Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/f0c7ca-f736-42e0-bb66-0c3c3eea75c1/1/aOB5btw3sCeCGlICIaUAVTAHxoc.roa
File:                     aOB5btw3sCeCGlICIaUAVTAHxoc.roa (raw, json)
Hash identifier:          i/T+Gbui0Eaqv0IYVe73d62lvuGguziTkFVNv1EWNX4=
Subject key identifier:   68:E0:79:6E:DC:37:B0:27:82:1A:52:02:21:A5:00:55:30:07:C6:87
Certificate issuer:       /CN=5cf51fdc5548183a8a793e7a0a87d9770e6b6b89
Certificate serial:       01904A59251E5BF3FDEC974BEDC48B52B549
Authority key identifier: 5C:F5:1F:DC:55:48:18:3A:8A:79:3E:7A:0A:87:D9:77:0E:6B:6B:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPUf3FVIGDqKeT56CofZdw5ra4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/f0c7ca-f736-42e0-bb66-0c3c3eea75c1/1/aOB5btw3sCeCGlICIaUAVTAHxoc.roa
Signing time:             Mon 24 Jun 2024 13:04:34 +0000
ROA not before:           Mon 24 Jun 2024 13:04:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42375
IP address blocks:        2a12:3dc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/f0c7ca-f736-42e0-bb66-0c3c3eea75c1/1/XPUf3FVIGDqKeT56CofZdw5ra4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/f0c7ca-f736-42e0-bb66-0c3c3eea75c1/1/XPUf3FVIGDqKeT56CofZdw5ra4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPUf3FVIGDqKeT56CofZdw5ra4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4a:59:25:1e:5b:f3:fd:ec:97:4b:ed:c4:8b:52:b5:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf51fdc5548183a8a793e7a0a87d9770e6b6b89
        Validity
            Not Before: Jun 24 13:04:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68e0796edc37b027821a520221a500553007c687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7d:bd:af:36:c3:c9:4a:37:56:ef:b0:48:f3:
                    4b:b5:d8:6a:f3:e2:f7:09:3a:02:9c:41:2f:75:4e:
                    96:14:1e:2b:8b:29:76:e3:62:f0:5a:b2:9e:02:4a:
                    2e:39:9e:9b:99:47:45:28:fd:67:fd:5e:b0:06:a0:
                    95:a1:7f:f0:1b:e0:b8:00:ce:bc:e8:6f:92:fb:66:
                    05:5c:5e:8d:cd:e9:1f:2e:89:e0:25:2c:ee:b5:29:
                    e0:8a:20:bc:13:10:94:e7:97:3c:39:60:5c:d6:60:
                    ef:d4:ca:ff:29:a9:43:31:c2:d6:cb:61:d6:41:0f:
                    11:da:ba:a4:de:0d:b9:43:f5:7d:c4:51:7c:9d:5d:
                    f1:f8:1e:23:a2:ef:8a:cb:7f:81:77:4a:54:4e:a1:
                    68:d7:89:3e:34:88:77:ce:5e:d1:ca:10:33:2b:e8:
                    fe:7e:26:b1:d9:f2:1d:8d:80:59:4b:f1:9c:2a:d8:
                    d5:bc:cd:70:fd:5c:35:12:d1:34:db:f5:15:01:5d:
                    ac:3f:1a:da:e6:60:35:1c:21:27:2d:1b:03:e5:8b:
                    39:f5:2e:aa:6a:2a:01:04:a9:f6:16:14:e1:a3:c7:
                    f0:80:8e:ee:ba:46:60:9b:90:3e:53:8a:53:84:a4:
                    07:e5:c4:ac:25:45:64:e6:dc:0d:1b:70:08:3e:17:
                    41:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E0:79:6E:DC:37:B0:27:82:1A:52:02:21:A5:00:55:30:07:C6:87
            X509v3 Authority Key Identifier:
                keyid:5C:F5:1F:DC:55:48:18:3A:8A:79:3E:7A:0A:87:D9:77:0E:6B:6B:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPUf3FVIGDqKeT56CofZdw5ra4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/f0c7ca-f736-42e0-bb66-0c3c3eea75c1/1/aOB5btw3sCeCGlICIaUAVTAHxoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/f0c7ca-f736-42e0-bb66-0c3c3eea75c1/1/XPUf3FVIGDqKeT56CofZdw5ra4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:8f:a0:b5:f2:ca:35:bc:a0:f2:5c:c8:32:29:e2:c5:f0:a2:
         46:2b:a3:14:94:21:17:91:50:be:b8:fd:4c:59:b8:30:3f:1e:
         d6:7d:22:07:38:b5:3d:99:05:86:b7:0f:07:df:f6:94:44:02:
         dc:f2:3c:f6:b2:9b:ff:6d:a0:af:ed:66:8c:83:52:bc:24:c9:
         f2:e3:70:76:20:ee:c5:84:e2:88:1e:1e:d1:db:bf:1d:b6:73:
         93:c6:3a:33:95:b1:a6:fb:af:1c:d0:8f:da:17:d9:30:b0:62:
         d4:2e:b2:df:b1:75:6b:98:21:ba:96:30:48:bc:c7:e4:da:00:
         41:5c:75:07:e8:cd:33:da:c1:16:6b:33:a2:d9:0e:80:02:7e:
         ab:2b:56:13:1f:bc:b2:c6:06:d9:ff:95:bd:1b:4d:10:0c:e0:
         0a:2b:c9:45:fd:dc:ce:2e:12:7c:f1:d5:31:56:e4:ec:9a:a1:
         45:9c:32:95:42:23:29:0c:04:6f:cd:19:49:a7:cf:3d:20:58:
         00:85:b7:7a:9f:d6:06:4e:9b:5b:2e:ae:da:d8:64:35:9c:fe:
         85:d9:9c:c7:50:6f:dd:6d:f9:88:b6:e2:dc:07:42:34:a6:e8:
         2a:c7:37:c5:99:4a:6f:46:8f:1c:1d:37:96:b5:24:50:90:b6:
         a3:e4:ef:43
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBKWSUeW/P97JdL7cSLUrVJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjUxZmRjNTU0ODE4M2E4YTc5M2U3YTBhODdkOTc3MGU2
YjZiODkwHhcNMjQwNjI0MTMwNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGUwNzk2ZWRjMzdiMDI3ODIxYTUyMDIyMWE1MDA1NTMwMDdjNjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAun29rzbDyUo3Vu+wSPNLtdhq8+L3
CToCnEEvdU6WFB4riyl242LwWrKeAkouOZ6bmUdFKP1n/V6wBqCVoX/wG+C4AM68
6G+S+2YFXF6NzekfLongJSzutSngiiC8ExCU55c8OWBc1mDv1Mr/KalDMcLWy2HW
QQ8R2rqk3g25Q/V9xFF8nV3x+B4jou+Ky3+Bd0pUTqFo14k+NIh3zl7RyhAzK+j+
fiax2fIdjYBZS/GcKtjVvM1w/Vw1EtE02/UVAV2sPxra5mA1HCEnLRsD5Ys59S6q
aioBBKn2FhTho8fwgI7uukZgm5A+U4pThKQH5cSsJUVk5twNG3AIPhdBdQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGjgeW7cN7AnghpSAiGlAFUwB8aHMB8GA1UdIwQY
MBaAFFz1H9xVSBg6ink+egqH2XcOa2uJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBVZjNGVklHRHFLZVQ1NkNvZlpkdzVyYTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9mMGM3Y2EtZjczNi00MmUwLWJiNjYt
MGMzYzNlZWE3NWMxLzEvYU9CNWJ0dzNzQ2VDR2xJQ0lhVUFWVEFIeG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9mMGM3Y2EtZjczNi00MmUwLWJiNjYtMGMzYzNlZWE3NWMx
LzEvWFBVZjNGVklHRHFLZVQ1NkNvZlpkdzVyYTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhI9wDAN
BgkqhkiG9w0BAQsFAAOCAQEAWo+gtfLKNbyg8lzIMinixfCiRiujFJQhF5FQvrj9
TFm4MD8e1n0iBzi1PZkFhrcPB9/2lEQC3PI89rKb/22gr+1mjINSvCTJ8uNwdiDu
xYTiiB4e0du/HbZzk8Y6M5WxpvuvHNCP2hfZMLBi1C6y37F1a5ghupYwSLzH5NoA
QVx1B+jNM9rBFmszotkOgAJ+qytWEx+8ssYG2f+VvRtNEAzgCivJRf3czi4SfPHV
MVbk7JqhRZwylUIjKQwEb80ZSafPPSBYAIW3ep/WBk6bWy6u2thkNZz+hdmcx1Bv
3W35iLbi3AdCNKboKsc3xZlKb0aPHB03lrUkUJC2o+TvQw==
-----END CERTIFICATE-----