Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/btMy49lJNYsMryTYYAcG1e0uCsA.roa
File:                     btMy49lJNYsMryTYYAcG1e0uCsA.roa (raw, json)
Hash identifier:          4XWcuZr/3dB8Jgy0jZtQBBsOp1/cTyA7YqHENNCOJPQ=
Subject key identifier:   6E:D3:32:E3:D9:49:35:8B:0C:AF:24:D8:60:07:06:D5:ED:2E:0A:C0
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       018F15BE21A776E7323F679EC35887736FC5
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/btMy49lJNYsMryTYYAcG1e0uCsA.roa
Signing time:             Thu 25 Apr 2024 14:52:12 +0000
ROA not before:           Thu 25 Apr 2024 14:52:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47890
IP address blocks:        2a0e:5bc0::/29 maxlen: 29
                          2a0e:a800::/29 maxlen: 29
                          2a0f:780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:be:21:a7:76:e7:32:3f:67:9e:c3:58:87:73:6f:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Apr 25 14:52:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ed332e3d949358b0caf24d8600706d5ed2e0ac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1c:9e:95:fc:b0:9b:72:62:a5:cc:2e:0e:38:
                    a8:df:ca:ba:99:a3:f7:a7:a4:94:b1:7b:60:ae:b6:
                    f3:85:59:6c:bd:b2:fd:68:ef:f5:b5:fd:80:da:0f:
                    fb:23:6d:c4:de:1d:70:6d:a1:a6:71:7a:95:c7:57:
                    63:60:39:12:1d:40:15:88:7a:09:e0:8d:5d:43:0d:
                    0c:92:e5:ef:1e:2e:5f:6a:14:ff:23:18:0f:64:b0:
                    bf:a1:73:a9:aa:42:51:7f:0f:92:10:8e:7e:c1:92:
                    ca:67:cf:8b:ac:94:04:d5:43:36:07:a3:c4:7a:50:
                    10:4b:39:aa:ce:57:04:5a:69:3b:69:03:a2:4b:5f:
                    c3:3e:a7:6f:fb:80:c4:cc:b6:ba:20:aa:88:1e:1f:
                    04:b6:de:54:8e:2a:ad:d8:29:81:34:07:b6:57:1d:
                    6a:6f:18:35:bb:bc:6e:cd:24:2a:92:67:e0:13:57:
                    90:90:75:1d:46:15:ed:c7:21:a0:b9:20:84:18:a0:
                    d2:f0:67:94:3d:49:05:da:24:bc:b8:b5:ec:52:56:
                    d2:8b:8b:4f:66:35:d1:90:c4:4b:b7:c4:04:4d:f4:
                    e0:ed:d5:6b:55:8a:62:6a:59:ae:54:98:ec:a0:8b:
                    5d:d6:a9:5d:e6:da:91:f8:59:28:3c:db:62:2e:5c:
                    b0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D3:32:E3:D9:49:35:8B:0C:AF:24:D8:60:07:06:D5:ED:2E:0A:C0
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/btMy49lJNYsMryTYYAcG1e0uCsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5bc0::/29
                  2a0e:a800::/29
                  2a0f:780::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:05:41:a3:d2:bf:cc:ea:25:0f:91:ab:39:e5:2f:0b:6b:11:
         e9:b8:d3:89:32:dc:82:86:9b:85:ba:35:64:18:8a:67:3b:48:
         35:43:47:c4:20:49:b4:63:e2:33:27:c1:dc:06:49:47:76:79:
         42:38:2b:63:96:c7:64:74:9f:cd:a3:cf:fb:f8:36:74:ef:3a:
         0f:b9:6b:76:e2:12:a7:12:8c:b1:cc:ea:03:2c:c8:d1:01:41:
         1a:52:7a:74:18:44:92:1e:48:91:b9:9e:69:f2:41:8d:33:6f:
         ed:70:fa:5e:7f:47:15:50:6d:28:11:94:77:69:88:62:47:b0:
         86:f6:91:4b:02:81:34:94:00:89:7f:60:5d:3d:45:90:87:8b:
         66:b6:05:0f:b7:c2:f8:e5:e4:2c:77:06:3a:5f:89:26:1e:f0:
         88:5f:ef:b9:b0:53:f4:f5:95:40:1b:ba:99:30:a5:30:ac:b4:
         f4:da:36:bb:1d:ec:78:b6:38:1b:4c:92:f2:8f:8d:4a:c0:e1:
         e8:6d:19:27:c0:df:de:c8:87:06:dd:8b:dd:a7:76:ad:7a:23:
         89:e9:48:1a:36:b7:da:8f:58:55:91:de:ee:07:08:3d:7d:05:
         0f:2b:a0:b7:b5:02:71:04:af:1a:aa:bf:23:56:d8:1f:21:99:
         fd:28:de:5f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8VviGnducyP2eew1iHc2/FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjQwNDI1MTQ1MjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWQzMzJlM2Q5NDkzNThiMGNhZjI0ZDg2MDA3MDZkNWVkMmUwYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzByelfywm3JipcwuDjio38q6maP3
p6SUsXtgrrbzhVlsvbL9aO/1tf2A2g/7I23E3h1wbaGmcXqVx1djYDkSHUAViHoJ
4I1dQw0MkuXvHi5fahT/IxgPZLC/oXOpqkJRfw+SEI5+wZLKZ8+LrJQE1UM2B6PE
elAQSzmqzlcEWmk7aQOiS1/DPqdv+4DEzLa6IKqIHh8Ett5Ujiqt2CmBNAe2Vx1q
bxg1u7xuzSQqkmfgE1eQkHUdRhXtxyGguSCEGKDS8GeUPUkF2iS8uLXsUlbSi4tP
ZjXRkMRLt8QETfTg7dVrVYpialmuVJjsoItd1qld5tqR+FkoPNtiLlywGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG7TMuPZSTWLDK8k2GAHBtXtLgrAMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvYnRNeTQ5bEpOWXNNcnlUWVlBY0cxZTB1Q3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg5bwAMF
AyoOqAADBQMqDweAMA0GCSqGSIb3DQEBCwUAA4IBAQCSBUGj0r/M6iUPkas55S8L
axHpuNOJMtyChpuFujVkGIpnO0g1Q0fEIEm0Y+IzJ8HcBklHdnlCOCtjlsdkdJ/N
o8/7+DZ07zoPuWt24hKnEoyxzOoDLMjRAUEaUnp0GESSHkiRuZ5p8kGNM2/tcPpe
f0cVUG0oEZR3aYhiR7CG9pFLAoE0lACJf2BdPUWQh4tmtgUPt8L45eQsdwY6X4km
HvCIX++5sFP09ZVAG7qZMKUwrLT02ja7Hex4tjgbTJLyj41KwOHobRknwN/eyIcG
3Yvdp3ateiOJ6UgaNrfaj1hVkd7uBwg9fQUPK6C3tQJxBK8aqr8jVtgfIZn9KN5f
-----END CERTIFICATE-----