Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/qnpsS1IYjsvMaOko98oEnyZdTNQ.roa
File:                     qnpsS1IYjsvMaOko98oEnyZdTNQ.roa (raw, json)
Hash identifier:          I8xfQRtglbJjeOJDoN+r4tmjRQM6wlmlXVGeos6jp20=
Subject key identifier:   AA:7A:6C:4B:52:18:8E:CB:CC:68:E9:28:F7:CA:04:9F:26:5D:4C:D4
Certificate issuer:       /CN=6a8b5a374f146d7b6a6dc7d316e8ebb12deea670
Certificate serial:       01958B147B2B097CB5E2E5EF4D19CFE2EE8E
Authority key identifier: 6A:8B:5A:37:4F:14:6D:7B:6A:6D:C7:D3:16:E8:EB:B1:2D:EE:A6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aotaN08UbXtqbcfTFujrsS3upnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/qnpsS1IYjsvMaOko98oEnyZdTNQ.roa
Signing time:             Wed 12 Mar 2025 15:58:50 +0000
ROA not before:           Wed 12 Mar 2025 15:58:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201207
IP address blocks:        2a12:9780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/aotaN08UbXtqbcfTFujrsS3upnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/aotaN08UbXtqbcfTFujrsS3upnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aotaN08UbXtqbcfTFujrsS3upnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8b:14:7b:2b:09:7c:b5:e2:e5:ef:4d:19:cf:e2:ee:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a8b5a374f146d7b6a6dc7d316e8ebb12deea670
        Validity
            Not Before: Mar 12 15:58:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa7a6c4b52188ecbcc68e928f7ca049f265d4cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:18:bd:39:17:7d:07:2a:19:fa:bb:e4:87:19:
                    55:1f:ba:ae:ff:6e:35:07:aa:a5:3a:5c:7d:7b:31:
                    fb:16:1e:6b:2d:73:c2:48:87:67:2c:cd:9d:75:27:
                    c4:00:16:46:09:96:a1:83:82:39:47:9b:2a:5a:4d:
                    54:20:57:a0:9c:18:5d:08:a1:27:4f:fe:fe:fc:bd:
                    9d:90:ea:1c:0b:83:ce:7b:fe:e7:22:6c:f3:06:a0:
                    ea:c2:92:e6:71:29:26:df:fd:b0:f6:b9:12:bb:52:
                    4d:ab:fd:09:bf:0d:ff:70:89:c6:02:55:5d:50:af:
                    4e:43:24:08:01:cd:fe:de:86:33:6b:81:40:64:b4:
                    da:7c:4d:3b:21:17:78:c3:bc:0c:05:31:ac:1e:06:
                    99:47:3f:9a:7c:2a:af:93:c1:a0:0a:82:b9:b4:87:
                    4a:81:df:79:4e:f3:81:0e:81:fb:63:dd:b0:95:64:
                    67:61:f9:40:a0:b9:d0:1c:33:74:fe:9f:12:a6:20:
                    46:32:f9:ae:73:d6:31:c5:9c:b5:82:84:42:06:dc:
                    f2:68:7c:6c:15:f1:33:f8:60:e7:48:b5:3f:13:9c:
                    aa:cf:0f:4d:90:96:c8:e2:5e:53:f0:6d:41:5d:ab:
                    81:f6:71:c3:b5:a7:b7:77:70:49:88:9f:14:74:d1:
                    36:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:7A:6C:4B:52:18:8E:CB:CC:68:E9:28:F7:CA:04:9F:26:5D:4C:D4
            X509v3 Authority Key Identifier:
                keyid:6A:8B:5A:37:4F:14:6D:7B:6A:6D:C7:D3:16:E8:EB:B1:2D:EE:A6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aotaN08UbXtqbcfTFujrsS3upnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/qnpsS1IYjsvMaOko98oEnyZdTNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/aotaN08UbXtqbcfTFujrsS3upnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:9780::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:4d:31:58:05:55:9f:16:ef:e5:f8:a5:26:93:49:08:8b:5a:
         93:0d:e8:80:a0:a2:fd:94:08:90:89:43:ee:a4:64:39:f7:19:
         c9:2e:43:e7:2d:1f:2d:cb:45:a6:23:94:9b:bf:2f:6f:c9:83:
         16:9f:9a:2d:7c:47:b9:0d:10:46:57:bc:18:cd:62:fe:93:bf:
         e6:e4:49:81:66:1f:19:1d:1e:ba:b8:d8:6d:87:08:d4:61:89:
         70:11:d4:0f:c1:20:88:3c:3a:15:fa:f9:50:a8:ce:eb:81:7e:
         9e:f6:23:cf:b8:8a:c9:c1:f0:08:ca:be:da:95:b1:cb:ed:07:
         66:68:74:06:12:e8:29:dd:45:00:10:43:32:2e:3d:92:9f:2f:
         b0:17:c5:95:bb:93:9c:4a:ff:06:c2:90:46:22:5e:e5:84:10:
         9f:73:57:21:3f:e5:e5:fb:b3:35:cc:3a:00:9e:47:2d:2e:3d:
         c6:16:ec:5b:28:f9:20:bd:7c:f7:36:4f:12:9d:83:0a:39:fc:
         f3:88:b5:79:49:6a:9f:b1:3f:f7:3f:1d:2f:d6:8d:17:8b:a3:
         b4:b0:9d:93:a3:5b:13:00:f6:4e:88:2f:9a:ed:66:5c:77:22:
         6f:8f:6d:7e:fa:73:13:c5:7b:a1:5a:f2:a2:45:3c:ea:bd:83:
         a8:01:16:e8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZWLFHsrCXy14uXvTRnP4u6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOGI1YTM3NGYxNDZkN2I2YTZkYzdkMzE2ZThlYmIxMmRl
ZWE2NzAwHhcNMjUwMzEyMTU1ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTdhNmM0YjUyMTg4ZWNiY2M2OGU5MjhmN2NhMDQ5ZjI2NWQ0Y2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhi9ORd9ByoZ+rvkhxlVH7qu/241
B6qlOlx9ezH7Fh5rLXPCSIdnLM2ddSfEABZGCZahg4I5R5sqWk1UIFegnBhdCKEn
T/7+/L2dkOocC4POe/7nImzzBqDqwpLmcSkm3/2w9rkSu1JNq/0Jvw3/cInGAlVd
UK9OQyQIAc3+3oYza4FAZLTafE07IRd4w7wMBTGsHgaZRz+afCqvk8GgCoK5tIdK
gd95TvOBDoH7Y92wlWRnYflAoLnQHDN0/p8SpiBGMvmuc9YxxZy1goRCBtzyaHxs
FfEz+GDnSLU/E5yqzw9NkJbI4l5T8G1BXauB9nHDtae3d3BJiJ8UdNE2GwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKp6bEtSGI7LzGjpKPfKBJ8mXUzUMB8GA1UdIwQY
MBaAFGqLWjdPFG17am3H0xbo67Et7qZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW90YU4wOFViWHRxYmNmVEZ1anJzUzN1cG5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mNmM4NjItYWY4Yi00M2YzLTk4YWQt
NDQyNDFmZWMxYTlmLzEvcW5wc1MxSVlqc3ZNYU9rbzk4b0VueVpkVE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mNmM4NjItYWY4Yi00M2YzLTk4YWQtNDQyNDFmZWMxYTlm
LzEvYW90YU4wOFViWHRxYmNmVEZ1anJzUzN1cG5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhKXgDAN
BgkqhkiG9w0BAQsFAAOCAQEAL00xWAVVnxbv5filJpNJCItakw3ogKCi/ZQIkIlD
7qRkOfcZyS5D5y0fLctFpiOUm78vb8mDFp+aLXxHuQ0QRle8GM1i/pO/5uRJgWYf
GR0eurjYbYcI1GGJcBHUD8EgiDw6Ffr5UKjO64F+nvYjz7iKycHwCMq+2pWxy+0H
Zmh0BhLoKd1FABBDMi49kp8vsBfFlbuTnEr/BsKQRiJe5YQQn3NXIT/l5fuzNcw6
AJ5HLS49xhbsWyj5IL189zZPEp2DCjn884i1eUlqn7E/9z8dL9aNF4ujtLCdk6Nb
EwD2Togvmu1mXHcib49tfvpzE8V7oVryokU86r2DqAEW6A==
-----END CERTIFICATE-----