Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/85mzYBJoZP5FXmqUomSPcAwcsfA.roa
File:                     85mzYBJoZP5FXmqUomSPcAwcsfA.roa (raw, json)
Hash identifier:          cc4fK5XMMAc7egmyETfO9mfYfe6c7+oggNagvTEhgGE=
Subject key identifier:   F3:99:B3:60:12:68:64:FE:45:5E:6A:94:A2:64:8F:70:0C:1C:B1:F0
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       01916C8A833AA7FEC6A5202ADE79F4B4458A
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/85mzYBJoZP5FXmqUomSPcAwcsfA.roa
Signing time:             Mon 19 Aug 2024 21:28:22 +0000
ROA not before:           Mon 19 Aug 2024 21:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30788
IP address blocks:        2a12:4240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Sep 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6c:8a:83:3a:a7:fe:c6:a5:20:2a:de:79:f4:b4:45:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Aug 19 21:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f399b360126864fe455e6a94a2648f700c1cb1f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:30:34:c2:a3:8a:77:b9:a9:09:8b:6d:5c:d6:
                    bc:8f:39:8b:65:de:5a:4d:19:eb:5b:8b:62:6f:84:
                    b7:52:90:e6:66:9a:bf:0f:1e:76:24:79:77:ef:b4:
                    5c:29:73:51:1d:2b:a8:97:3b:34:4a:f2:d9:fc:f8:
                    c8:3f:15:0b:ad:3f:0c:e7:49:52:4e:01:8d:95:66:
                    ec:fb:96:a1:14:07:4c:ad:3b:8f:11:40:1f:49:00:
                    61:78:9a:b7:d8:1b:66:d8:dd:51:6e:20:40:60:92:
                    40:05:58:06:71:a5:62:bc:22:69:4d:00:98:ae:cc:
                    d2:dd:d0:74:ab:54:22:39:ab:b1:c8:13:94:3c:f8:
                    2a:9f:d1:d6:7f:1e:23:84:fa:eb:62:b9:04:2d:04:
                    f8:3f:12:7f:30:b2:5c:23:e2:98:98:05:f4:9e:d0:
                    52:5e:22:4f:26:10:ce:b7:66:82:cd:9a:d9:9f:82:
                    87:85:ab:91:ca:0c:fa:f5:5e:1b:e6:ba:03:fb:33:
                    ed:02:a8:30:8e:78:b3:d3:a6:25:a1:90:04:1d:cf:
                    9e:21:4a:bf:42:9b:00:a5:e2:38:9c:c9:3b:bf:cf:
                    e7:92:de:70:e1:5c:21:64:88:fa:16:54:5e:e5:e9:
                    f9:3d:2d:49:a8:39:55:7c:e0:5e:59:78:55:c5:63:
                    f9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:99:B3:60:12:68:64:FE:45:5E:6A:94:A2:64:8F:70:0C:1C:B1:F0
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/85mzYBJoZP5FXmqUomSPcAwcsfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4240::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:1e:5d:41:05:6d:54:1a:ba:1d:e2:ec:69:5e:a9:26:8b:cb:
         08:ed:7f:13:e3:ca:de:c1:91:5e:0b:23:d7:6b:91:59:32:b1:
         61:11:0b:ef:c1:41:b0:2b:17:69:6c:c8:96:c0:d1:88:74:05:
         40:98:be:cd:71:f1:82:ac:68:29:72:d0:aa:fb:04:aa:f6:d2:
         cc:97:07:af:da:60:aa:af:38:0a:c8:b1:55:b1:8d:9c:e4:9d:
         5d:8d:a0:b9:b8:9b:5c:8b:a0:db:b2:5d:7b:2f:64:60:a5:f2:
         57:43:72:ac:7c:3f:d7:0d:08:11:0f:d9:41:f8:ad:08:cd:48:
         7f:24:ce:ab:6e:3c:6b:bd:f1:d1:be:10:b0:c1:c7:f7:8e:8e:
         bf:80:ce:d5:80:76:33:1d:8e:6c:d4:bf:d8:82:a5:e6:68:b4:
         ea:4f:d5:b5:24:56:bc:fe:7f:db:9d:8b:45:fe:f3:f8:d3:fe:
         17:f3:78:2f:03:99:bc:38:6d:6c:da:a1:38:6d:11:c1:15:e1:
         ac:5e:df:72:2c:ef:17:d3:60:1a:9d:17:68:ab:ae:d9:74:fa:
         5b:ec:26:59:fe:2f:2d:b7:ee:e5:1b:bd:99:29:02:2a:ae:7c:
         f9:1a:6a:8c:e2:9d:e1:4a:f2:8c:e6:33:49:3f:12:21:b6:32:
         37:96:fb:cd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZFsioM6p/7GpSAq3nn0tEWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjQwODE5MjEyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzk5YjM2MDEyNjg2NGZlNDU1ZTZhOTRhMjY0OGY3MDBjMWNiMWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTA0wqOKd7mpCYttXNa8jzmLZd5a
TRnrW4tib4S3UpDmZpq/Dx52JHl377RcKXNRHSuolzs0SvLZ/PjIPxULrT8M50lS
TgGNlWbs+5ahFAdMrTuPEUAfSQBheJq32Btm2N1RbiBAYJJABVgGcaVivCJpTQCY
rszS3dB0q1QiOauxyBOUPPgqn9HWfx4jhPrrYrkELQT4PxJ/MLJcI+KYmAX0ntBS
XiJPJhDOt2aCzZrZn4KHhauRygz69V4b5roD+zPtAqgwjniz06YloZAEHc+eIUq/
QpsApeI4nMk7v8/nkt5w4VwhZIj6FlRe5en5PS1JqDlVfOBeWXhVxWP5pQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPOZs2ASaGT+RV5qlKJkj3AMHLHwMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvODVtellCSm9aUDVGWG1xVW9tU1BjQXdjc2ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhJCQDAN
BgkqhkiG9w0BAQsFAAOCAQEAQR5dQQVtVBq6HeLsaV6pJovLCO1/E+PK3sGRXgsj
12uRWTKxYREL78FBsCsXaWzIlsDRiHQFQJi+zXHxgqxoKXLQqvsEqvbSzJcHr9pg
qq84CsixVbGNnOSdXY2gubibXIug27Jdey9kYKXyV0NyrHw/1w0IEQ/ZQfitCM1I
fyTOq248a73x0b4QsMHH946Ov4DO1YB2Mx2ObNS/2IKl5mi06k/VtSRWvP5/252L
Rf7z+NP+F/N4LwOZvDhtbNqhOG0RwRXhrF7fcizvF9NgGp0XaKuu2XT6W+wmWf4v
Lbfu5Ru9mSkCKq58+RpqjOKd4UryjOYzST8SIbYyN5b7zQ==
-----END CERTIFICATE-----