Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/96dff3-abe5-48fb-aa25-526e7f6d7f5b/1/d5-jIPDrjOn-S8aU_3R2Z5uKPPY.roa
File:                     d5-jIPDrjOn-S8aU_3R2Z5uKPPY.roa (raw, json)
Hash identifier:          LFMT3LRBjdI0ciufayhxPE+mgH0YFv80uykJaEfcWRw=
Subject key identifier:   77:9F:A3:20:F0:EB:8C:E9:FE:4B:C6:94:FF:74:76:67:9B:8A:3C:F6
Certificate issuer:       /CN=061474cecdf5f503adab60fc55ee7f78a0dba9f2
Certificate serial:       018F06C6951DFF9704DAD85085EF2900C04A
Authority key identifier: 06:14:74:CE:CD:F5:F5:03:AD:AB:60:FC:55:EE:7F:78:A0:DB:A9:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BhR0zs319QOtq2D8Ve5_eKDbqfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/96dff3-abe5-48fb-aa25-526e7f6d7f5b/1/d5-jIPDrjOn-S8aU_3R2Z5uKPPY.roa
Signing time:             Mon 22 Apr 2024 17:07:08 +0000
ROA not before:           Mon 22 Apr 2024 17:07:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208925
IP address blocks:        2a12:d340::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/96dff3-abe5-48fb-aa25-526e7f6d7f5b/1/BhR0zs319QOtq2D8Ve5_eKDbqfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/96dff3-abe5-48fb-aa25-526e7f6d7f5b/1/BhR0zs319QOtq2D8Ve5_eKDbqfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BhR0zs319QOtq2D8Ve5_eKDbqfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 20:47:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:c6:95:1d:ff:97:04:da:d8:50:85:ef:29:00:c0:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=061474cecdf5f503adab60fc55ee7f78a0dba9f2
        Validity
            Not Before: Apr 22 17:07:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=779fa320f0eb8ce9fe4bc694ff7476679b8a3cf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bf:d7:c5:20:c3:7d:a7:48:6b:32:29:91:96:
                    07:d5:6e:69:f2:73:c0:25:69:db:94:ad:35:47:a0:
                    6a:97:14:a7:b8:8b:ac:07:52:9e:78:2c:e7:ee:16:
                    1c:2c:9e:f2:5f:75:db:b2:a8:b8:72:ff:98:57:4d:
                    58:bc:b7:ad:c0:18:cf:f5:8a:8a:5e:ce:52:d1:72:
                    55:a6:54:2e:18:25:61:37:c7:c1:6c:b9:cf:d9:ab:
                    22:82:36:61:1c:e5:9f:29:14:15:eb:6d:2e:30:32:
                    ac:63:1f:eb:d4:06:f6:ec:96:53:e4:5c:f2:4d:fc:
                    52:43:a6:9d:90:ca:34:80:b9:76:29:ed:81:ab:41:
                    29:5e:ed:81:76:bd:bc:72:66:8a:75:75:da:77:5e:
                    c6:f0:5d:87:b5:58:9b:98:16:a1:11:ee:6d:e7:05:
                    2e:03:ca:f6:7c:53:a2:25:9f:34:39:19:7f:72:7d:
                    30:c6:12:be:0d:1f:fd:49:92:09:83:a3:19:80:46:
                    34:17:ea:5b:18:df:fb:8e:65:70:e1:ad:1b:47:df:
                    96:2b:be:6b:dd:33:08:4a:69:dd:80:0f:1d:62:c6:
                    7b:05:77:0e:1e:10:f8:63:38:06:e2:bb:f1:76:65:
                    cd:90:c8:0f:89:94:d9:06:77:9d:04:7d:b1:87:b2:
                    97:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:9F:A3:20:F0:EB:8C:E9:FE:4B:C6:94:FF:74:76:67:9B:8A:3C:F6
            X509v3 Authority Key Identifier:
                keyid:06:14:74:CE:CD:F5:F5:03:AD:AB:60:FC:55:EE:7F:78:A0:DB:A9:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BhR0zs319QOtq2D8Ve5_eKDbqfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/96dff3-abe5-48fb-aa25-526e7f6d7f5b/1/d5-jIPDrjOn-S8aU_3R2Z5uKPPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/96dff3-abe5-48fb-aa25-526e7f6d7f5b/1/BhR0zs319QOtq2D8Ve5_eKDbqfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:d340::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:25:db:0c:71:58:71:2b:fe:4c:24:2e:40:c7:f7:32:c0:4a:
         ae:f8:fe:bb:6f:f1:57:df:a9:04:e9:d9:00:d6:4e:bc:9f:4e:
         74:88:e8:d7:86:10:03:54:83:0d:9e:9d:2f:44:16:c1:35:c9:
         62:7c:39:8a:ba:0e:23:aa:ed:41:c5:77:4a:02:e8:93:50:6d:
         34:23:44:3e:1c:39:c2:57:7d:f2:ae:b5:8d:85:05:55:aa:95:
         67:d6:13:07:87:a7:18:da:ed:34:6e:5d:9e:f0:12:87:47:6e:
         77:d6:0e:3b:62:81:d0:22:39:b4:9a:49:e7:b6:ce:f4:6b:7d:
         f9:08:06:38:93:55:de:3e:1c:4c:03:16:2d:fe:a0:00:af:c8:
         58:77:ec:ba:9a:ed:31:3d:2a:ae:05:bd:82:42:d5:0f:62:94:
         f4:17:62:07:e1:a4:d7:24:83:6d:d9:83:e0:02:4f:91:23:6d:
         7b:ae:8a:75:ba:02:d6:f5:9f:ba:31:97:bb:b6:4d:b1:2c:47:
         ac:52:5a:66:09:e7:9d:59:2f:a4:2c:c6:f9:1b:14:44:bd:2f:
         dd:61:33:4f:18:e2:19:14:da:0b:7a:55:c6:1f:e9:b4:eb:c1:
         b2:f0:c9:02:66:67:21:d5:24:7f:5f:f2:c7:7b:d9:a3:f2:33:
         d0:7d:c4:b2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8GxpUd/5cE2thQhe8pAMBKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MTQ3NGNlY2RmNWY1MDNhZGFiNjBmYzU1ZWU3Zjc4YTBk
YmE5ZjIwHhcNMjQwNDIyMTcwNzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzlmYTMyMGYwZWI4Y2U5ZmU0YmM2OTRmZjc0NzY2NzliOGEzY2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7/XxSDDfadIazIpkZYH1W5p8nPA
JWnblK01R6BqlxSnuIusB1KeeCzn7hYcLJ7yX3Xbsqi4cv+YV01YvLetwBjP9YqK
Xs5S0XJVplQuGCVhN8fBbLnP2asigjZhHOWfKRQV620uMDKsYx/r1Ab27JZT5Fzy
TfxSQ6adkMo0gLl2Ke2Bq0EpXu2Bdr28cmaKdXXad17G8F2HtVibmBahEe5t5wUu
A8r2fFOiJZ80ORl/cn0wxhK+DR/9SZIJg6MZgEY0F+pbGN/7jmVw4a0bR9+WK75r
3TMISmndgA8dYsZ7BXcOHhD4YzgG4rvxdmXNkMgPiZTZBnedBH2xh7KXtQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHefoyDw64zp/kvGlP90dmebijz2MB8GA1UdIwQY
MBaAFAYUdM7N9fUDratg/FXuf3ig26nyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmhSMHpzMzE5UU90cTJEOFZlNV9lS0RicWZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi85NmRmZjMtYWJlNS00OGZiLWFhMjUt
NTI2ZTdmNmQ3ZjViLzEvZDUtaklQRHJqT24tUzhhVV8zUjJaNXVLUFBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi85NmRmZjMtYWJlNS00OGZiLWFhMjUtNTI2ZTdmNmQ3ZjVi
LzEvQmhSMHpzMzE5UU90cTJEOFZlNV9lS0RicWZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLTQDAN
BgkqhkiG9w0BAQsFAAOCAQEASiXbDHFYcSv+TCQuQMf3MsBKrvj+u2/xV9+pBOnZ
ANZOvJ9OdIjo14YQA1SDDZ6dL0QWwTXJYnw5iroOI6rtQcV3SgLok1BtNCNEPhw5
wld98q61jYUFVaqVZ9YTB4enGNrtNG5dnvASh0dud9YOO2KB0CI5tJpJ57bO9Gt9
+QgGOJNV3j4cTAMWLf6gAK/IWHfsuprtMT0qrgW9gkLVD2KU9BdiB+Gk1ySDbdmD
4AJPkSNte66KdboC1vWfujGXu7ZNsSxHrFJaZgnnnVkvpCzG+RsURL0v3WEzTxji
GRTaC3pVxh/ptOvBsvDJAmZnIdUkf1/yx3vZo/Iz0H3Esg==
-----END CERTIFICATE-----