Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/tdzcrJI0HiEWH5z8HfzwsYWC0uk.roa
File:                     tdzcrJI0HiEWH5z8HfzwsYWC0uk.roa (raw, json)
Hash identifier:          8wLUjDrBvwm7INqPCoh2ojckGN4rKi1PEDyt7pjWMcU=
Subject key identifier:   B5:DC:DC:AC:92:34:1E:21:16:1F:9C:FC:1D:FC:F0:B1:85:82:D2:E9
Certificate issuer:       /CN=f6af433974df373b70abd76b13e1c70c775f554b
Certificate serial:       018D5583D58A08E4C32B2B70A743B61477F6
Authority key identifier: F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/tdzcrJI0HiEWH5z8HfzwsYWC0uk.roa
Signing time:             Mon 29 Jan 2024 13:58:39 +0000
ROA not before:           Mon 29 Jan 2024 13:58:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215738
IP address blocks:        2a12:3e80:401::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:55:83:d5:8a:08:e4:c3:2b:2b:70:a7:43:b6:14:77:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6af433974df373b70abd76b13e1c70c775f554b
        Validity
            Not Before: Jan 29 13:58:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5dcdcac92341e21161f9cfc1dfcf0b18582d2e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:90:9a:e5:e8:56:21:c1:47:29:0f:b9:64:76:
                    54:d3:31:90:5e:d1:bb:4a:f5:05:75:7c:44:37:7d:
                    a8:4b:a8:3a:6c:e3:62:08:7d:4a:23:4e:f5:59:24:
                    53:75:1d:57:ee:1a:43:df:0a:f9:ed:e7:6e:bb:00:
                    e7:69:b4:2d:f8:f3:6b:3e:97:3a:07:3a:17:9d:8f:
                    38:aa:2b:13:fd:15:a9:6d:0a:92:d5:34:5f:5e:e6:
                    b3:be:6d:67:d4:99:6b:6a:47:12:e0:c4:2c:de:ca:
                    48:f7:5a:3e:d8:ee:35:2d:20:2b:af:7b:86:6d:e3:
                    c9:10:a7:49:fd:9a:51:6f:7d:32:ef:d0:09:39:3a:
                    ca:f5:be:b3:31:4a:85:3a:cb:5f:e0:00:28:32:4c:
                    c3:89:d1:4a:74:09:9e:08:75:95:fb:ea:de:be:ac:
                    e9:3f:f3:7c:d4:ba:ab:ce:d3:25:22:30:fa:79:a1:
                    ea:e3:60:94:16:a6:e7:c8:05:31:df:ab:87:45:c5:
                    3d:28:bb:cb:82:02:61:a3:88:75:de:e6:ed:49:59:
                    ba:81:af:56:13:3f:25:4e:51:19:30:51:40:e6:01:
                    86:44:ba:81:dc:aa:8f:47:8d:cb:b2:84:92:2c:79:
                    6d:1f:24:2a:57:79:2f:a5:98:4d:81:b9:8c:d9:da:
                    3a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:DC:DC:AC:92:34:1E:21:16:1F:9C:FC:1D:FC:F0:B1:85:82:D2:E9
            X509v3 Authority Key Identifier:
                keyid:F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/tdzcrJI0HiEWH5z8HfzwsYWC0uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3e80:401::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:d7:00:cc:b8:86:5e:9c:dc:a0:c0:5d:c0:d8:ac:58:05:3d:
         89:23:e8:59:f8:d8:50:d4:16:16:93:53:c4:3f:67:ff:c2:56:
         60:a6:4b:a4:75:9e:51:9b:c5:6d:64:d8:d7:45:bc:a1:44:a7:
         62:32:2c:25:50:4e:b8:49:44:f5:d6:0d:0e:38:9c:05:f8:a8:
         88:59:2c:c2:56:62:4c:9e:1d:3f:08:75:2d:88:a0:e9:bd:68:
         37:de:3c:16:d2:14:99:ac:19:19:5b:57:cb:e9:f3:8f:42:ce:
         a1:f7:72:48:fe:e8:82:ec:d1:fc:f4:62:d3:e1:79:af:d0:1e:
         42:a7:a0:63:63:00:b5:38:a6:81:49:1e:8e:dd:b3:6c:e5:99:
         16:b2:a3:ac:e3:84:d1:61:df:0c:4d:33:59:e7:31:ca:57:b0:
         b5:0c:8b:7f:af:bb:ec:bb:2b:08:1a:49:cf:ca:04:fb:55:ea:
         a3:87:dc:e3:a6:c8:6e:d3:e5:c7:21:6c:8f:72:1c:92:d2:a2:
         51:3d:45:7a:db:31:0f:b7:9b:c1:04:5d:76:ba:15:b3:53:c3:
         ae:1c:a8:68:69:a0:5e:5a:db:f5:42:fd:f4:a5:50:12:2c:68:
         dc:16:c1:a9:67:ad:bc:8d:d2:13:5b:28:4c:1e:ee:9a:1b:08:
         46:3f:28:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1Vg9WKCOTDKytwp0O2FHf2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YWY0MzM5NzRkZjM3M2I3MGFiZDc2YjEzZTFjNzBjNzc1
ZjU1NGIwHhcNMjQwMTI5MTM1ODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWRjZGNhYzkyMzQxZTIxMTYxZjljZmMxZGZjZjBiMTg1ODJkMmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZCa5ehWIcFHKQ+5ZHZU0zGQXtG7
SvUFdXxEN32oS6g6bONiCH1KI071WSRTdR1X7hpD3wr57eduuwDnabQt+PNrPpc6
BzoXnY84qisT/RWpbQqS1TRfXuazvm1n1JlrakcS4MQs3spI91o+2O41LSArr3uG
bePJEKdJ/ZpRb30y79AJOTrK9b6zMUqFOstf4AAoMkzDidFKdAmeCHWV++revqzp
P/N81LqrztMlIjD6eaHq42CUFqbnyAUx36uHRcU9KLvLggJho4h13ubtSVm6ga9W
Ez8lTlEZMFFA5gGGRLqB3KqPR43LsoSSLHltHyQqV3kvpZhNgbmM2do6CwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLXc3KySNB4hFh+c/B388LGFgtLpMB8GA1UdIwQY
MBaAFPavQzl03zc7cKvXaxPhxwx3X1VLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2It
YTI2YmM2NTNiMDZiLzEvdGR6Y3JKSTBIaUVXSDV6OEhmendzWVdDMHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2ItYTI2YmM2NTNiMDZi
LzEvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhI+gAQB
MA0GCSqGSIb3DQEBCwUAA4IBAQBt1wDMuIZenNygwF3A2KxYBT2JI+hZ+NhQ1BYW
k1PEP2f/wlZgpkukdZ5Rm8VtZNjXRbyhRKdiMiwlUE64SUT11g0OOJwF+KiIWSzC
VmJMnh0/CHUtiKDpvWg33jwW0hSZrBkZW1fL6fOPQs6h93JI/uiC7NH89GLT4Xmv
0B5Cp6BjYwC1OKaBSR6O3bNs5ZkWsqOs44TRYd8MTTNZ5zHKV7C1DIt/r7vsuysI
GknPygT7Veqjh9zjpshu0+XHIWyPchyS0qJRPUV62zEPt5vBBF12uhWzU8OuHKho
aaBeWtv1Qv30pVASLGjcFsGpZ628jdITWyhMHu6aGwhGPyi4
-----END CERTIFICATE-----