Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/sLZpvIMTgksZrvqormgvgok8KhA.roa
File:                     sLZpvIMTgksZrvqormgvgok8KhA.roa (raw, json)
Hash identifier:          F40TwnOKkG5HzR84w5cvXcd+kglYl0t+PxN2IvdlZDk=
Subject key identifier:   B0:B6:69:BC:83:13:82:4B:19:AE:FA:A8:AE:68:2F:82:89:3C:2A:10
Certificate issuer:       /CN=d447813ce52a823ea1efc9a0f4933c5d3353ee2b
Certificate serial:       0194206872071415271D53AD8BBEE3FB8935
Authority key identifier: D4:47:81:3C:E5:2A:82:3E:A1:EF:C9:A0:F4:93:3C:5D:33:53:EE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1EeBPOUqgj6h78mg9JM8XTNT7is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/sLZpvIMTgksZrvqormgvgok8KhA.roa
Signing time:             Wed 01 Jan 2025 05:48:23 +0000
ROA not before:           Wed 01 Jan 2025 05:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200207
IP address blocks:        2a12:66c7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/1EeBPOUqgj6h78mg9JM8XTNT7is.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/1EeBPOUqgj6h78mg9JM8XTNT7is.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1EeBPOUqgj6h78mg9JM8XTNT7is.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:72:07:14:15:27:1d:53:ad:8b:be:e3:fb:89:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d447813ce52a823ea1efc9a0f4933c5d3353ee2b
        Validity
            Not Before: Jan  1 05:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0b669bc8313824b19aefaa8ae682f82893c2a10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bb:3e:a9:70:48:29:76:2a:30:fe:7f:85:e2:
                    ab:71:d8:a6:aa:6a:ae:39:dc:d5:f1:96:f2:58:8f:
                    cb:cc:39:59:1f:df:aa:e5:0a:f8:1e:b7:0c:5e:8b:
                    08:67:2b:e2:18:1f:08:a2:f1:1d:e5:7e:27:09:a8:
                    bd:dd:62:e0:32:1f:00:8e:89:5d:20:59:a4:13:64:
                    1b:2d:c8:b4:02:59:8d:47:06:19:97:e3:ce:f0:75:
                    6d:ff:e2:b6:64:62:35:8b:00:f3:ed:b2:0c:2f:df:
                    95:f2:50:96:2f:ad:f9:ba:f6:a5:10:17:00:8e:50:
                    98:c9:bf:e8:c2:09:e5:b5:90:1d:4b:6e:82:92:30:
                    c2:fd:cc:4e:97:a9:a2:c0:77:50:f3:68:fa:55:93:
                    6b:ee:a4:d9:93:7a:55:b0:1d:e4:31:f5:74:77:b7:
                    fb:85:d7:41:a2:38:f3:68:fa:f0:18:e6:7a:e1:b6:
                    65:96:a0:f1:cf:21:9d:2a:55:4c:50:9b:13:2a:6e:
                    97:63:33:c8:73:a0:e2:28:c5:7d:3c:3e:df:f2:51:
                    e4:0c:48:6f:6f:e5:6d:2f:f5:47:8b:b1:d4:47:c5:
                    75:7e:29:cc:ef:cd:2d:64:3b:fe:28:06:52:85:29:
                    0d:c5:ae:89:60:47:5b:d0:30:bf:b1:5e:de:24:60:
                    99:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B6:69:BC:83:13:82:4B:19:AE:FA:A8:AE:68:2F:82:89:3C:2A:10
            X509v3 Authority Key Identifier:
                keyid:D4:47:81:3C:E5:2A:82:3E:A1:EF:C9:A0:F4:93:3C:5D:33:53:EE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1EeBPOUqgj6h78mg9JM8XTNT7is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/sLZpvIMTgksZrvqormgvgok8KhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/1EeBPOUqgj6h78mg9JM8XTNT7is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:66c7::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:a6:da:d2:0a:c1:82:76:3e:42:64:ba:8b:09:3c:f8:53:ca:
         39:a9:53:c4:bd:1b:f8:59:c6:92:d1:db:22:59:d0:f2:b9:28:
         91:94:d4:17:03:a8:8e:01:7b:af:56:18:eb:f4:78:79:f3:ba:
         d5:09:85:d7:53:5f:2a:a8:65:f5:4e:b7:82:a0:19:6d:0a:b9:
         97:e0:3c:72:1a:29:96:1f:be:03:fa:d1:d6:01:cb:f7:28:b6:
         aa:0f:df:64:46:53:95:80:65:b8:0b:af:c2:95:96:f5:4e:9c:
         10:30:8f:52:30:49:f6:4f:86:f7:17:ac:f0:23:85:66:89:b5:
         26:5e:db:2a:08:b3:5e:31:af:49:a7:2a:c0:2b:e0:f5:55:e6:
         ff:ed:22:5b:6b:7b:97:a1:f6:d5:ff:db:6b:ed:33:fd:aa:78:
         09:36:3b:58:2f:e8:6d:6e:81:64:51:ff:3a:b6:a5:71:d1:02:
         ec:3d:78:c8:9b:b6:d1:b2:2b:aa:7b:97:a3:5d:80:08:20:31:
         74:76:39:f1:0d:92:1a:28:5a:fd:29:62:98:da:58:69:b3:08:
         03:dd:28:08:30:15:3d:8a:7d:06:30:62:87:10:8d:30:78:2a:
         cd:11:7e:9b:42:0f:74:5f:84:7e:e9:cf:ba:d4:93:4c:cf:70:
         80:30:70:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgaHIHFBUnHVOti77j+4k1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NDc4MTNjZTUyYTgyM2VhMWVmYzlhMGY0OTMzYzVkMzM1
M2VlMmIwHhcNMjUwMTAxMDU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGI2NjliYzgzMTM4MjRiMTlhZWZhYThhZTY4MmY4Mjg5M2MyYTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbs+qXBIKXYqMP5/heKrcdimqmqu
OdzV8ZbyWI/LzDlZH9+q5Qr4HrcMXosIZyviGB8IovEd5X4nCai93WLgMh8Ajold
IFmkE2QbLci0AlmNRwYZl+PO8HVt/+K2ZGI1iwDz7bIML9+V8lCWL635uvalEBcA
jlCYyb/owgnltZAdS26CkjDC/cxOl6miwHdQ82j6VZNr7qTZk3pVsB3kMfV0d7f7
hddBojjzaPrwGOZ64bZllqDxzyGdKlVMUJsTKm6XYzPIc6DiKMV9PD7f8lHkDEhv
b+VtL/VHi7HUR8V1finM780tZDv+KAZShSkNxa6JYEdb0DC/sV7eJGCZNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLC2abyDE4JLGa76qK5oL4KJPCoQMB8GA1UdIwQY
MBaAFNRHgTzlKoI+oe/JoPSTPF0zU+4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUVlQlBPVXFnajZoNzhtZzlKTThYVE5UN2lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9mYTc3ZDMtY2VkYi00NTlkLTk1Y2Yt
ZGM3ZTEyNmNhMjM0LzEvc0xacHZJTVRna3NacnZxb3JtZ3Znb2s4S2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9mYTc3ZDMtY2VkYi00NTlkLTk1Y2YtZGM3ZTEyNmNhMjM0
LzEvMUVlQlBPVXFnajZoNzhtZzlKTThYVE5UN2lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhJmxwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBlptrSCsGCdj5CZLqLCTz4U8o5qVPEvRv4WcaS
0dsiWdDyuSiRlNQXA6iOAXuvVhjr9Hh587rVCYXXU18qqGX1TreCoBltCrmX4Dxy
GimWH74D+tHWAcv3KLaqD99kRlOVgGW4C6/ClZb1TpwQMI9SMEn2T4b3F6zwI4Vm
ibUmXtsqCLNeMa9JpyrAK+D1Veb/7SJba3uXofbV/9tr7TP9qngJNjtYL+htboFk
Uf86tqVx0QLsPXjIm7bRsiuqe5ejXYAIIDF0djnxDZIaKFr9KWKY2lhpswgD3SgI
MBU9in0GMGKHEI0weCrNEX6bQg90X4R+6c+61JNMz3CAMHD9
-----END CERTIFICATE-----