Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/yGBfgqx22nj1W84oauyf8BJObvM.roa
File:                     yGBfgqx22nj1W84oauyf8BJObvM.roa (raw, json)
Hash identifier:          lrFEmwO8iaehalskUNaisXs/c7dHUS9gGZ1ADrLjpTA=
Subject key identifier:   C8:60:5F:82:AC:76:DA:78:F5:5B:CE:28:6A:EC:9F:F0:12:4E:6E:F3
Certificate issuer:       /CN=b9e6c41a2b04fcd8f8e95718fa7d2e12cc44ac1f
Certificate serial:       018F76847FFCB29C8481F03AE6F062771D12
Authority key identifier: B9:E6:C4:1A:2B:04:FC:D8:F8:E9:57:18:FA:7D:2E:12:CC:44:AC:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/yGBfgqx22nj1W84oauyf8BJObvM.roa
Signing time:             Tue 14 May 2024 09:52:25 +0000
ROA not before:           Tue 14 May 2024 09:52:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214928
IP address blocks:        2a12:de40:300::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:84:7f:fc:b2:9c:84:81:f0:3a:e6:f0:62:77:1d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9e6c41a2b04fcd8f8e95718fa7d2e12cc44ac1f
        Validity
            Not Before: May 14 09:52:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8605f82ac76da78f55bce286aec9ff0124e6ef3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:81:22:8e:de:31:87:63:89:89:a6:9c:66:c8:
                    15:46:cb:4b:3f:89:05:07:43:22:c3:99:83:c2:0c:
                    91:33:e3:5f:d4:62:5e:c3:2f:53:b4:20:f7:4d:82:
                    8b:a9:7c:ae:a1:9d:c2:cd:bf:77:26:e9:79:3d:ce:
                    40:7b:8e:99:3b:a2:a4:20:81:0c:33:b5:bb:ff:77:
                    57:9f:7c:9d:37:7b:7c:05:f9:ef:a1:e0:28:87:59:
                    26:54:b2:68:fb:5a:23:5f:56:00:7c:0f:15:04:29:
                    ff:b6:07:0a:3a:c4:40:5a:11:55:a1:71:dc:8c:fa:
                    53:31:ac:58:f9:c4:ad:67:10:d0:c1:93:0a:93:5e:
                    e2:3c:49:f7:38:02:09:67:18:02:35:e0:08:60:81:
                    ba:d7:6b:17:17:e5:1a:8a:7c:c3:77:6b:98:81:7f:
                    58:5e:e9:c8:d9:67:dd:7b:4f:a6:85:77:d2:01:6d:
                    25:30:6a:cd:ec:0a:7d:1c:7d:65:58:67:99:09:80:
                    0e:1d:ec:e4:8c:9f:15:42:17:4b:00:a3:fd:45:58:
                    e0:21:76:de:80:57:49:88:c7:02:34:e7:1a:5c:3c:
                    c5:56:ef:bf:ef:9c:d2:8b:4b:12:61:26:45:e7:8b:
                    12:ae:74:68:11:3a:cf:1c:87:05:85:4e:25:c5:e2:
                    31:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:60:5F:82:AC:76:DA:78:F5:5B:CE:28:6A:EC:9F:F0:12:4E:6E:F3
            X509v3 Authority Key Identifier:
                keyid:B9:E6:C4:1A:2B:04:FC:D8:F8:E9:57:18:FA:7D:2E:12:CC:44:AC:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uebEGisE_Nj46VcY-n0uEsxErB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/yGBfgqx22nj1W84oauyf8BJObvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c261bf-6c6b-4b07-b5aa-c08c0446d613/1/uebEGisE_Nj46VcY-n0uEsxErB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:de40:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         6a:9b:c4:ad:97:3f:78:51:6b:fa:4d:bb:c9:cc:a1:27:44:7a:
         66:72:ac:c4:ef:d9:71:73:7c:f3:96:ab:a6:6a:d9:de:af:ca:
         94:5c:fb:52:38:35:52:43:4a:a2:89:04:13:9d:eb:d7:96:8b:
         78:a5:0d:6f:d1:fc:da:89:2e:0d:f6:05:75:3a:62:e1:99:28:
         9d:06:25:f7:6b:5f:07:4d:74:99:3f:8e:9a:e6:55:27:4a:b3:
         89:19:71:93:c4:79:85:75:d2:18:7f:a1:b5:25:b8:e5:6f:66:
         9a:30:89:a2:d8:bb:35:4d:2a:c1:0f:b6:6e:b5:fe:8a:e6:e9:
         b2:7c:3b:67:28:8a:60:b0:60:2c:f0:f7:c6:2f:5b:25:d5:84:
         ae:fe:fd:57:77:da:e7:c5:a7:47:eb:8b:95:04:fa:5d:60:35:
         5c:19:bf:d0:f5:dc:93:ab:c5:9b:84:eb:71:8f:ef:1f:1c:95:
         84:81:e0:17:f6:e7:2c:11:72:4a:b6:e8:75:73:a8:28:1d:7a:
         ac:f9:3d:5f:03:5e:ca:4c:13:8a:1f:c1:a2:02:eb:c5:bf:20:
         ba:5e:50:53:ae:22:54:28:75:92:a5:df:f3:9c:34:13:10:59:
         6c:1b:d3:38:bf:c7:c6:00:89:16:a1:c1:9d:d4:af:97:f4:ba:
         48:d1:47:03
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY92hH/8spyEgfA65vBidx0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZTZjNDFhMmIwNGZjZDhmOGU5NTcxOGZhN2QyZTEyY2M0
NGFjMWYwHhcNMjQwNTE0MDk1MjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODYwNWY4MmFjNzZkYTc4ZjU1YmNlMjg2YWVjOWZmMDEyNGU2ZWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIEijt4xh2OJiaacZsgVRstLP4kF
B0Miw5mDwgyRM+Nf1GJewy9TtCD3TYKLqXyuoZ3Czb93Jul5Pc5Ae46ZO6KkIIEM
M7W7/3dXn3ydN3t8BfnvoeAoh1kmVLJo+1ojX1YAfA8VBCn/tgcKOsRAWhFVoXHc
jPpTMaxY+cStZxDQwZMKk17iPEn3OAIJZxgCNeAIYIG612sXF+UainzDd2uYgX9Y
XunI2Wfde0+mhXfSAW0lMGrN7Ap9HH1lWGeZCYAOHezkjJ8VQhdLAKP9RVjgIXbe
gFdJiMcCNOcaXDzFVu+/75zSi0sSYSZF54sSrnRoETrPHIcFhU4lxeIx/wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMhgX4Ksdtp49VvOKGrsn/ASTm7zMB8GA1UdIwQY
MBaAFLnmxBorBPzY+OlXGPp9LhLMRKwfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWViRUdpc0VfTmo0NlZjWS1uMHVFc3hFckI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMjYxYmYtNmM2Yi00YjA3LWI1YWEt
YzA4YzA0NDZkNjEzLzEveUdCZmdxeDIybmoxVzg0b2F1eWY4QkpPYnZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMjYxYmYtNmM2Yi00YjA3LWI1YWEtYzA4YzA0NDZkNjEz
LzEvdWViRUdpc0VfTmo0NlZjWS1uMHVFc3hFckI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhLeQAMw
DQYJKoZIhvcNAQELBQADggEBAGqbxK2XP3hRa/pNu8nMoSdEemZyrMTv2XFzfPOW
q6Zq2d6vypRc+1I4NVJDSqKJBBOd69eWi3ilDW/R/NqJLg32BXU6YuGZKJ0GJfdr
XwdNdJk/jprmVSdKs4kZcZPEeYV10hh/obUluOVvZpowiaLYuzVNKsEPtm61/orm
6bJ8O2coimCwYCzw98YvWyXVhK7+/Vd32ufFp0fri5UE+l1gNVwZv9D13JOrxZuE
63GP7x8clYSB4Bf25ywRckq26HVzqCgdeqz5PV8DXspME4ofwaIC68W/ILpeUFOu
IlQodZKl3/OcNBMQWWwb0zi/x8YAiRahwZ3Ur5f0ukjRRwM=
-----END CERTIFICATE-----