Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/UNsqRay7ofQ5WiHpZ5Acof4lnDo.roa
File:                     UNsqRay7ofQ5WiHpZ5Acof4lnDo.roa (raw, json)
Hash identifier:          rDqdWWHGAzsTyp6IAkG0n0gUgv7cg4bdgRcTdFsdL3w=
Subject key identifier:   50:DB:2A:45:AC:BB:A1:F4:39:5A:21:E9:67:90:1C:A1:FE:25:9C:3A
Certificate issuer:       /CN=f6af433974df373b70abd76b13e1c70c775f554b
Certificate serial:       018D3BD500CC6109106BCA6FB048BF49B90C
Authority key identifier: F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/UNsqRay7ofQ5WiHpZ5Acof4lnDo.roa
Signing time:             Wed 24 Jan 2024 14:17:11 +0000
ROA not before:           Wed 24 Jan 2024 14:17:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215653
IP address blocks:        2a12:3e80:700::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:d5:00:cc:61:09:10:6b:ca:6f:b0:48:bf:49:b9:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6af433974df373b70abd76b13e1c70c775f554b
        Validity
            Not Before: Jan 24 14:17:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50db2a45acbba1f4395a21e967901ca1fe259c3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d0:19:03:31:a5:18:cc:4c:d9:27:c0:8a:ff:
                    b2:a7:fb:cf:b9:b7:ed:50:e5:ab:98:30:76:31:49:
                    5f:0c:dd:6a:e5:fe:85:03:5e:4f:9a:35:ab:ea:47:
                    16:8c:fa:89:2e:56:2f:0a:e1:8b:dd:8e:db:54:e4:
                    8e:b2:d0:eb:c4:d0:c0:fe:8a:c2:1d:9f:83:32:4b:
                    c4:39:11:cf:17:50:79:76:66:27:4f:2d:ac:54:df:
                    e5:a1:21:40:bc:d1:fc:07:21:97:bf:a8:6c:48:fb:
                    51:80:5e:c3:55:ef:73:95:0a:60:89:59:dd:3d:03:
                    61:81:42:d1:c9:95:2f:47:9a:be:bb:57:92:19:74:
                    b8:2b:49:94:2c:de:4c:3d:e8:77:f5:d2:73:34:2e:
                    22:47:7e:c5:a9:aa:2e:88:c6:e0:d7:a3:5a:68:21:
                    e6:28:d3:56:94:f4:60:6c:d3:01:7f:b8:43:c6:e4:
                    83:e8:c2:9f:df:4c:09:62:9e:78:66:88:47:d6:e2:
                    a7:c1:02:1b:a5:25:e6:83:05:4e:2a:ad:92:be:29:
                    53:50:c9:f3:14:25:67:5d:04:13:89:33:5c:4f:29:
                    1d:c8:65:8a:1a:a2:76:2e:77:8e:80:d4:39:91:27:
                    48:2b:23:f7:bc:47:f4:ef:a4:7f:54:15:74:0f:04:
                    a0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:DB:2A:45:AC:BB:A1:F4:39:5A:21:E9:67:90:1C:A1:FE:25:9C:3A
            X509v3 Authority Key Identifier:
                keyid:F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/UNsqRay7ofQ5WiHpZ5Acof4lnDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3e80:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         aa:90:39:f7:df:90:53:9c:e6:a0:48:70:f3:15:aa:fe:46:d6:
         74:3b:1f:cd:55:f9:45:86:51:08:d9:13:c2:f1:a9:09:82:31:
         e8:36:5f:7d:14:7e:ce:16:79:fd:03:47:53:35:43:08:92:fe:
         85:b8:73:64:a4:75:ef:85:43:44:85:e0:a0:af:ae:6f:1d:85:
         77:50:ed:09:1c:3e:55:f2:8b:59:f4:bc:02:ef:ae:cc:70:a0:
         c9:5b:a5:36:cd:e1:a7:34:9d:a2:92:9b:c6:fd:d7:be:2d:97:
         23:e0:a3:51:f2:4e:3c:00:fe:da:72:39:06:08:57:12:47:2c:
         2e:4a:11:40:e5:79:70:73:e3:3a:7c:97:d3:e7:11:d1:b5:7f:
         78:b0:32:db:0d:2a:11:da:80:99:16:f3:e4:51:0f:5b:13:be:
         fe:88:bc:78:f3:3f:58:d1:93:d4:ee:a3:97:1d:63:ef:d5:cd:
         36:fe:17:1d:d7:ed:81:00:69:8f:16:d2:f8:88:7b:5f:25:83:
         1b:64:16:86:cf:bb:5a:41:a1:99:6c:f6:5d:f8:6a:60:7f:95:
         6b:65:b8:9e:32:fc:c9:fb:68:90:a6:80:a2:a0:ed:70:07:c8:
         87:a4:b1:26:48:55:10:6e:45:b0:27:2d:f8:e7:2d:33:be:d1:
         34:ca:c6:d9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY071QDMYQkQa8pvsEi/SbkMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YWY0MzM5NzRkZjM3M2I3MGFiZDc2YjEzZTFjNzBjNzc1
ZjU1NGIwHhcNMjQwMTI0MTQxNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGRiMmE0NWFjYmJhMWY0Mzk1YTIxZTk2NzkwMWNhMWZlMjU5YzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntAZAzGlGMxM2SfAiv+yp/vPubft
UOWrmDB2MUlfDN1q5f6FA15PmjWr6kcWjPqJLlYvCuGL3Y7bVOSOstDrxNDA/orC
HZ+DMkvEORHPF1B5dmYnTy2sVN/loSFAvNH8ByGXv6hsSPtRgF7DVe9zlQpgiVnd
PQNhgULRyZUvR5q+u1eSGXS4K0mULN5MPeh39dJzNC4iR37FqaouiMbg16NaaCHm
KNNWlPRgbNMBf7hDxuSD6MKf30wJYp54ZohH1uKnwQIbpSXmgwVOKq2SvilTUMnz
FCVnXQQTiTNcTykdyGWKGqJ2LneOgNQ5kSdIKyP3vEf076R/VBV0DwSg3QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFDbKkWsu6H0OVoh6WeQHKH+JZw6MB8GA1UdIwQY
MBaAFPavQzl03zc7cKvXaxPhxwx3X1VLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2It
YTI2YmM2NTNiMDZiLzEvVU5zcVJheTdvZlE1V2lIcFo1QWNvZjRsbkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2ItYTI2YmM2NTNiMDZi
LzEvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhI+gAcw
DQYJKoZIhvcNAQELBQADggEBAKqQOfffkFOc5qBIcPMVqv5G1nQ7H81V+UWGUQjZ
E8LxqQmCMeg2X30Ufs4Wef0DR1M1QwiS/oW4c2Skde+FQ0SF4KCvrm8dhXdQ7Qkc
PlXyi1n0vALvrsxwoMlbpTbN4ac0naKSm8b9174tlyPgo1HyTjwA/tpyOQYIVxJH
LC5KEUDleXBz4zp8l9PnEdG1f3iwMtsNKhHagJkW8+RRD1sTvv6IvHjzP1jRk9Tu
o5cdY+/VzTb+Fx3X7YEAaY8W0viIe18lgxtkFobPu1pBoZls9l34amB/lWtluJ4y
/Mn7aJCmgKKg7XAHyIeksSZIVRBuRbAnLfjnLTO+0TTKxtk=
-----END CERTIFICATE-----