa5a76926a576d1
        Validity
            Not Before: Aug 21 10:14:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd2d0bda2b07cdc5d8e9337de3622aee11770243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:26:5f:27:1c:b6:3d:ee:19:41:93:87:a2:5a:
                    14:64:44:e2:3b:0c:97:43:d0:3d:69:ce:f4:8a:99:
                    ed:2b:65:41:fb:5b:61:70:21:b3:fb:c6:1f:23:ad:
                    28:2a:f7:14:16:c4:18:c3:37:56:b2:d1:fe:b9:25:
                    6f:30:63:7b:db:1a:2a:b4:7b:66:1e:20:61:24:60:
                    8c:28:07:77:7a:4f:b7:0c:d8:55:17:78:3d:96:c4:
                    6c:d9:0e:87:8d:fb:47:fb:aa:59:04:51:de:37:fa:
                    f5:6b:be:3b:19:89:5e:fe:52:cd:b4:aa:a7:d3:71:
                    a7:6d:57:2c:8c:e9:bb:fe:03:a6:94:62:04:28:9b:
                    00:d0:09:dd:61:67:cd:7c:98:2f:d1:4d:e0:6e:d8:
                    70:57:78:94:8c:90:a3:55:f8:41:e9:6c:80:c1:ca:
                    51:96:f5:87:94:93:38:e1:30:65:4a:0f:da:58:e8:
                    a9:7b:92:2e:f5:9c:20:26:52:c4:1e:72:77:d2:55:
                    b9:42:b5:fa:0f:bf:e2:e1:fb:72:5e:11:82:16:62:
                    1b:30:c2:fb:8b:e3:19:26:d5:d4:77:4a:96:de:d7:
                    24:c2:6c:2c:b3:87:90:af:94:6a:3f:b6:2d:12:5a:
                    01:3d:6e:54:43:d5:e5:bf:06:54:a6:bf:1b:a7:cf:
                    e8:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:2D:0B:DA:2B:07:CD:C5:D8:E9:33:7D:E3:62:2A:EE:11:77:02:43
            X509v3 Authority Key Identifier:
                keyid:5F:C9:05:18:DF:70:B1:3D:70:6B:FE:23:7A:A5:A7:69:26:A5:76:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/zS0L2isHzcXY6TN942Iq7hF3AkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4046::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:cf:57:0c:e5:90:32:93:fc:8e:6e:18:38:a4:cf:97:2e:76:
         87:62:4e:4b:db:20:b4:af:6e:12:56:58:c2:1d:97:7d:2c:d9:
         11:31:63:9c:24:39:36:e7:b0:29:9a:14:cb:08:00:21:e3:3c:
         c4:a4:6c:90:69:67:6b:f5:5a:1a:f8:ef:16:c1:ec:d1:cb:a6:
         88:d5:f2:27:ed:39:c1:97:7b:93:d7:e6:cc:ef:03:11:ea:e9:
         cb:89:61:8a:ac:e1:c6:1b:48:b0:c9:cd:c5:b3:1c:c8:50:ef:
         25:ee:57:cf:1b:87:ae:26:4c:a9:4f:d4:75:38:17:20:53:a2:
         25:48:62:6e:34:66:81:58:58:1f:7c:ab:81:9d:66:24:e4:68:
         1b:18:57:42:a4:65:1a:6c:a0:ba:ea:78:75:c5:79:5c:55:5c:
         2f:44:5e:bb:aa:0e:d4:83:6a:65:e8:77:78:b4:c8:02:52:06:
         d6:52:b7:f4:57:92:fc:45:ff:c3:d4:c7:60:f2:0e:87:82:63:
         db:cc:e2:10:3b:60:51:fc:31:ab:55:e3:a0:69:ed:b3:ae:da:
         fd:24:d5:00:ce:c0:b2:73:c8:35:28:6b:7c:70:10:a7:39:24:
         86:a5:67:f4:cc:3c:3c:6c:97:e3:29:d2:a3:cc:68:1c:54:70:
         75:71:f9:12
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZF0blEgXP2LQZJrdZbXgmSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzkwNTE4ZGY3MGIxM2Q3MDZiZmUyMzdhYTVhNzY5MjZh
NTc2ZDEwHhcNMjQwODIxMTAxNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDJkMGJkYTJiMDdjZGM1ZDhlOTMzN2RlMzYyMmFlZTExNzcwMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiZfJxy2Pe4ZQZOHoloUZETiOwyX
Q9A9ac70ipntK2VB+1thcCGz+8YfI60oKvcUFsQYwzdWstH+uSVvMGN72xoqtHtm
HiBhJGCMKAd3ek+3DNhVF3g9lsRs2Q6HjftH+6pZBFHeN/r1a747GYle/lLNtKqn
03GnbVcsjOm7/gOmlGIEKJsA0AndYWfNfJgv0U3gbthwV3iUjJCjVfhB6WyAwcpR
lvWHlJM44TBlSg/aWOipe5Iu9ZwgJlLEHnJ30lW5QrX6D7/i4ftyXhGCFmIbMML7
i+MZJtXUd0qW3tckwmwss4eQr5RqP7YtEloBPW5UQ9XlvwZUpr8bp8/oiQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM0tC9orB83F2OkzfeNiKu4RdwJDMB8GA1UdIwQY
MBaAFF/JBRjfcLE9cGv+I3qlp2kmpXbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhrRkdOOXdzVDF3YV80amVxV25hU2FsZHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82NWNjMjAtMGRmYi00MTgwLTlhYzEt
YzgzMDJlODJlYTIyLzEvelMwTDJpc0h6Y1hZNlROOTQySXE3aEYzQWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82NWNjMjAtMGRmYi00MTgwLTlhYzEtYzgzMDJlODJlYTIy
LzEvWDhrRkdOOXdzVDF3YV80amVxV25hU2FsZHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJARjAN
BgkqhkiG9w0BAQsFAAOCAQEAjc9XDOWQMpP8jm4YOKTPly52h2JOS9sgtK9uElZY
wh2XfSzZETFjnCQ5NuewKZoUywgAIeM8xKRskGlna/VaGvjvFsHs0cumiNXyJ+05
wZd7k9fmzO8DEerpy4lhiqzhxhtIsMnNxbMcyFDvJe5XzxuHriZMqU/UdTgXIFOi
JUhibjRmgVhYH3yrgZ1mJORoGxhXQqRlGmyguup4dcV5XFVcL0Reu6oO1INqZeh3
eLTIAlIG1lK39FeS/EX/w9THYPIOh4Jj28ziEDtgUfwxq1XjoGnts67a/STVAM7A
snPINShrfHAQpzkkhqVn9Mw8PGyX4ynSo8xoHFRwdXH5Eg==
-----END CERTIFICATE-----