Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Am8JOUS_pv4aGyonpJm3aY43kFA.roa
File:                     Am8JOUS_pv4aGyonpJm3aY43kFA.roa (raw, json)
Hash identifier:          hel/WsPbSFwbb5JTEfjY35Y4+JW18MVGcJtVTdlc80w=
Subject key identifier:   02:6F:09:39:44:BF:A6:FE:1A:1B:2A:27:A4:99:B7:69:8E:37:90:50
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       0194266AD88A02365F437BD9B29F2362B999
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Am8JOUS_pv4aGyonpJm3aY43kFA.roa
Signing time:             Thu 02 Jan 2025 09:48:43 +0000
ROA not before:           Thu 02 Jan 2025 09:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205884
IP address blocks:        2a12:500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:d8:8a:02:36:5f:43:7b:d9:b2:9f:23:62:b9:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Jan  2 09:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=026f093944bfa6fe1a1b2a27a499b7698e379050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b4:d0:f4:e8:98:97:74:fa:ac:64:0e:72:c3:
                    16:21:60:77:87:cb:ad:dc:72:e6:0e:bd:2d:2b:aa:
                    41:07:96:9d:e8:76:81:94:b2:2b:26:b5:a2:35:da:
                    58:f4:7b:f8:d5:71:a3:ce:b4:d8:69:62:0f:a8:1a:
                    53:9d:82:b3:5c:a1:73:ad:c9:a4:e7:15:ca:0e:25:
                    36:07:5e:ef:aa:a0:d7:bb:7b:a8:4c:2a:49:40:37:
                    ef:6c:53:58:30:29:c0:e2:a2:cb:4a:65:9a:01:ca:
                    c0:4c:ec:fd:7e:9c:fa:cd:db:74:e5:8d:be:36:fc:
                    a8:f9:fe:57:ae:b2:b4:e9:fb:e5:6e:6a:25:0b:77:
                    5f:9d:f6:d4:7b:6e:19:07:99:43:6d:96:dd:6e:cb:
                    ff:cd:bb:8e:6f:20:2f:6b:36:4c:c1:f4:80:3e:96:
                    ef:f8:1f:65:ad:2c:94:1c:d8:4e:be:aa:25:f9:2a:
                    5f:5a:22:4f:0e:b8:69:7c:5a:a9:10:1f:9d:fb:a4:
                    1a:53:c5:96:8a:0f:80:1b:0c:d3:e9:ae:ae:2e:de:
                    b7:48:fe:9c:8a:3d:16:48:bf:3e:1d:7f:75:9a:a5:
                    b3:1a:e6:c7:d2:8a:9c:c9:1b:0d:83:a4:7f:ae:20:
                    67:be:58:16:e5:c6:3b:9d:38:ac:b5:2e:b8:d1:e1:
                    e0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:6F:09:39:44:BF:A6:FE:1A:1B:2A:27:A4:99:B7:69:8E:37:90:50
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Am8JOUS_pv4aGyonpJm3aY43kFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:500::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:0a:97:95:bc:8d:62:03:08:22:72:b6:7b:36:9f:29:d5:61:
         a5:5f:fe:57:49:5e:08:b1:67:d2:62:a1:8d:87:d5:2c:9c:79:
         bf:e2:49:3b:c3:87:15:5d:cb:55:ac:d6:2e:f2:7d:4b:f3:10:
         9e:6e:70:37:82:3e:06:5f:e8:fa:f5:42:84:83:3a:5e:69:47:
         43:c8:0c:52:7d:85:e4:35:e7:80:66:c8:b3:62:df:9d:c9:0b:
         ab:ea:43:87:e4:51:2f:91:ca:98:fd:af:e0:9a:47:11:62:5a:
         a4:26:6b:e8:63:64:5c:5c:d0:6e:62:d9:6c:29:ef:be:72:79:
         8f:bc:7e:34:0e:dd:bf:90:a5:b0:97:01:f4:df:2c:56:85:e9:
         0f:b8:ea:d7:d2:6e:95:35:50:cb:3b:ec:4b:ad:31:ab:a4:d3:
         0b:06:9c:e3:ce:d3:9a:11:76:d0:53:d4:44:98:7d:52:21:7a:
         09:c2:e8:bf:05:12:66:31:46:59:57:38:ee:f2:71:7a:79:bd:
         e6:0c:11:19:7d:6a:c4:29:e7:1d:11:30:74:69:eb:1e:26:24:
         2d:22:d6:42:49:67:39:14:fe:11:90:1d:c4:d5:5c:a0:3e:9a:
         f9:28:52:6c:f3:b8:0b:b3:69:81:e8:ce:cc:29:bc:89:59:95:
         b2:2c:ca:4c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQmatiKAjZfQ3vZsp8jYrmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjUwMTAyMDk0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjZmMDkzOTQ0YmZhNmZlMWExYjJhMjdhNDk5Yjc2OThlMzc5MDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrTQ9OiYl3T6rGQOcsMWIWB3h8ut
3HLmDr0tK6pBB5ad6HaBlLIrJrWiNdpY9Hv41XGjzrTYaWIPqBpTnYKzXKFzrcmk
5xXKDiU2B17vqqDXu3uoTCpJQDfvbFNYMCnA4qLLSmWaAcrATOz9fpz6zdt05Y2+
Nvyo+f5XrrK06fvlbmolC3dfnfbUe24ZB5lDbZbdbsv/zbuObyAvazZMwfSAPpbv
+B9lrSyUHNhOvqol+SpfWiJPDrhpfFqpEB+d+6QaU8WWig+AGwzT6a6uLt63SP6c
ij0WSL8+HX91mqWzGubH0oqcyRsNg6R/riBnvlgW5cY7nTistS640eHgUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAJvCTlEv6b+GhsqJ6SZt2mON5BQMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvQW04Sk9VU19wdjRhR3lvbnBKbTNhWTQza0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhIFADAN
BgkqhkiG9w0BAQsFAAOCAQEAHQqXlbyNYgMIInK2ezafKdVhpV/+V0leCLFn0mKh
jYfVLJx5v+JJO8OHFV3LVazWLvJ9S/MQnm5wN4I+Bl/o+vVChIM6XmlHQ8gMUn2F
5DXngGbIs2LfnckLq+pDh+RRL5HKmP2v4JpHEWJapCZr6GNkXFzQbmLZbCnvvnJ5
j7x+NA7dv5ClsJcB9N8sVoXpD7jq19JulTVQyzvsS60xq6TTCwac487TmhF20FPU
RJh9UiF6CcLovwUSZjFGWVc47vJxenm95gwRGX1qxCnnHREwdGnrHiYkLSLWQkln
ORT+EZAdxNVcoD6a+ShSbPO4C7NpgejOzCm8iVmVsizKTA==
-----END CERTIFICATE-----