Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/71zM8Wk0rk6pBl4HU2iKa9Ew0Gc.roa
File:                     71zM8Wk0rk6pBl4HU2iKa9Ew0Gc.roa (raw, json)
Hash identifier:          FL53nB7QnrgLYVTB08YRUONzu6GdN8zDRV1KXvQQS0k=
Subject key identifier:   EF:5C:CC:F1:69:34:AE:4E:A9:06:5E:07:53:68:8A:6B:D1:30:D0:67
Certificate issuer:       /CN=92f7d213fa13708e3200184ff1bc391577cc252f
Certificate serial:       018CC5DC8DEEF9094A057BCF8B332173443C
Authority key identifier: 92:F7:D2:13:FA:13:70:8E:32:00:18:4F:F1:BC:39:15:77:CC:25:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvfSE_oTcI4yABhP8bw5FXfMJS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/71zM8Wk0rk6pBl4HU2iKa9Ew0Gc.roa
Signing time:             Mon 01 Jan 2024 16:30:14 +0000
ROA not before:           Mon 01 Jan 2024 16:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133944
IP address blocks:        2a12:f180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/kvfSE_oTcI4yABhP8bw5FXfMJS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/kvfSE_oTcI4yABhP8bw5FXfMJS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvfSE_oTcI4yABhP8bw5FXfMJS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:8d:ee:f9:09:4a:05:7b:cf:8b:33:21:73:44:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92f7d213fa13708e3200184ff1bc391577cc252f
        Validity
            Not Before: Jan  1 16:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef5cccf16934ae4ea9065e0753688a6bd130d067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5b:60:96:bd:3a:14:d6:6e:77:0c:95:bb:54:
                    1f:05:8b:e3:5f:3d:df:f0:27:bd:14:8f:a4:48:1f:
                    0b:83:5d:8e:18:79:21:bb:1b:f7:4a:76:c4:5e:b0:
                    68:4a:50:0b:dd:ca:81:88:f7:18:ee:d4:69:6f:86:
                    bc:ce:c6:93:d6:72:7a:cd:41:3c:ea:04:84:36:2a:
                    e1:e1:98:cc:99:19:22:fe:7f:cd:3c:ab:b0:a4:30:
                    b8:e4:7b:a7:7e:92:9c:15:9a:e6:fc:d9:ab:f3:42:
                    7e:ab:0b:c1:78:b9:18:9e:1a:74:40:50:9f:e1:40:
                    a2:6e:ed:a2:38:49:62:df:9d:5a:a0:c2:75:76:a4:
                    83:46:21:f6:6b:d5:97:ca:8f:47:ec:df:4c:13:df:
                    c7:22:03:61:52:ec:4e:49:e3:ec:06:6d:bb:b7:11:
                    4f:09:e3:a9:47:b9:34:24:73:bb:c1:f7:c5:7d:46:
                    5b:41:9c:bd:74:21:b1:59:a1:3d:2e:82:74:6e:42:
                    b9:17:c9:8c:16:03:93:60:7c:b9:6e:e2:fe:0f:fa:
                    00:b8:3f:28:a8:a7:80:d5:6e:ea:b1:dc:17:aa:03:
                    d3:d2:02:f3:85:94:3e:07:b1:76:97:42:14:a5:ca:
                    af:b6:9e:60:68:51:9f:47:25:1f:8b:f4:b5:5b:54:
                    95:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:5C:CC:F1:69:34:AE:4E:A9:06:5E:07:53:68:8A:6B:D1:30:D0:67
            X509v3 Authority Key Identifier:
                keyid:92:F7:D2:13:FA:13:70:8E:32:00:18:4F:F1:BC:39:15:77:CC:25:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvfSE_oTcI4yABhP8bw5FXfMJS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/71zM8Wk0rk6pBl4HU2iKa9Ew0Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/kvfSE_oTcI4yABhP8bw5FXfMJS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f180::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:97:0b:bc:18:48:cc:4f:2f:f4:3e:25:fa:29:b9:74:66:11:
         5d:f6:9f:3a:4f:29:51:1f:b8:ca:3b:cd:8f:64:4b:8c:0a:af:
         cb:15:be:a4:79:18:90:94:e2:a2:99:2e:a8:85:2f:7a:16:4f:
         12:d1:de:78:7f:8c:87:d5:b0:99:7a:b4:f5:73:a2:92:b4:95:
         43:d3:24:61:ce:cd:61:f0:58:36:0d:c6:99:51:ff:95:7b:a9:
         7f:17:7f:47:9b:0d:a8:c6:71:85:53:28:e2:a6:b2:49:d3:77:
         1e:6c:42:ac:38:a3:7d:91:fb:57:33:04:c4:6e:e0:01:1f:9a:
         ca:c4:49:7a:1a:b8:07:28:dd:70:a0:3b:db:bf:b3:fe:35:ee:
         96:b7:2c:20:0c:c2:25:c8:5d:6b:18:9f:87:95:6a:df:52:03:
         92:ec:25:b4:9a:7a:b3:0a:61:d2:68:b2:56:84:30:cd:bc:c2:
         4f:e6:91:6b:c5:6a:37:69:b1:24:3c:2e:d5:35:67:91:df:72:
         df:55:d9:09:2d:af:5b:87:19:7c:41:cf:26:ca:88:32:01:82:
         d7:5b:f8:22:17:ae:0b:eb:50:80:c9:46:aa:97:82:a9:38:e5:
         ea:e3:9f:c3:3a:94:0e:7d:b9:bf:bf:80:ba:9d:1a:56:f5:c8:
         33:85:43:32
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3I3u+QlKBXvPizMhc0Q8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZjdkMjEzZmExMzcwOGUzMjAwMTg0ZmYxYmMzOTE1Nzdj
YzI1MmYwHhcNMjQwMTAxMTYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjVjY2NmMTY5MzRhZTRlYTkwNjVlMDc1MzY4OGE2YmQxMzBkMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVtglr06FNZudwyVu1QfBYvjXz3f
8Ce9FI+kSB8Lg12OGHkhuxv3SnbEXrBoSlAL3cqBiPcY7tRpb4a8zsaT1nJ6zUE8
6gSENirh4ZjMmRki/n/NPKuwpDC45HunfpKcFZrm/Nmr80J+qwvBeLkYnhp0QFCf
4UCibu2iOEli351aoMJ1dqSDRiH2a9WXyo9H7N9ME9/HIgNhUuxOSePsBm27txFP
CeOpR7k0JHO7wffFfUZbQZy9dCGxWaE9LoJ0bkK5F8mMFgOTYHy5buL+D/oAuD8o
qKeA1W7qsdwXqgPT0gLzhZQ+B7F2l0IUpcqvtp5gaFGfRyUfi/S1W1SVyQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO9czPFpNK5OqQZeB1NoimvRMNBnMB8GA1UdIwQY
MBaAFJL30hP6E3COMgAYT/G8ORV3zCUvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3ZmU0Vfb1RjSTR5QUJoUDhidzVGWGZNSlM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80ODIxMDEtYWM5NC00ZjBiLTkzMDkt
M2UxOGVlNmI0YTVhLzEvNzF6TThXazByazZwQmw0SFUyaUthOUV3MEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi80ODIxMDEtYWM5NC00ZjBiLTkzMDktM2UxOGVlNmI0YTVh
LzEva3ZmU0Vfb1RjSTR5QUJoUDhidzVGWGZNSlM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLxgDAN
BgkqhkiG9w0BAQsFAAOCAQEAZ5cLvBhIzE8v9D4l+im5dGYRXfafOk8pUR+4yjvN
j2RLjAqvyxW+pHkYkJTiopkuqIUvehZPEtHeeH+Mh9WwmXq09XOikrSVQ9MkYc7N
YfBYNg3GmVH/lXupfxd/R5sNqMZxhVMo4qaySdN3HmxCrDijfZH7VzMExG7gAR+a
ysRJehq4ByjdcKA727+z/jXulrcsIAzCJchdaxifh5Vq31IDkuwltJp6swph0miy
VoQwzbzCT+aRa8VqN2mxJDwu1TVnkd9y31XZCS2vW4cZfEHPJsqIMgGC11v4Iheu
C+tQgMlGqpeCqTjl6uOfwzqUDn25v7+Aup0aVvXIM4VDMg==
-----END CERTIFICATE-----