Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/4-ZvpdMud3Dg_obO8-VqtmCxnxw.roa
File:                     4-ZvpdMud3Dg_obO8-VqtmCxnxw.roa (raw, json)
Hash identifier:          qi+QIMq9qeMVzV0kH+FZ/Hlceq+xM9aWM/CzT7FitXM=
Subject key identifier:   E3:E6:6F:A5:D3:2E:77:70:E0:FE:86:CE:F3:E5:6A:B6:60:B1:9F:1C
Certificate issuer:       /CN=b9e6c41a2b04fcd8f8e95718fa7d2e12cc44ac1f
Certificate serial:       018CC94E6448D43D22172FEA07F7A738D43E
Authority key identifier: B9:E6:C4:1A:2B:04:FC:D8:F8:E9:57:18:FA:7D:2E:12:CC:44:AC:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/4-ZvpdMud3Dg_obO8-VqtmCxnxw.roa
Signing time:             Tue 02 Jan 2024 08:33:26 +0000
ROA not before:           Tue 02 Jan 2024 08:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216063
IP address blocks:        2a12:de40:200::/40 maxlen: 40
                          2a12:de40:20::/48 maxlen: 48
                          2a12:de40:21::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:64:48:d4:3d:22:17:2f:ea:07:f7:a7:38:d4:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9e6c41a2b04fcd8f8e95718fa7d2e12cc44ac1f
        Validity
            Not Before: Jan  2 08:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3e66fa5d32e7770e0fe86cef3e56ab660b19f1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e1:7a:d1:f9:22:1a:1e:30:f1:53:68:53:fb:
                    b1:10:f6:0b:64:1c:8b:7a:fb:06:3c:73:22:cb:bb:
                    8e:2e:2a:34:8c:0a:ff:25:7b:c6:ed:1c:42:8e:7d:
                    9a:d4:25:73:55:f9:27:aa:a4:69:2f:a0:27:53:9a:
                    2d:ab:73:83:c7:a0:5f:e3:7a:f5:8d:54:66:ec:e3:
                    44:33:98:72:fb:9b:8c:83:5f:a6:99:b7:39:b1:33:
                    f5:0f:c1:9d:58:e4:24:21:ff:c2:b5:e9:5b:f6:ab:
                    f8:67:67:b9:6d:cc:c9:7b:d4:e4:13:0d:b4:d4:09:
                    b4:4e:63:87:5c:bd:de:82:27:4c:52:78:64:47:d5:
                    45:f1:31:95:45:6b:fc:cc:eb:e4:d6:b5:32:40:41:
                    5e:a7:75:39:f1:e1:63:4f:0b:df:55:e6:01:c9:2e:
                    15:a9:42:45:69:37:ad:48:9e:cd:af:ac:dc:72:cc:
                    a0:1b:07:de:f5:81:1f:ca:26:3f:35:52:a1:1e:f1:
                    b0:21:4f:90:0a:de:10:58:7c:96:2e:4d:0a:ee:4d:
                    8f:a8:17:97:17:3a:cb:10:cf:4a:7f:23:b7:2d:ef:
                    03:dc:15:b3:ab:84:0a:2f:82:00:7a:15:d5:19:0d:
                    66:41:10:e4:72:a1:b1:e7:d9:ba:80:80:f4:ce:4a:
                    14:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:E6:6F:A5:D3:2E:77:70:E0:FE:86:CE:F3:E5:6A:B6:60:B1:9F:1C
            X509v3 Authority Key Identifier:
                keyid:B9:E6:C4:1A:2B:04:FC:D8:F8:E9:57:18:FA:7D:2E:12:CC:44:AC:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/4-ZvpdMud3Dg_obO8-VqtmCxnxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:de40:20::/47
                  2a12:de40:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         3c:bb:b1:c2:c2:49:c9:3b:c1:4d:0e:1b:66:e0:89:76:bc:b8:
         72:0b:72:90:2b:1c:f3:aa:a2:04:4f:b9:6a:0d:6d:bf:a4:8d:
         20:62:6f:0c:32:2f:62:4e:97:82:a7:b1:a7:43:07:87:d0:1c:
         44:cd:b0:2a:76:01:f6:11:47:a9:d3:17:e7:14:b7:ab:ea:be:
         3b:39:3d:3d:13:16:4e:52:10:e5:24:a0:8b:db:3a:4e:07:bc:
         8f:f7:83:8e:5c:ed:d0:e8:27:1f:1f:99:3f:8c:36:42:9e:0d:
         02:76:d9:2f:8e:59:36:9f:af:09:b8:97:16:97:d8:ad:a0:d7:
         69:01:6c:d5:1e:14:bb:aa:e5:a7:61:3e:61:7f:21:a1:c4:fa:
         f7:9f:a2:10:94:54:95:2b:9c:52:3d:5b:23:0b:9b:0f:f1:c5:
         fc:c8:d5:80:40:e3:57:a3:32:e4:c8:ca:35:7b:a1:7e:a3:73:
         db:b1:65:0a:60:54:19:32:44:7a:50:85:48:9a:6d:8b:b5:8c:
         cb:5a:56:21:5d:b0:c5:64:2c:46:40:18:d8:26:a2:be:bc:74:
         dd:88:6d:33:1b:b1:ed:2f:17:6e:ef:ae:b2:76:54:68:7f:a7:
         40:02:c2:09:2e:25:60:4b:80:b5:0e:cd:10:86:c9:80:87:cc:
         6d:5e:ad:08
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzJTmRI1D0iFy/qB/enONQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZTZjNDFhMmIwNGZjZDhmOGU5NTcxOGZhN2QyZTEyY2M0
NGFjMWYwHhcNMjQwMTAyMDgzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2U2NmZhNWQzMmU3NzcwZTBmZTg2Y2VmM2U1NmFiNjYwYjE5ZjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+F60fkiGh4w8VNoU/uxEPYLZByL
evsGPHMiy7uOLio0jAr/JXvG7RxCjn2a1CVzVfknqqRpL6AnU5otq3ODx6Bf43r1
jVRm7ONEM5hy+5uMg1+mmbc5sTP1D8GdWOQkIf/Ctelb9qv4Z2e5bczJe9TkEw20
1Am0TmOHXL3egidMUnhkR9VF8TGVRWv8zOvk1rUyQEFep3U58eFjTwvfVeYByS4V
qUJFaTetSJ7Nr6zccsygGwfe9YEfyiY/NVKhHvGwIU+QCt4QWHyWLk0K7k2PqBeX
FzrLEM9KfyO3Le8D3BWzq4QKL4IAehXVGQ1mQRDkcqGx59m6gID0zkoUBwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFOPmb6XTLndw4P6GzvPlarZgsZ8cMB8GA1UdIwQY
MBaAFLnmxBorBPzY+OlXGPp9LhLMRKwfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWViRUdpc0VfTmo0NlZjWS1uMHVFc3hFckI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMjYxYmYtNmM2Yi00YjA3LWI1YWEt
YzA4YzA0NDZkNjEzLzEvNC1adnBkTXVkM0RnX29iTzgtVnF0bUN4bnh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMjYxYmYtNmM2Yi00YjA3LWI1YWEtYzA4YzA0NDZkNjEz
LzEvdWViRUdpc0VfTmo0NlZjWS1uMHVFc3hFckI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcBKhLeQAAg
AwYAKhLeQAIwDQYJKoZIhvcNAQELBQADggEBADy7scLCSck7wU0OG2bgiXa8uHIL
cpArHPOqogRPuWoNbb+kjSBibwwyL2JOl4KnsadDB4fQHETNsCp2AfYRR6nTF+cU
t6vqvjs5PT0TFk5SEOUkoIvbOk4HvI/3g45c7dDoJx8fmT+MNkKeDQJ22S+OWTaf
rwm4lxaX2K2g12kBbNUeFLuq5adhPmF/IaHE+vefohCUVJUrnFI9WyMLmw/xxfzI
1YBA41ejMuTIyjV7oX6jc9uxZQpgVBkyRHpQhUiabYu1jMtaViFdsMVkLEZAGNgm
or68dN2IbTMbse0vF27vrrJ2VGh/p0ACwgkuJWBLgLUOzRCGyYCHzG1erQg=
-----END CERTIFICATE-----