Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/PNTOpYYVcuDrJeZAGeiTaBIC-I0.roa
File:                     PNTOpYYVcuDrJeZAGeiTaBIC-I0.roa (raw, json)
Hash identifier:          ocz5ys7PNRrxXKe2y4aAD2AtSq4FsI9fCNCnqGTL5uI=
Subject key identifier:   3C:D4:CE:A5:86:15:72:E0:EB:25:E6:40:19:E8:93:68:12:02:F8:8D
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EA309FFCDA7BA0CB6F0EBAA071A10DDA8
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/PNTOpYYVcuDrJeZAGeiTaBIC-I0.roa
Signing time:             Wed 03 Apr 2024 08:18:45 +0000
ROA not before:           Wed 03 Apr 2024 08:18:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8675
IP address blocks:        212.12.0.0/19 maxlen: 24
                          212.12.4.0/24 maxlen: 24
                          212.12.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:09:ff:cd:a7:ba:0c:b6:f0:eb:aa:07:1a:10:dd:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr  3 08:18:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cd4cea5861572e0eb25e64019e893681202f88d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:80:53:2c:e0:1b:cf:17:f7:41:75:88:34:24:
                    65:90:1f:9e:ce:28:58:f1:c4:f4:3e:ec:91:fd:23:
                    c1:b1:ff:74:92:d9:71:0f:df:76:d3:6f:a6:87:46:
                    d1:71:b0:55:8b:52:f3:c2:eb:87:b6:df:84:c3:43:
                    0d:35:f4:6d:ca:d3:2d:f6:22:13:18:63:8b:ab:d7:
                    4b:51:8b:de:44:79:0f:14:e8:5f:30:6d:6d:2b:b6:
                    08:55:32:67:a9:8c:a2:df:26:16:ee:9f:90:85:d4:
                    23:c8:24:ca:ed:2f:18:56:71:b1:51:8d:f2:17:60:
                    9c:04:b9:cd:15:80:fe:df:fa:3e:d5:88:db:e4:af:
                    dd:80:e2:55:c8:8a:d3:b1:4f:ad:d1:b5:60:72:0c:
                    f7:ab:a2:51:7d:c6:27:b9:93:02:f7:73:f8:16:f7:
                    9e:55:3c:dc:b8:bb:4f:e1:db:7b:aa:5c:39:f7:0a:
                    39:e7:20:d6:5f:f1:29:b7:3e:b3:ce:3c:6c:a0:fc:
                    fb:11:e8:85:86:ac:e3:16:3d:ac:12:42:e9:47:5a:
                    0f:8c:48:f4:fa:15:fb:8b:ef:ba:b4:2a:4a:c0:a6:
                    9d:93:ff:af:ec:8c:4b:cb:3b:df:96:f3:e1:ce:e4:
                    6d:18:a9:6c:6f:b7:56:eb:0f:0b:f2:a5:f4:ac:d8:
                    65:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:D4:CE:A5:86:15:72:E0:EB:25:E6:40:19:E8:93:68:12:02:F8:8D
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/PNTOpYYVcuDrJeZAGeiTaBIC-I0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.12.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2f:fd:c9:d2:ef:b1:13:13:f6:db:39:fc:b6:31:43:a5:ce:23:
         cf:3b:30:0c:7c:31:0e:59:a1:ba:34:7f:5a:26:2b:f8:6c:31:
         32:35:d7:ab:54:4c:fc:bf:bb:dd:6a:2f:4d:1a:bb:43:6e:d6:
         2c:51:08:d0:26:5a:ec:b7:7b:69:f3:4d:ad:a2:86:e1:fb:17:
         4c:c3:7c:f9:d6:72:55:97:bc:bb:37:f7:76:e0:7f:e1:82:ca:
         fd:0a:1f:2b:84:ed:e8:40:3d:06:b0:47:88:d8:c4:43:1e:61:
         c9:3e:3b:20:92:c3:21:7a:8a:3a:dc:32:a9:de:cb:8a:b3:63:
         d2:07:17:45:01:bc:43:59:90:e0:1f:1f:3e:c1:20:f1:6a:9b:
         5e:69:42:00:2a:3b:e4:04:a6:22:6d:83:21:fc:56:d5:68:69:
         1f:71:e4:d7:64:4b:bc:c8:f4:3e:ca:0c:00:70:ff:84:89:bb:
         8f:66:b5:16:ae:97:38:f5:49:0d:3a:e2:14:30:68:96:b2:ea:
         8e:d3:37:6f:4b:89:df:23:b3:da:e1:bc:87:ad:0a:21:14:f1:
         9d:70:ac:16:8e:c4:27:10:f3:cb:40:4a:eb:06:2a:75:f6:de:
         25:3e:65:86:9c:58:a4:a4:57:cf:7d:f3:7f:62:be:4d:e4:81:
         a4:95:a1:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6jCf/Np7oMtvDrqgcaEN2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDAzMDgxODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2Q0Y2VhNTg2MTU3MmUwZWIyNWU2NDAxOWU4OTM2ODEyMDJmODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4BTLOAbzxf3QXWINCRlkB+ezihY
8cT0PuyR/SPBsf90ktlxD99202+mh0bRcbBVi1LzwuuHtt+Ew0MNNfRtytMt9iIT
GGOLq9dLUYveRHkPFOhfMG1tK7YIVTJnqYyi3yYW7p+QhdQjyCTK7S8YVnGxUY3y
F2CcBLnNFYD+3/o+1Yjb5K/dgOJVyIrTsU+t0bVgcgz3q6JRfcYnuZMC93P4Fvee
VTzcuLtP4dt7qlw59wo55yDWX/Eptz6zzjxsoPz7EeiFhqzjFj2sEkLpR1oPjEj0
+hX7i++6tCpKwKadk/+v7IxLyzvflvPhzuRtGKlsb7dW6w8L8qX0rNhlWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzUzqWGFXLg6yXmQBnok2gSAviNMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvUE5UT3BZWVZjdURySmVaQUdlaVRhQklDLUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1AwAMA0G
CSqGSIb3DQEBCwUAA4IBAQAv/cnS77ETE/bbOfy2MUOlziPPOzAMfDEOWaG6NH9a
Jiv4bDEyNderVEz8v7vdai9NGrtDbtYsUQjQJlrst3tp802toobh+xdMw3z51nJV
l7y7N/d24H/hgsr9Ch8rhO3oQD0GsEeI2MRDHmHJPjsgksMheoo63DKp3suKs2PS
BxdFAbxDWZDgHx8+wSDxapteaUIAKjvkBKYibYMh/FbVaGkfceTXZEu8yPQ+ygwA
cP+EibuPZrUWrpc49UkNOuIUMGiWsuqO0zdvS4nfI7Pa4byHrQohFPGdcKwWjsQn
EPPLQErrBip19t4lPmWGnFikpFfPffN/Yr5N5IGklaEN
-----END CERTIFICATE-----