Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/ASgUl8np2Q6JfLRTYNLJMzN4iro.roa
File:                     ASgUl8np2Q6JfLRTYNLJMzN4iro.roa (raw, json)
Hash identifier:          tWwjSFqCshoFr0tvgjn7mFRP609UI/Pr/ZdA/aURzd0=
Subject key identifier:   01:28:14:97:C9:E9:D9:0E:89:7C:B4:53:60:D2:C9:33:33:78:8A:BA
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019357FD2C52E357F73DE5F7599C3FC515F9
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/ASgUl8np2Q6JfLRTYNLJMzN4iro.roa
Signing time:             Sat 23 Nov 2024 07:47:09 +0000
ROA not before:           Sat 23 Nov 2024 07:47:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12389
IP address blocks:        2a09:6285::/32 maxlen: 32
                          2a12:a346::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:57:fd:2c:52:e3:57:f7:3d:e5:f7:59:9c:3f:c5:15:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Nov 23 07:47:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01281497c9e9d90e897cb45360d2c93333788aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:26:e5:8b:d1:42:a0:e1:df:a3:e2:68:cd:eb:
                    03:0b:08:3e:84:36:07:82:9d:71:0c:4e:01:4e:74:
                    09:28:d3:dc:0c:2b:12:ef:af:cd:87:68:5a:fc:a2:
                    88:8f:49:f9:f8:87:c3:1d:8a:74:8c:e8:2a:e6:b6:
                    1a:2a:ed:16:c6:89:a4:22:7d:a0:f1:c8:65:e1:38:
                    e0:f0:28:61:fe:f8:d3:84:1e:45:22:e1:9f:bd:e3:
                    af:ca:3d:a5:54:92:5b:15:db:5b:31:ab:bb:e9:a2:
                    e0:9f:d7:77:79:4c:b4:19:df:98:4f:b2:88:3d:89:
                    41:e8:b2:a0:2d:a9:33:7e:0b:7c:cf:14:e0:fd:73:
                    a1:e7:40:4e:9d:6f:10:33:e6:e3:ba:d6:18:9a:ed:
                    9d:6b:31:f2:3d:7f:6e:97:52:89:f7:d9:46:1f:5a:
                    50:10:1a:a0:29:dd:7c:3f:9d:41:fb:6e:db:c9:60:
                    7a:3b:21:ed:a7:33:e8:dd:92:f1:58:18:f9:b8:2f:
                    78:23:d3:e1:a2:a2:38:cb:d7:c9:81:eb:09:52:85:
                    63:6f:18:bf:4e:98:eb:bc:c6:6e:dd:c2:7d:54:34:
                    69:21:ee:e1:8c:e9:9f:4c:80:03:13:3e:78:c7:53:
                    50:96:77:a5:80:d2:1a:52:4e:b3:9c:f1:7c:9e:3b:
                    ec:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:28:14:97:C9:E9:D9:0E:89:7C:B4:53:60:D2:C9:33:33:78:8A:BA
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/ASgUl8np2Q6JfLRTYNLJMzN4iro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6285::/32
                  2a12:a346::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:8f:7b:c7:fe:d5:5c:c2:15:68:bc:c9:e4:5b:5a:43:3f:8d:
         1a:69:44:9b:ce:62:f4:6a:5e:45:3a:d6:a1:e4:9b:b7:71:d3:
         0f:6c:02:94:7a:89:44:c5:eb:0f:3c:19:17:48:e0:d2:a2:56:
         e4:43:3c:8b:3f:55:1d:ce:07:15:17:4e:46:d9:6b:f6:ce:a0:
         51:95:e3:1a:29:3c:5d:e2:b6:ec:00:9b:80:84:bb:c7:30:3f:
         7e:22:91:6a:e3:9e:27:bf:fc:fa:68:aa:d6:f5:bd:3f:01:d3:
         e0:9f:de:65:ef:80:e1:81:3c:44:7b:88:fe:3a:cd:01:e5:9b:
         2c:20:21:91:c5:a4:9f:ab:df:42:89:f4:4a:77:11:97:37:99:
         52:48:38:38:5f:6c:82:4d:c9:24:8b:8b:0c:22:6d:7a:59:f5:
         13:11:8c:75:50:10:4f:4c:8a:30:93:a8:ee:b8:14:a2:69:4f:
         62:fd:94:77:de:7c:cf:9b:59:fb:a4:1d:06:23:9b:1b:d9:bb:
         59:a8:05:e2:82:18:b9:0a:26:46:2a:08:f3:fa:7c:96:ef:ea:
         96:75:45:c2:5d:2c:77:b5:53:bc:da:ff:33:8b:ad:6d:91:18:
         0c:30:26:28:1c:a1:80:4e:64:1c:a3:26:18:b2:58:6c:65:d1:
         ba:be:fc:d8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZNX/SxS41f3PeX3WZw/xRX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQxMTIzMDc0NzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTI4MTQ5N2M5ZTlkOTBlODk3Y2I0NTM2MGQyYzkzMzMzNzg4YWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqibli9FCoOHfo+JozesDCwg+hDYH
gp1xDE4BTnQJKNPcDCsS76/Nh2ha/KKIj0n5+IfDHYp0jOgq5rYaKu0WxomkIn2g
8chl4Tjg8Chh/vjThB5FIuGfveOvyj2lVJJbFdtbMau76aLgn9d3eUy0Gd+YT7KI
PYlB6LKgLakzfgt8zxTg/XOh50BOnW8QM+bjutYYmu2dazHyPX9ul1KJ99lGH1pQ
EBqgKd18P51B+27byWB6OyHtpzPo3ZLxWBj5uC94I9PhoqI4y9fJgesJUoVjbxi/
TpjrvMZu3cJ9VDRpIe7hjOmfTIADEz54x1NQlnelgNIaUk6znPF8njvsKwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAEoFJfJ6dkOiXy0U2DSyTMzeIq6MB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvQVNnVWw4bnAyUTZKZkxSVFlOTEpNek40aXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKglihQMF
ACoSo0YwDQYJKoZIhvcNAQELBQADggEBAI+Pe8f+1VzCFWi8yeRbWkM/jRppRJvO
YvRqXkU61qHkm7dx0w9sApR6iUTF6w88GRdI4NKiVuRDPIs/VR3OBxUXTkbZa/bO
oFGV4xopPF3ituwAm4CEu8cwP34ikWrjnie//Ppoqtb1vT8B0+Cf3mXvgOGBPER7
iP46zQHlmywgIZHFpJ+r30KJ9Ep3EZc3mVJIODhfbIJNySSLiwwibXpZ9RMRjHVQ
EE9MijCTqO64FKJpT2L9lHfefM+bWfukHQYjmxvZu1moBeKCGLkKJkYqCPP6fJbv
6pZ1RcJdLHe1U7za/zOLrW2RGAwwJigcoYBOZByjJhiyWGxl0bq+/Ng=
-----END CERTIFICATE-----