Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/vUXe4UE-m7T7Sv0xaYMUGHgE4MA.roa
File:                     vUXe4UE-m7T7Sv0xaYMUGHgE4MA.roa (raw, json)
Hash identifier:          AdPCGM3ei+LC18k21pNOI6XK3Lgk8ww7/9XnwjRZjhk=
Subject key identifier:   BD:45:DE:E1:41:3E:9B:B4:FB:4A:FD:31:69:83:14:18:78:04:E0:C0
Certificate issuer:       /CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
Certificate serial:       0196644B2D4B2C45EE8748AFF84EC56F8587
Authority key identifier: 31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/vUXe4UE-m7T7Sv0xaYMUGHgE4MA.roa
Signing time:             Wed 23 Apr 2025 20:16:10 +0000
ROA not before:           Wed 23 Apr 2025 20:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a12:9501::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:64:4b:2d:4b:2c:45:ee:87:48:af:f8:4e:c5:6f:85:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
        Validity
            Not Before: Apr 23 20:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd45dee1413e9bb4fb4afd31698314187804e0c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2a:59:92:99:02:36:d8:35:4b:fd:c6:16:92:
                    0e:56:b2:90:76:87:44:e8:44:f0:ed:0c:d0:8b:d9:
                    69:47:7d:f3:00:1f:12:c8:df:19:d3:1e:cb:89:01:
                    99:c0:46:dc:5e:93:c8:40:5e:16:29:fd:23:a1:1b:
                    f9:94:1a:96:f6:a7:17:03:88:59:84:50:ca:96:6d:
                    ee:b3:45:a2:e7:c4:8f:0d:7d:f7:7d:8e:39:60:1c:
                    73:76:ae:bf:dc:5d:b1:01:cc:1b:69:0b:97:4f:58:
                    96:9a:49:30:b9:23:ed:cb:34:ba:95:54:38:9f:fa:
                    ce:11:53:1b:92:6b:af:49:b7:68:03:e1:74:f2:36:
                    d0:ba:4f:4e:2c:6e:99:4f:3a:3d:b3:4c:f4:1d:4a:
                    1e:c6:cd:a0:de:c0:b4:13:27:7a:d1:0d:32:89:24:
                    02:76:79:d5:c4:55:4b:d8:e9:83:fc:49:33:51:c2:
                    3b:4b:e9:a3:77:9f:54:21:63:fa:2d:7d:4b:86:58:
                    24:d3:e6:71:fa:02:cf:70:2e:1f:08:c1:da:98:fe:
                    8c:e6:a4:69:d5:ee:e9:2a:4a:73:fa:50:6a:08:65:
                    dc:e0:51:c6:c9:46:25:0f:7f:4a:1b:f0:4f:c4:4b:
                    80:f5:d0:f4:40:7d:5f:45:9b:13:9a:07:9c:3b:d9:
                    c3:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:45:DE:E1:41:3E:9B:B4:FB:4A:FD:31:69:83:14:18:78:04:E0:C0
            X509v3 Authority Key Identifier:
                keyid:31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/vUXe4UE-m7T7Sv0xaYMUGHgE4MA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:9501::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:be:14:0f:f2:81:21:9a:a3:0b:68:8f:e8:e2:85:e8:d5:03:
         f5:15:b3:b4:0e:d8:e1:f4:21:ab:c3:6f:29:8a:b1:23:56:8f:
         90:3c:63:fc:95:34:ef:09:b5:4e:47:37:53:e4:0e:20:ac:b3:
         20:85:a1:60:f4:81:48:6e:90:6a:91:b6:fc:08:79:23:8c:fb:
         88:e2:b3:da:e6:20:47:c8:f0:c7:6e:7c:1a:6b:67:44:19:86:
         d4:29:4b:14:63:7f:2d:ae:67:5e:a6:be:16:e6:0a:3d:6f:a1:
         b7:30:75:c0:87:d6:1f:c3:51:be:4f:53:ae:04:1c:7a:d8:af:
         fe:70:a7:bc:f8:6b:b8:19:af:23:e9:35:d6:71:14:08:cd:3a:
         ff:00:06:49:4e:7c:ec:f6:ac:d8:cb:de:e9:c0:30:2d:db:1f:
         14:10:a5:d8:ee:c5:d2:0d:9b:3d:9a:6c:bf:5a:30:0e:5a:29:
         2c:d1:7c:34:73:59:03:ec:2f:8a:c3:c2:97:17:7d:d2:0c:c7:
         30:ff:83:03:fe:d9:67:bd:b4:61:bb:d1:53:d6:c5:bb:19:94:
         9c:04:8e:ce:22:d3:5d:03:1c:e9:3c:a4:98:73:b7:a5:d0:46:
         ab:1c:13:03:44:15:ec:e4:04:c1:a0:82:b7:fd:4d:58:bd:80:
         ac:08:82:c6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZkSy1LLEXuh0iv+E7Fb4WHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMGIwNTI1MTM3ODk5NGNmYTgwODhkMjNiNmVlZWQ0ZTll
NmFiMDgwHhcNMjUwNDIzMjAxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDQ1ZGVlMTQxM2U5YmI0ZmI0YWZkMzE2OTgzMTQxODc4MDRlMGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCpZkpkCNtg1S/3GFpIOVrKQdodE
6ETw7QzQi9lpR33zAB8SyN8Z0x7LiQGZwEbcXpPIQF4WKf0joRv5lBqW9qcXA4hZ
hFDKlm3us0Wi58SPDX33fY45YBxzdq6/3F2xAcwbaQuXT1iWmkkwuSPtyzS6lVQ4
n/rOEVMbkmuvSbdoA+F08jbQuk9OLG6ZTzo9s0z0HUoexs2g3sC0Eyd60Q0yiSQC
dnnVxFVL2OmD/EkzUcI7S+mjd59UIWP6LX1Lhlgk0+Zx+gLPcC4fCMHamP6M5qRp
1e7pKkpz+lBqCGXc4FHGyUYlD39KG/BPxEuA9dD0QH1fRZsTmgecO9nDwQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL1F3uFBPpu0+0r9MWmDFBh4BODAMB8GA1UdIwQY
MBaAFDELBSUTeJlM+oCI0jtu7tTp5qsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEt
N2NmZGYyZGY2NjMyLzEvdlVYZTRVRS1tN1Q3U3YweGFZTVVHSGdFNE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEtN2NmZGYyZGY2NjMy
LzEvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhKVATAN
BgkqhkiG9w0BAQsFAAOCAQEApL4UD/KBIZqjC2iP6OKF6NUD9RWztA7Y4fQhq8Nv
KYqxI1aPkDxj/JU07wm1Tkc3U+QOIKyzIIWhYPSBSG6QapG2/Ah5I4z7iOKz2uYg
R8jwx258GmtnRBmG1ClLFGN/La5nXqa+FuYKPW+htzB1wIfWH8NRvk9TrgQcetiv
/nCnvPhruBmvI+k11nEUCM06/wAGSU587Pas2Mve6cAwLdsfFBCl2O7F0g2bPZps
v1owDlopLNF8NHNZA+wvisPClxd90gzHMP+DA/7ZZ720YbvRU9bFuxmUnASOziLT
XQMc6TykmHO3pdBGqxwTA0QV7OQEwaCCt/1NWL2ArAiCxg==
-----END CERTIFICATE-----