Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/haThuVvZke29rpbqvF6n622h23M.roa
File:                     haThuVvZke29rpbqvF6n622h23M.roa (raw, json)
Hash identifier:          e7PG4kR3fuIUuXElSVJhLTRYlZRUn4Xb9DDc4PsCu2M=
Subject key identifier:   85:A4:E1:B9:5B:D9:91:ED:BD:AE:96:EA:BC:5E:A7:EB:6D:A1:DB:73
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       0196623397894EAE4E4B852835D98540F655
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/haThuVvZke29rpbqvF6n622h23M.roa
Signing time:             Wed 23 Apr 2025 10:31:10 +0000
ROA not before:           Wed 23 Apr 2025 10:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208208
IP address blocks:        2a0c:2500::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 12:44:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:33:97:89:4e:ae:4e:4b:85:28:35:d9:85:40:f6:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Apr 23 10:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85a4e1b95bd991edbdae96eabc5ea7eb6da1db73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fc:62:c5:79:7a:cd:21:be:9c:2c:50:1a:e7:
                    f7:db:6c:85:54:25:b2:eb:c8:60:7d:e1:46:13:6e:
                    ea:bb:c5:8e:68:c2:ef:8d:cf:d4:2b:52:47:16:bf:
                    d1:a4:76:2e:4b:e8:b9:ae:56:41:da:01:35:a6:74:
                    b3:23:d5:86:c5:07:08:c9:6e:93:ce:e8:14:4e:f5:
                    a5:f4:71:81:29:a3:fe:9b:ea:ff:f1:0a:2b:a2:3e:
                    93:99:70:7b:86:44:42:7f:58:cf:48:1e:5b:b0:62:
                    3b:59:8b:e6:be:4d:f5:b8:5c:2c:9d:81:b2:cc:fc:
                    ec:fd:15:3a:ed:ae:41:17:e0:2b:69:99:c6:2c:c3:
                    6e:f9:1e:fa:54:67:a7:4b:5c:ac:14:e1:f5:9f:0d:
                    b5:63:49:df:24:77:99:07:fe:f9:5b:cb:2a:d1:2d:
                    a0:3c:23:04:6f:a2:68:1a:ac:4e:92:5c:f3:8f:f9:
                    29:1b:91:a9:72:c9:2f:a8:a7:a7:88:57:cd:29:3d:
                    b4:86:53:fb:eb:df:62:f8:62:22:78:88:98:4e:1a:
                    4c:58:8a:be:6a:1a:ce:ed:ee:9c:9e:fc:3d:9c:45:
                    30:e9:49:6f:ab:e5:1e:57:0c:96:23:9d:76:b3:22:
                    e1:32:3f:4e:65:40:ab:e0:3f:7f:18:41:7d:47:dd:
                    a1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:A4:E1:B9:5B:D9:91:ED:BD:AE:96:EA:BC:5E:A7:EB:6D:A1:DB:73
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/haThuVvZke29rpbqvF6n622h23M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2500::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:18:4f:a7:4a:a9:7f:3c:5c:da:eb:50:d4:84:cf:92:c5:29:
         c0:26:97:5f:53:40:9a:e5:8b:fd:5e:9c:01:60:38:d6:d5:b4:
         3e:2e:2f:5c:ed:bc:c7:0b:50:ba:bd:15:45:89:23:5c:16:68:
         c4:30:ac:e5:7f:d3:5e:f1:e5:9f:04:77:be:8b:74:51:17:50:
         8e:c9:e3:c6:c3:12:31:2a:15:22:96:60:41:d8:23:3d:a4:37:
         1a:b6:7c:e4:24:31:21:72:72:41:f6:d0:05:2f:fd:f5:12:71:
         33:50:eb:b0:b0:b8:dd:f7:cf:14:1f:2e:a8:3a:c0:ff:1a:84:
         cd:c0:49:38:69:0d:fc:be:a7:35:c0:7b:18:53:26:73:86:1b:
         55:57:a1:5d:ab:c3:5d:d8:f5:ec:97:3b:9d:af:b7:18:90:3b:
         15:b7:ac:0c:25:8c:b1:4b:f9:a6:fc:a8:51:57:aa:19:22:02:
         5d:db:10:c2:44:be:c8:c5:c6:8f:eb:45:6c:cf:5e:cb:65:e5:
         c1:d8:d6:36:92:14:c6:e6:5f:46:55:28:35:43:4a:91:e2:ea:
         57:2d:c8:b4:f2:92:34:6f:cb:a2:2a:e9:8c:b4:e5:6a:45:60:
         8a:c6:ed:a8:ed:1b:84:3b:be:27:41:8f:20:f9:a7:c8:67:90:
         ad:af:6f:e3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZiM5eJTq5OS4UoNdmFQPZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwNDIzMTAzMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWE0ZTFiOTViZDk5MWVkYmRhZTk2ZWFiYzVlYTdlYjZkYTFkYjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/xixXl6zSG+nCxQGuf322yFVCWy
68hgfeFGE27qu8WOaMLvjc/UK1JHFr/RpHYuS+i5rlZB2gE1pnSzI9WGxQcIyW6T
zugUTvWl9HGBKaP+m+r/8Qoroj6TmXB7hkRCf1jPSB5bsGI7WYvmvk31uFwsnYGy
zPzs/RU67a5BF+AraZnGLMNu+R76VGenS1ysFOH1nw21Y0nfJHeZB/75W8sq0S2g
PCMEb6JoGqxOklzzj/kpG5GpcskvqKeniFfNKT20hlP7699i+GIieIiYThpMWIq+
ahrO7e6cnvw9nEUw6Ulvq+UeVwyWI512syLhMj9OZUCr4D9/GEF9R92h5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIWk4blb2ZHtva6W6rxep+ttodtzMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvaGFUaHVWdlprZTI5cnBicXZGNm42MjJoMjNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgwlADAN
BgkqhkiG9w0BAQsFAAOCAQEAdRhPp0qpfzxc2utQ1ITPksUpwCaXX1NAmuWL/V6c
AWA41tW0Pi4vXO28xwtQur0VRYkjXBZoxDCs5X/TXvHlnwR3vot0URdQjsnjxsMS
MSoVIpZgQdgjPaQ3GrZ85CQxIXJyQfbQBS/99RJxM1DrsLC43ffPFB8uqDrA/xqE
zcBJOGkN/L6nNcB7GFMmc4YbVVehXavDXdj17Jc7na+3GJA7FbesDCWMsUv5pvyo
UVeqGSICXdsQwkS+yMXGj+tFbM9ey2XlwdjWNpIUxuZfRlUoNUNKkeLqVy3ItPKS
NG/LoirpjLTlakVgisbtqO0bhDu+J0GPIPmnyGeQra9v4w==
-----END CERTIFICATE-----