Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/tZIBBzjXMVWIuGIw3S6GjqDGN4Q.roa
File:                     tZIBBzjXMVWIuGIw3S6GjqDGN4Q.roa (raw, json)
Hash identifier:          kHq6GJJOcSddEeJzSNRTAxX94MzxOVcVwx+OY8yk8gA=
Subject key identifier:   B5:92:01:07:38:D7:31:55:88:B8:62:30:DD:2E:86:8E:A0:C6:37:84
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01915B82C6C79C2410C2BFD132AA0A0C73B3
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/tZIBBzjXMVWIuGIw3S6GjqDGN4Q.roa
Signing time:             Fri 16 Aug 2024 14:06:22 +0000
ROA not before:           Fri 16 Aug 2024 14:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216157
IP address blocks:        2a12:3bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5b:82:c6:c7:9c:24:10:c2:bf:d1:32:aa:0a:0c:73:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Aug 16 14:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b592010738d7315588b86230dd2e868ea0c63784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0b:9a:aa:04:72:a8:9f:5f:2d:9d:46:43:69:
                    3b:62:8e:86:89:49:b8:2e:6b:36:68:59:09:7a:8a:
                    fb:af:f0:bb:c4:b7:04:c3:3d:63:6a:16:9f:6e:ac:
                    22:2d:a0:d6:16:f2:0f:78:cd:52:9c:42:1f:f8:c6:
                    7d:c0:00:3f:97:91:dc:de:58:bf:b0:4a:02:95:c2:
                    ed:ad:c4:f0:73:aa:d0:da:24:c8:d6:ae:86:4a:7e:
                    47:b6:9b:79:11:84:57:7b:a3:ff:96:ba:e2:aa:9f:
                    f5:49:6b:b2:fb:90:58:78:ce:6f:1b:30:b1:ec:9f:
                    6e:d9:24:d0:6d:94:c2:c6:eb:65:7c:ae:35:6a:af:
                    53:2c:42:14:22:b9:7d:9b:39:85:85:1d:4e:42:3d:
                    33:e0:2b:1b:cf:0b:63:a6:64:da:83:47:b8:af:80:
                    f4:ae:c1:76:7e:83:f8:13:f4:8e:b5:6e:0a:08:a7:
                    b5:75:23:ae:04:26:90:31:69:49:69:66:a8:61:49:
                    bc:9b:84:9d:48:0b:2d:31:2d:0f:81:5c:c5:b8:d7:
                    7d:af:4a:ef:6b:25:e1:db:4c:76:1b:98:d8:93:5f:
                    6b:43:0e:f9:4e:96:8e:48:87:8e:ed:16:a1:83:8a:
                    91:35:ac:3e:87:f0:e5:c2:75:4f:04:8f:f1:a3:60:
                    88:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:92:01:07:38:D7:31:55:88:B8:62:30:DD:2E:86:8E:A0:C6:37:84
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/tZIBBzjXMVWIuGIw3S6GjqDGN4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:b0:82:77:53:90:b5:03:41:3c:fd:b8:33:5b:07:dd:6f:ce:
         ac:84:d8:7a:bc:bb:7f:f2:92:e2:87:6c:45:c3:75:4d:33:8a:
         6d:d5:49:2f:8a:1c:5a:eb:8c:49:71:85:74:24:70:d1:be:aa:
         27:d1:d2:1d:10:b6:28:a4:f5:82:10:03:74:5c:16:2c:a8:b0:
         bd:10:fa:47:05:e3:9f:a1:1b:50:7b:94:87:77:da:3d:60:db:
         34:37:46:63:08:f0:7d:cb:63:5e:7a:06:4c:70:78:05:4f:7b:
         c4:2b:b2:b9:a6:73:55:2f:7c:a3:6c:36:c7:f4:05:92:47:6a:
         61:b7:f1:99:43:c3:00:74:31:c7:64:a6:69:bf:dc:b0:de:11:
         e1:38:7c:fb:46:b4:68:b1:ab:39:6b:ca:eb:43:7f:aa:d3:7b:
         0d:b7:ca:e7:ae:a2:7a:54:e5:57:58:25:df:14:1f:3c:b1:06:
         c6:30:8b:c2:9b:bd:64:ca:f6:a7:6f:6f:7e:16:bd:55:5e:5b:
         94:7a:e6:82:59:14:b1:ce:28:93:7d:a5:eb:cd:9e:b1:78:49:
         f1:23:85:36:61:b1:09:3a:25:3c:3a:e1:6d:6b:78:89:e9:0c:
         c4:10:80:fd:f6:9c:db:a0:79:66:fa:58:01:74:53:19:d5:75:
         f4:e5:bf:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZFbgsbHnCQQwr/RMqoKDHOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwODE2MTQwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTkyMDEwNzM4ZDczMTU1ODhiODYyMzBkZDJlODY4ZWEwYzYzNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQuaqgRyqJ9fLZ1GQ2k7Yo6GiUm4
Lms2aFkJeor7r/C7xLcEwz1jahafbqwiLaDWFvIPeM1SnEIf+MZ9wAA/l5Hc3li/
sEoClcLtrcTwc6rQ2iTI1q6GSn5Htpt5EYRXe6P/lrriqp/1SWuy+5BYeM5vGzCx
7J9u2STQbZTCxutlfK41aq9TLEIUIrl9mzmFhR1OQj0z4CsbzwtjpmTag0e4r4D0
rsF2foP4E/SOtW4KCKe1dSOuBCaQMWlJaWaoYUm8m4SdSAstMS0PgVzFuNd9r0rv
ayXh20x2G5jYk19rQw75TpaOSIeO7Rahg4qRNaw+h/DlwnVPBI/xo2CIHwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLWSAQc41zFViLhiMN0uho6gxjeEMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvdFpJQkJ6alhNVldJdUdJdzNTNkdqcURHTjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhI7wDAN
BgkqhkiG9w0BAQsFAAOCAQEAILCCd1OQtQNBPP24M1sH3W/OrITYery7f/KS4ods
RcN1TTOKbdVJL4ocWuuMSXGFdCRw0b6qJ9HSHRC2KKT1ghADdFwWLKiwvRD6RwXj
n6EbUHuUh3faPWDbNDdGYwjwfctjXnoGTHB4BU97xCuyuaZzVS98o2w2x/QFkkdq
YbfxmUPDAHQxx2Smab/csN4R4Th8+0a0aLGrOWvK60N/qtN7DbfK566ielTlV1gl
3xQfPLEGxjCLwpu9ZMr2p29vfha9VV5blHrmglkUsc4ok32l682esXhJ8SOFNmGx
CTolPDrhbWt4iekMxBCA/fac26B5ZvpYAXRTGdV19OW//Q==
-----END CERTIFICATE-----