Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/WMIHYk8xvDaFM74QNnIJJvo_0c4.roa
File:                     WMIHYk8xvDaFM74QNnIJJvo_0c4.roa (raw, json)
Hash identifier:          VnzFTov/2fcaAAWs7Jv52Wdrro3t3T/GLjVSPHCgVtY=
Subject key identifier:   58:C2:07:62:4F:31:BC:36:85:33:BE:10:36:72:09:26:FA:3F:D1:CE
Certificate issuer:       /CN=79a304ba34b61a15e3797ffd4d1ae8c218c1c7bf
Certificate serial:       01966BDB8485EF5F4AC2FFCD9693F3FE12E3
Authority key identifier: 79:A3:04:BA:34:B6:1A:15:E3:79:7F:FD:4D:1A:E8:C2:18:C1:C7:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eaMEujS2GhXjeX_9TRrowhjBx78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/WMIHYk8xvDaFM74QNnIJJvo_0c4.roa
Signing time:             Fri 25 Apr 2025 07:31:10 +0000
ROA not before:           Fri 25 Apr 2025 07:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47951
IP address blocks:        2a12:c040::/30 maxlen: 30
                          2a12:c044::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/eaMEujS2GhXjeX_9TRrowhjBx78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/eaMEujS2GhXjeX_9TRrowhjBx78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eaMEujS2GhXjeX_9TRrowhjBx78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6b:db:84:85:ef:5f:4a:c2:ff:cd:96:93:f3:fe:12:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a304ba34b61a15e3797ffd4d1ae8c218c1c7bf
        Validity
            Not Before: Apr 25 07:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58c207624f31bc368533be1036720926fa3fd1ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f7:85:0b:3a:03:d0:65:7b:94:c0:fd:50:65:
                    ce:fc:58:40:f3:45:dd:db:59:3f:ac:0e:68:2a:5e:
                    42:4f:1c:a1:23:a1:3c:01:b3:d8:e1:a8:8c:de:28:
                    a7:27:e9:ec:0d:51:a9:36:1e:c6:e2:fa:0e:0d:fc:
                    47:ac:0d:2b:8b:bd:2e:bd:24:c1:57:9f:2d:37:e2:
                    8f:56:55:c2:4d:be:a8:c5:ec:8f:f0:16:ad:d0:15:
                    1a:0c:ad:06:53:1e:68:ce:1a:6c:5f:ea:a7:d9:c4:
                    d0:f6:d9:51:92:b6:ec:2a:5e:5a:70:25:9c:95:9e:
                    00:ab:48:37:35:68:e2:c9:71:af:4f:0b:40:5c:63:
                    8a:24:25:19:8d:e2:42:60:63:a3:92:2a:ca:2b:9c:
                    07:06:58:25:62:f3:b0:da:92:79:9a:c1:63:dc:74:
                    15:df:6b:89:10:ae:22:c5:24:65:8d:25:c5:7d:ef:
                    cc:ab:0e:f7:16:57:b8:18:c4:39:10:d4:d4:e8:eb:
                    e5:4c:f8:b8:72:ec:24:39:23:ca:5f:af:2d:31:b7:
                    1f:d2:51:48:af:b1:f6:dc:bb:30:4a:6b:bb:19:f4:
                    38:b5:49:e6:f8:30:bd:39:12:3b:04:d3:92:60:24:
                    22:98:e6:29:1b:0d:30:d0:b0:10:1d:f6:37:a1:33:
                    4d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:C2:07:62:4F:31:BC:36:85:33:BE:10:36:72:09:26:FA:3F:D1:CE
            X509v3 Authority Key Identifier:
                keyid:79:A3:04:BA:34:B6:1A:15:E3:79:7F:FD:4D:1A:E8:C2:18:C1:C7:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eaMEujS2GhXjeX_9TRrowhjBx78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/WMIHYk8xvDaFM74QNnIJJvo_0c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/eaMEujS2GhXjeX_9TRrowhjBx78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:c040::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:91:8c:54:2e:ec:63:c3:ff:1d:40:52:8a:92:58:aa:93:03:
         03:4b:78:a5:b3:0a:1a:05:24:78:09:3f:ff:47:76:69:ac:da:
         a9:d9:d4:b7:2f:5c:45:95:20:72:41:08:79:3e:9f:ae:6a:2e:
         86:3a:65:34:07:4a:0c:ca:9b:54:f5:77:74:78:ad:22:d1:c9:
         fb:d3:c1:15:12:78:97:68:c6:14:28:fe:03:de:a7:72:9e:2d:
         e4:05:88:ee:8e:d0:57:b0:f8:54:25:86:7d:b4:a8:34:0b:4a:
         7d:cf:36:02:ce:76:ff:22:f0:59:bb:4c:39:9c:ff:c2:9a:1f:
         fb:1f:a0:3d:b2:fa:81:be:3c:ca:53:68:b1:64:e3:1b:8f:03:
         dc:41:4f:94:d8:17:67:07:9f:9a:7e:ec:a8:3b:60:e8:37:dc:
         5f:e8:47:f7:aa:a1:34:06:7a:33:d3:bb:d5:1c:ae:1a:91:68:
         2a:6b:ce:2d:93:bf:38:aa:f5:7f:5a:04:a7:82:80:84:1f:d9:
         2d:2c:ef:f5:c8:a3:61:da:20:a1:1c:d7:6f:8c:a3:69:45:86:
         4c:e5:9e:23:08:b8:23:db:2f:34:fa:d4:b8:72:42:84:6b:c8:
         56:f5:cf:01:65:e2:6f:11:41:74:73:be:b5:e8:e7:d4:f0:f7:
         31:e8:66:e6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZr24SF719Kwv/NlpPz/hLjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTMwNGJhMzRiNjFhMTVlMzc5N2ZmZDRkMWFlOGMyMThj
MWM3YmYwHhcNMjUwNDI1MDczMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGMyMDc2MjRmMzFiYzM2ODUzM2JlMTAzNjcyMDkyNmZhM2ZkMWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPeFCzoD0GV7lMD9UGXO/FhA80Xd
21k/rA5oKl5CTxyhI6E8AbPY4aiM3iinJ+nsDVGpNh7G4voODfxHrA0ri70uvSTB
V58tN+KPVlXCTb6oxeyP8Bat0BUaDK0GUx5ozhpsX+qn2cTQ9tlRkrbsKl5acCWc
lZ4Aq0g3NWjiyXGvTwtAXGOKJCUZjeJCYGOjkirKK5wHBlglYvOw2pJ5msFj3HQV
32uJEK4ixSRljSXFfe/Mqw73Fle4GMQ5ENTU6OvlTPi4cuwkOSPKX68tMbcf0lFI
r7H23LswSmu7GfQ4tUnm+DC9ORI7BNOSYCQimOYpGw0w0LAQHfY3oTNNQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFjCB2JPMbw2hTO+EDZyCSb6P9HOMB8GA1UdIwQY
MBaAFHmjBLo0thoV43l//U0a6MIYwce/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFNRXVqUzJHaFhqZVhfOVRScm93aGpCeDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9lNjAxMDctMTlmMy00MTk0LWJjMmYt
OTlhMGQyOWJhNTYzLzEvV01JSFlrOHh2RGFGTTc0UU5uSUpKdm9fMGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9lNjAxMDctMTlmMy00MTk0LWJjMmYtOTlhMGQyOWJhNTYz
LzEvZWFNRXVqUzJHaFhqZVhfOVRScm93aGpCeDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLAQDAN
BgkqhkiG9w0BAQsFAAOCAQEAh5GMVC7sY8P/HUBSipJYqpMDA0t4pbMKGgUkeAk/
/0d2aazaqdnUty9cRZUgckEIeT6frmouhjplNAdKDMqbVPV3dHitItHJ+9PBFRJ4
l2jGFCj+A96ncp4t5AWI7o7QV7D4VCWGfbSoNAtKfc82As52/yLwWbtMOZz/wpof
+x+gPbL6gb48ylNosWTjG48D3EFPlNgXZwefmn7sqDtg6DfcX+hH96qhNAZ6M9O7
1RyuGpFoKmvOLZO/OKr1f1oEp4KAhB/ZLSzv9cijYdogoRzXb4yjaUWGTOWeIwi4
I9svNPrUuHJChGvIVvXPAWXibxFBdHO+tejn1PD3Mehm5g==
-----END CERTIFICATE-----