Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/CFTCt0SuH-oNzUTwxWh1MNNV3xI.roa
File:                     CFTCt0SuH-oNzUTwxWh1MNNV3xI.roa (raw, json)
Hash identifier:          vdFTAWFfGaYtGiX8Eckbt7svjqOcOaNwPbrJuduxBAo=
Subject key identifier:   08:54:C2:B7:44:AE:1F:EA:0D:CD:44:F0:C5:68:75:30:D3:55:DF:12
Certificate issuer:       /CN=b9e6c41a2b04fcd8f8e95718fa7d2e12cc44ac1f
Certificate serial:       01941F8C1A55CAF5D35B16506345068F74EE
Authority key identifier: B9:E6:C4:1A:2B:04:FC:D8:F8:E9:57:18:FA:7D:2E:12:CC:44:AC:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/CFTCt0SuH-oNzUTwxWh1MNNV3xI.roa
Signing time:             Wed 01 Jan 2025 01:47:42 +0000
ROA not before:           Wed 01 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214928
IP address blocks:        2a12:de40:300::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:1a:55:ca:f5:d3:5b:16:50:63:45:06:8f:74:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9e6c41a2b04fcd8f8e95718fa7d2e12cc44ac1f
        Validity
            Not Before: Jan  1 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0854c2b744ae1fea0dcd44f0c5687530d355df12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:7e:73:dd:1e:27:7f:86:ea:54:c2:8f:8b:a3:
                    d1:62:b8:fa:99:b1:9a:19:d1:50:bb:24:8f:72:fe:
                    75:13:f2:42:ce:04:4d:6b:3e:aa:16:36:b5:3a:87:
                    ad:23:3e:5b:d1:49:2f:20:e7:61:44:5b:00:14:95:
                    bc:ca:7c:0f:76:31:5e:f3:77:b4:75:a2:2a:a0:f0:
                    24:c5:96:49:2d:6d:c9:3e:73:4a:73:ae:ca:1b:7c:
                    2f:ac:b9:b3:3a:a8:5f:e1:60:23:a0:03:5a:75:28:
                    06:46:5d:5b:03:08:99:f9:0d:d7:22:c3:a5:19:d6:
                    49:b5:64:02:f1:2c:94:7d:55:21:ed:cc:43:19:4e:
                    11:b2:ba:40:a5:7b:fe:9f:48:60:de:5f:df:f0:7f:
                    4a:e1:b8:85:de:b6:66:c2:64:7e:4e:9b:08:26:6b:
                    71:ce:d5:b7:68:c5:92:6d:b5:97:71:3b:86:d3:96:
                    96:ec:6d:71:34:d7:69:f2:0f:5b:db:46:cb:17:76:
                    65:6c:f2:27:28:61:25:65:44:73:82:56:71:e9:35:
                    80:ee:a7:8c:83:65:b0:94:1c:30:24:f6:d5:25:24:
                    ca:93:f2:fb:25:26:bb:7d:55:9d:ff:15:45:48:82:
                    37:62:82:93:fb:c3:c8:58:5c:d4:b4:de:26:19:7e:
                    5b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:54:C2:B7:44:AE:1F:EA:0D:CD:44:F0:C5:68:75:30:D3:55:DF:12
            X509v3 Authority Key Identifier:
                keyid:B9:E6:C4:1A:2B:04:FC:D8:F8:E9:57:18:FA:7D:2E:12:CC:44:AC:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/CFTCt0SuH-oNzUTwxWh1MNNV3xI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:de40:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         5d:b6:01:85:e5:70:ef:40:69:f8:0f:f9:ca:47:a0:2b:0d:47:
         1e:54:7d:4c:88:da:bc:ee:d9:1d:a6:4a:b9:69:54:cf:af:b2:
         33:ce:69:9a:0b:5d:20:10:6b:72:c9:9b:41:6a:f8:98:1c:a2:
         36:60:23:a0:65:db:6d:a5:70:1a:3a:a5:a1:2f:09:0e:9b:69:
         dd:13:01:c4:99:80:24:c6:56:5a:25:d3:96:52:c4:87:3c:f0:
         1a:7a:2a:f0:1b:7a:21:5b:d3:cb:36:01:3b:da:67:0a:1c:99:
         6c:e6:b1:e6:15:20:86:47:4e:e9:f6:6f:6d:fa:64:16:f6:02:
         49:a2:ed:61:e7:51:90:5c:11:5f:a4:6b:ff:8a:1e:3e:a3:68:
         8d:0b:91:32:de:f5:ed:e4:56:a8:23:d2:4d:63:3f:77:27:a0:
         42:9d:3a:7a:d4:6b:ce:6e:8b:93:62:17:c0:43:58:93:16:e2:
         45:f1:ce:02:20:c4:49:19:ba:67:8f:44:eb:aa:ab:da:b2:35:
         90:ef:a0:4f:27:c1:4f:4d:07:30:41:a5:89:b9:7c:b9:1e:1c:
         27:a0:99:4b:60:a4:ba:eb:73:c3:ce:ee:be:2e:89:69:44:b7:
         30:8a:15:00:4a:74:df:e4:79:45:b8:a0:db:51:48:ff:a2:d2:
         a2:d3:d3:40
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQfjBpVyvXTWxZQY0UGj3TuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZTZjNDFhMmIwNGZjZDhmOGU5NTcxOGZhN2QyZTEyY2M0
NGFjMWYwHhcNMjUwMTAxMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODU0YzJiNzQ0YWUxZmVhMGRjZDQ0ZjBjNTY4NzUzMGQzNTVkZjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6H5z3R4nf4bqVMKPi6PRYrj6mbGa
GdFQuySPcv51E/JCzgRNaz6qFja1OoetIz5b0UkvIOdhRFsAFJW8ynwPdjFe83e0
daIqoPAkxZZJLW3JPnNKc67KG3wvrLmzOqhf4WAjoANadSgGRl1bAwiZ+Q3XIsOl
GdZJtWQC8SyUfVUh7cxDGU4RsrpApXv+n0hg3l/f8H9K4biF3rZmwmR+TpsIJmtx
ztW3aMWSbbWXcTuG05aW7G1xNNdp8g9b20bLF3ZlbPInKGElZURzglZx6TWA7qeM
g2WwlBwwJPbVJSTKk/L7JSa7fVWd/xVFSII3YoKT+8PIWFzUtN4mGX5bZwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAhUwrdErh/qDc1E8MVodTDTVd8SMB8GA1UdIwQY
MBaAFLnmxBorBPzY+OlXGPp9LhLMRKwfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWViRUdpc0VfTmo0NlZjWS1uMHVFc3hFckI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMjYxYmYtNmM2Yi00YjA3LWI1YWEt
YzA4YzA0NDZkNjEzLzEvQ0ZUQ3QwU3VILW9OelVUd3hXaDFNTk5WM3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMjYxYmYtNmM2Yi00YjA3LWI1YWEtYzA4YzA0NDZkNjEz
LzEvdWViRUdpc0VfTmo0NlZjWS1uMHVFc3hFckI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhLeQAMw
DQYJKoZIhvcNAQELBQADggEBAF22AYXlcO9AafgP+cpHoCsNRx5UfUyI2rzu2R2m
SrlpVM+vsjPOaZoLXSAQa3LJm0Fq+JgcojZgI6Bl222lcBo6paEvCQ6bad0TAcSZ
gCTGVlol05ZSxIc88Bp6KvAbeiFb08s2ATvaZwocmWzmseYVIIZHTun2b236ZBb2
Akmi7WHnUZBcEV+ka/+KHj6jaI0LkTLe9e3kVqgj0k1jP3cnoEKdOnrUa85ui5Ni
F8BDWJMW4kXxzgIgxEkZumePROuqq9qyNZDvoE8nwU9NBzBBpYm5fLkeHCegmUtg
pLrrc8PO7r4uiWlEtzCKFQBKdN/keUW4oNtRSP+i0qLT00A=
-----END CERTIFICATE-----