Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/tgwEwLbVEXrP-lBEQu6MSttR5KM.roa
File:                     tgwEwLbVEXrP-lBEQu6MSttR5KM.roa (raw, json)
Hash identifier:          u8+165Dy1vc74O/ehwJy0sNsITcspBWp06+xTuCyblQ=
Subject key identifier:   B6:0C:04:C0:B6:D5:11:7A:CF:FA:50:44:42:EE:8C:4A:DB:51:E4:A3
Certificate issuer:       /CN=f0e729a54cc76b889c832e0d1395894af7c0e5fe
Certificate serial:       018CC9BC2EDD5B50EC3BC021451FFB81E068
Authority key identifier: F0:E7:29:A5:4C:C7:6B:88:9C:83:2E:0D:13:95:89:4A:F7:C0:E5:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/tgwEwLbVEXrP-lBEQu6MSttR5KM.roa
Signing time:             Tue 02 Jan 2024 10:33:22 +0000
ROA not before:           Tue 02 Jan 2024 10:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208685
IP address blocks:        2a12:5343:2::/48 maxlen: 48
                          2a12:5343:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:2e:dd:5b:50:ec:3b:c0:21:45:1f:fb:81:e0:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0e729a54cc76b889c832e0d1395894af7c0e5fe
        Validity
            Not Before: Jan  2 10:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b60c04c0b6d5117acffa504442ee8c4adb51e4a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:69:aa:22:31:73:07:ab:c1:1f:d6:71:8d:f1:
                    ab:8b:99:92:aa:92:a2:c5:b1:ef:0b:71:2c:eb:c7:
                    6b:42:d9:28:02:ee:5c:61:e8:ef:6e:c3:85:83:6d:
                    d7:34:08:07:e4:04:7f:91:3b:bd:3f:0c:5d:1a:97:
                    ae:a5:63:e0:8d:1d:75:c0:c5:9f:df:5a:4c:97:c9:
                    36:6a:5b:65:b9:d7:d2:d4:4c:a3:2a:d3:82:1c:e1:
                    51:94:df:be:85:cc:b6:57:03:b3:88:7d:c3:7f:07:
                    b6:5b:14:ce:79:92:23:3e:af:28:b3:be:13:0d:cc:
                    66:03:e8:76:14:41:fc:66:51:47:a1:47:f9:a2:58:
                    40:c7:7c:e5:d4:8d:4b:b4:a1:a6:5f:dd:09:7b:f4:
                    4a:6c:e3:71:db:36:28:84:21:92:cc:ce:e6:56:3b:
                    2f:1f:2f:f3:d5:9d:35:45:a5:de:fe:8c:30:a6:db:
                    8d:eb:02:86:9b:29:39:07:6f:d5:4a:4f:60:77:06:
                    bb:2b:ce:43:2c:a7:6d:4a:77:e7:67:e9:e0:16:71:
                    bc:15:0b:06:e8:b6:ba:ce:27:16:bb:5e:9a:5e:c4:
                    e1:2d:b7:e9:58:6f:a0:16:6a:6b:1c:d9:a8:1f:92:
                    50:c9:fb:35:51:57:74:92:50:d2:c1:63:08:bb:91:
                    7e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:0C:04:C0:B6:D5:11:7A:CF:FA:50:44:42:EE:8C:4A:DB:51:E4:A3
            X509v3 Authority Key Identifier:
                keyid:F0:E7:29:A5:4C:C7:6B:88:9C:83:2E:0D:13:95:89:4A:F7:C0:E5:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/tgwEwLbVEXrP-lBEQu6MSttR5KM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5343:1::-2a12:5343:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0a:bb:c3:ae:9a:35:47:cb:3f:5c:2f:81:93:e8:fd:a1:5f:77:
         1e:d4:7f:e2:20:14:36:c5:9f:12:62:02:28:20:d4:03:f6:bd:
         d9:07:70:4d:bf:3c:31:a4:22:a1:4f:cc:90:7f:72:1f:0b:86:
         1a:a4:5d:43:86:cd:2b:0b:ec:3a:d6:31:f3:d1:54:6e:e3:7e:
         56:db:b1:c7:11:82:34:cb:ff:b1:ef:73:e5:c9:8c:41:7d:44:
         53:3f:54:7a:df:fe:af:57:b7:49:d7:19:57:83:88:84:ef:25:
         33:e5:e7:84:ba:bd:dc:17:18:4a:4e:18:f9:8f:8d:14:d6:bd:
         08:64:9a:1f:c1:5f:cc:c1:f6:d9:b3:0e:ac:a0:c5:ec:51:65:
         6f:1c:82:19:91:a8:4f:83:05:bf:1c:32:77:1d:52:1f:16:27:
         08:47:a5:34:95:8a:72:94:03:5e:9a:d9:5d:8f:00:e0:d5:1b:
         85:10:95:58:f4:ae:b5:26:e7:37:bc:dc:aa:29:2d:29:d3:f6:
         ef:3e:80:66:7b:91:cb:9a:55:e7:a7:f5:bd:6b:05:14:9e:dd:
         10:fd:9d:61:a3:5a:68:65:ed:1f:63:db:20:24:81:6c:16:8d:
         4d:75:8d:bf:79:ee:0c:da:ab:7e:64:75:a9:b7:f4:35:4a:23:
         03:72:97:8f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzJvC7dW1DsO8AhRR/7geBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZTcyOWE1NGNjNzZiODg5YzgzMmUwZDEzOTU4OTRhZjdj
MGU1ZmUwHhcNMjQwMTAyMTAzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjBjMDRjMGI2ZDUxMTdhY2ZmYTUwNDQ0MmVlOGM0YWRiNTFlNGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWmqIjFzB6vBH9ZxjfGri5mSqpKi
xbHvC3Es68drQtkoAu5cYejvbsOFg23XNAgH5AR/kTu9PwxdGpeupWPgjR11wMWf
31pMl8k2altludfS1EyjKtOCHOFRlN++hcy2VwOziH3Dfwe2WxTOeZIjPq8os74T
DcxmA+h2FEH8ZlFHoUf5olhAx3zl1I1LtKGmX90Je/RKbONx2zYohCGSzM7mVjsv
Hy/z1Z01RaXe/owwptuN6wKGmyk5B2/VSk9gdwa7K85DLKdtSnfnZ+ngFnG8FQsG
6La6zicWu16aXsThLbfpWG+gFmprHNmoH5JQyfs1UVd0klDSwWMIu5F+MwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLYMBMC21RF6z/pQRELujErbUeSjMB8GA1UdIwQY
MBaAFPDnKaVMx2uInIMuDROViUr3wOX+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE9jcHBVekhhNGljZ3k0TkU1V0pTdmZBNWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zNjBkZTctNmZkYy00MDY3LThmNGQt
Njc2YjUyMDk2Y2Y4LzEvdGd3RXdMYlZFWHJQLWxCRVF1Nk1TdHRSNUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zNjBkZTctNmZkYy00MDY3LThmNGQtNjc2YjUyMDk2Y2Y4
LzEvOE9jcHBVekhhNGljZ3k0TkU1V0pTdmZBNWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqElND
AAEDBwAqElNDAAIwDQYJKoZIhvcNAQELBQADggEBAAq7w66aNUfLP1wvgZPo/aFf
dx7Uf+IgFDbFnxJiAigg1AP2vdkHcE2/PDGkIqFPzJB/ch8LhhqkXUOGzSsL7DrW
MfPRVG7jflbbsccRgjTL/7Hvc+XJjEF9RFM/VHrf/q9Xt0nXGVeDiITvJTPl54S6
vdwXGEpOGPmPjRTWvQhkmh/BX8zB9tmzDqygxexRZW8cghmRqE+DBb8cMncdUh8W
JwhHpTSVinKUA16a2V2PAODVG4UQlVj0rrUm5ze83KopLSnT9u8+gGZ7kcuaVeen
9b1rBRSe3RD9nWGjWmhl7R9j2yAkgWwWjU11jb957gzaq35kdam39DVKIwNyl48=
-----END CERTIFICATE-----