Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/Gll7ZDRR1qVIsVlFfOXNasLWc_8.roa
File:                     Gll7ZDRR1qVIsVlFfOXNasLWc_8.roa (raw, json)
Hash identifier:          Wxi4exFA/FyuYl43JBEqwzFePrx6GGK6xErtnS1tB4s=
Subject key identifier:   1A:59:7B:64:34:51:D6:A5:48:B1:59:45:7C:E5:CD:6A:C2:D6:73:FF
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       01915B74203B7DC47B03BB1F8A07916D6A9B
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/Gll7ZDRR1qVIsVlFfOXNasLWc_8.roa
Signing time:             Fri 16 Aug 2024 13:50:22 +0000
ROA not before:           Fri 16 Aug 2024 13:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216157
IP address blocks:        2a12:3ac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5b:74:20:3b:7d:c4:7b:03:bb:1f:8a:07:91:6d:6a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Aug 16 13:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a597b643451d6a548b159457ce5cd6ac2d673ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:90:8e:5a:af:fe:59:db:ee:ae:47:cc:e4:35:
                    72:95:93:ec:29:93:21:14:e5:c7:f8:79:8d:5d:71:
                    a7:0f:9b:70:e6:ad:bb:b5:cd:9b:6f:e8:da:ff:1f:
                    c9:96:2e:ba:2b:08:ff:19:23:0e:92:df:4b:b3:85:
                    63:54:04:9c:9f:b0:21:fe:83:b9:23:16:29:4a:27:
                    d5:77:32:76:56:9f:b7:ed:13:02:2b:32:42:ae:79:
                    7f:63:ed:e9:1e:c7:ff:80:53:b8:2f:a3:44:8a:c1:
                    44:4a:41:5c:c3:ac:54:4a:27:ac:72:f7:42:87:55:
                    de:65:40:25:ac:9f:22:e9:14:53:bd:5f:d0:1e:62:
                    82:8e:aa:57:a1:40:6f:d2:46:9f:65:a6:32:95:d8:
                    8b:ba:05:ba:18:0b:09:15:cf:6c:a4:99:09:65:92:
                    38:71:4e:ab:0c:37:f9:15:08:57:30:b6:38:19:4e:
                    de:26:13:f4:1f:a4:cd:ec:42:85:6b:f0:5b:33:d4:
                    01:b6:89:7b:6c:12:8e:16:41:f7:41:a9:0f:c3:6d:
                    91:54:96:b5:80:b5:30:b0:be:e2:d9:68:81:51:fa:
                    90:9a:15:8b:9b:36:c2:d9:63:e9:3a:a8:9e:6a:61:
                    2d:7d:88:5e:cf:fb:23:9e:3f:b0:55:ed:27:0f:77:
                    dc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:59:7B:64:34:51:D6:A5:48:B1:59:45:7C:E5:CD:6A:C2:D6:73:FF
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/Gll7ZDRR1qVIsVlFfOXNasLWc_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:3d:5d:a0:55:75:c9:5a:90:16:ff:e8:65:fa:df:ec:ce:4a:
         d0:d9:57:eb:9e:d3:de:25:e2:89:ac:26:46:98:66:7a:a8:71:
         dd:23:a5:11:63:8b:e4:13:67:74:42:f9:47:2e:4f:02:93:31:
         00:36:23:80:81:27:c1:11:04:16:de:41:af:c7:b4:3d:70:ff:
         29:76:91:87:24:5c:41:e6:6a:a0:64:7d:3e:b7:2d:56:ab:c2:
         af:c1:c4:df:8d:d7:b0:ca:1a:1d:df:2b:2b:a5:3f:80:3a:94:
         0c:ab:85:0d:11:47:47:8f:14:57:6c:79:e6:19:1e:fa:6e:ec:
         f5:7a:5a:18:ce:31:af:bf:ab:e5:50:99:3a:2a:54:65:fe:81:
         5f:ee:98:c9:b1:c9:ce:87:b1:1d:e1:54:87:96:0b:1f:e4:15:
         57:94:ad:a7:ca:ee:63:3a:4f:53:77:70:2f:e3:2d:b2:ad:b0:
         c5:86:7b:78:f3:59:c1:ae:19:48:77:80:67:16:e1:4e:7f:24:
         f6:3e:87:74:ff:02:31:35:06:fe:3d:3d:97:7b:05:14:35:a7:
         41:d4:f7:0b:1b:b7:81:87:e9:46:4d:19:af:e5:c1:d1:cc:a3:
         f7:68:1a:9a:1b:53:31:6d:f4:6e:f0:58:41:1a:1b:ff:39:19:
         81:5a:2f:3f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZFbdCA7fcR7A7sfigeRbWqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQwODE2MTM1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTU5N2I2NDM0NTFkNmE1NDhiMTU5NDU3Y2U1Y2Q2YWMyZDY3M2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpCOWq/+WdvurkfM5DVylZPsKZMh
FOXH+HmNXXGnD5tw5q27tc2bb+ja/x/Jli66Kwj/GSMOkt9Ls4VjVAScn7Ah/oO5
IxYpSifVdzJ2Vp+37RMCKzJCrnl/Y+3pHsf/gFO4L6NEisFESkFcw6xUSiescvdC
h1XeZUAlrJ8i6RRTvV/QHmKCjqpXoUBv0kafZaYyldiLugW6GAsJFc9spJkJZZI4
cU6rDDf5FQhXMLY4GU7eJhP0H6TN7EKFa/BbM9QBtol7bBKOFkH3QakPw22RVJa1
gLUwsL7i2WiBUfqQmhWLmzbC2WPpOqieamEtfYhez/sjnj+wVe0nD3fcUQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBpZe2Q0UdalSLFZRXzlzWrC1nP/MB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvR2xsN1pEUlIxcVZJc1ZsRmZPWE5hc0xXY184LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhI6wDAN
BgkqhkiG9w0BAQsFAAOCAQEADz1doFV1yVqQFv/oZfrf7M5K0NlX657T3iXiiawm
Rphmeqhx3SOlEWOL5BNndEL5Ry5PApMxADYjgIEnwREEFt5Br8e0PXD/KXaRhyRc
QeZqoGR9PrctVqvCr8HE343XsMoaHd8rK6U/gDqUDKuFDRFHR48UV2x55hke+m7s
9XpaGM4xr7+r5VCZOipUZf6BX+6YybHJzoexHeFUh5YLH+QVV5Stp8ruYzpPU3dw
L+Mtsq2wxYZ7ePNZwa4ZSHeAZxbhTn8k9j6HdP8CMTUG/j09l3sFFDWnQdT3Cxu3
gYfpRk0Zr+XB0cyj92gamhtTMW30bvBYQRob/zkZgVovPw==
-----END CERTIFICATE-----