Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/TpmGQnMH7JhENm2qG5ur9OMd7B4.roa
File:                     TpmGQnMH7JhENm2qG5ur9OMd7B4.roa (raw, json)
Hash identifier:          qCXgVuMk3zYHXyMgoKp5mYjIpezEXujV2d7rhuRfvLE=
Subject key identifier:   4E:99:86:42:73:07:EC:98:44:36:6D:AA:1B:9B:AB:F4:E3:1D:EC:1E
Certificate issuer:       /CN=f0e729a54cc76b889c832e0d1395894af7c0e5fe
Certificate serial:       018EE23808756FC4F98041643D5762E58090
Authority key identifier: F0:E7:29:A5:4C:C7:6B:88:9C:83:2E:0D:13:95:89:4A:F7:C0:E5:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/TpmGQnMH7JhENm2qG5ur9OMd7B4.roa
Signing time:             Mon 15 Apr 2024 14:45:06 +0000
ROA not before:           Mon 15 Apr 2024 14:45:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57142
IP address blocks:        2a12:5346:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e2:38:08:75:6f:c4:f9:80:41:64:3d:57:62:e5:80:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0e729a54cc76b889c832e0d1395894af7c0e5fe
        Validity
            Not Before: Apr 15 14:45:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e9986427307ec9844366daa1b9babf4e31dec1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d5:2a:f7:9b:7f:e1:7d:22:84:02:d4:16:f1:
                    8e:4c:c2:52:c0:9a:05:9d:b6:56:94:1a:4e:78:d5:
                    da:c9:6e:5d:e9:9c:88:c3:4b:f7:1e:09:28:82:fc:
                    1d:7a:3e:56:25:d6:0a:c0:45:a6:57:0a:ea:fb:4e:
                    2b:57:b5:6f:a4:49:29:a4:52:83:08:5d:3b:a6:c3:
                    eb:81:81:7a:40:9a:53:5c:67:4a:51:bc:70:7a:98:
                    27:6c:f6:cd:b4:82:a8:d3:db:f6:c2:ea:fb:ea:82:
                    30:35:9c:d6:0e:fd:56:0b:1d:19:a3:b7:c1:8c:bc:
                    5d:2b:f2:a2:fd:22:52:13:5a:b1:53:49:eb:53:9a:
                    d9:e1:21:7e:8b:dc:67:95:15:33:36:1a:aa:c2:6e:
                    1e:48:74:16:5e:9c:76:02:10:29:f9:3d:5b:9d:31:
                    07:b3:bc:00:10:3f:e0:46:96:dc:99:11:12:1e:d9:
                    86:a0:5b:a8:b3:00:20:3e:37:6f:11:78:f6:a8:9a:
                    e9:03:90:8c:87:98:28:9d:47:a5:ba:7e:8e:26:d3:
                    05:69:d3:2b:45:9d:4a:97:68:9f:3e:da:f2:c0:ed:
                    f9:21:a0:8f:5d:3b:eb:93:07:4b:b8:4f:07:28:5c:
                    e4:98:ef:20:ca:29:e5:c7:ee:85:4c:0d:8c:2e:fe:
                    09:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:99:86:42:73:07:EC:98:44:36:6D:AA:1B:9B:AB:F4:E3:1D:EC:1E
            X509v3 Authority Key Identifier:
                keyid:F0:E7:29:A5:4C:C7:6B:88:9C:83:2E:0D:13:95:89:4A:F7:C0:E5:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/TpmGQnMH7JhENm2qG5ur9OMd7B4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5346:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:57:50:86:37:ee:94:dd:4d:72:43:f9:fc:ef:95:71:bf:ad:
         04:59:60:95:49:39:98:66:cc:1b:f8:32:d1:6d:08:b2:dc:c6:
         ef:89:11:3a:db:0a:9a:c9:9b:b0:a3:d0:df:23:96:cb:21:ef:
         2d:77:e3:c8:ea:6a:f6:9d:89:44:8d:7f:9c:93:0c:80:89:9d:
         d6:96:b6:4b:14:4a:69:aa:d7:ea:b6:c1:c6:b3:f3:d6:ef:20:
         30:3a:c1:14:3f:2b:a6:79:c0:bc:e9:11:57:c7:ab:99:78:d6:
         f0:24:ef:e7:92:53:87:50:94:aa:5f:de:51:bb:be:be:dd:03:
         86:24:27:83:2d:a6:42:17:a9:b7:7c:79:07:e9:0d:17:9f:a3:
         64:dc:34:7e:9b:c7:53:de:e3:c4:67:0a:55:2a:22:cb:d4:23:
         ff:6e:02:a8:04:b6:fb:08:68:09:90:8a:c6:25:c7:75:c7:c9:
         94:a7:40:a6:c2:8b:7a:42:28:34:09:cd:34:1f:6b:61:44:1b:
         03:49:ce:65:35:7c:57:ba:f4:51:46:64:28:cc:2c:fe:c1:d6:
         2e:52:a9:c7:8e:4f:a1:d5:ac:68:be:44:f1:17:03:74:4d:23:
         13:a7:13:a4:05:9c:b2:dc:53:5d:15:86:d6:70:45:b4:b8:e5:
         55:52:8a:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7iOAh1b8T5gEFkPVdi5YCQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZTcyOWE1NGNjNzZiODg5YzgzMmUwZDEzOTU4OTRhZjdj
MGU1ZmUwHhcNMjQwNDE1MTQ0NTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTk5ODY0MjczMDdlYzk4NDQzNjZkYWExYjliYWJmNGUzMWRlYzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidUq95t/4X0ihALUFvGOTMJSwJoF
nbZWlBpOeNXayW5d6ZyIw0v3Hgkogvwdej5WJdYKwEWmVwrq+04rV7VvpEkppFKD
CF07psPrgYF6QJpTXGdKUbxwepgnbPbNtIKo09v2wur76oIwNZzWDv1WCx0Zo7fB
jLxdK/Ki/SJSE1qxU0nrU5rZ4SF+i9xnlRUzNhqqwm4eSHQWXpx2AhAp+T1bnTEH
s7wAED/gRpbcmRESHtmGoFuoswAgPjdvEXj2qJrpA5CMh5gonUelun6OJtMFadMr
RZ1Kl2ifPtrywO35IaCPXTvrkwdLuE8HKFzkmO8gyinlx+6FTA2MLv4JywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE6ZhkJzB+yYRDZtqhubq/TjHeweMB8GA1UdIwQY
MBaAFPDnKaVMx2uInIMuDROViUr3wOX+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE9jcHBVekhhNGljZ3k0TkU1V0pTdmZBNWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zNjBkZTctNmZkYy00MDY3LThmNGQt
Njc2YjUyMDk2Y2Y4LzEvVHBtR1FuTUg3SmhFTm0ycUc1dXI5T01kN0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zNjBkZTctNmZkYy00MDY3LThmNGQtNjc2YjUyMDk2Y2Y4
LzEvOE9jcHBVekhhNGljZ3k0TkU1V0pTdmZBNWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhJTRgAD
MA0GCSqGSIb3DQEBCwUAA4IBAQAPV1CGN+6U3U1yQ/n875Vxv60EWWCVSTmYZswb
+DLRbQiy3MbviRE62wqayZuwo9DfI5bLIe8td+PI6mr2nYlEjX+ckwyAiZ3WlrZL
FEppqtfqtsHGs/PW7yAwOsEUPyumecC86RFXx6uZeNbwJO/nklOHUJSqX95Ru76+
3QOGJCeDLaZCF6m3fHkH6Q0Xn6Nk3DR+m8dT3uPEZwpVKiLL1CP/bgKoBLb7CGgJ
kIrGJcd1x8mUp0Cmwot6Qig0Cc00H2thRBsDSc5lNXxXuvRRRmQozCz+wdYuUqnH
jk+h1axovkTxFwN0TSMTpxOkBZyy3FNdFYbWcEW0uOVVUor7
-----END CERTIFICATE-----