Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/TxtNaSAifyEV6mP-AcvjkH3xVSk.roa
File:                     TxtNaSAifyEV6mP-AcvjkH3xVSk.roa (raw, json)
Hash identifier:          915oLCQXFOvhUMTKQDXC06NMqA6irYgihW73/bUTCvo=
Subject key identifier:   4F:1B:4D:69:20:22:7F:21:15:EA:63:FE:01:CB:E3:90:7D:F1:55:29
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       01965C44BB0AF9D736A2D8D811FE8A324933
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/TxtNaSAifyEV6mP-AcvjkH3xVSk.roa
Signing time:             Tue 22 Apr 2025 06:52:10 +0000
ROA not before:           Tue 22 Apr 2025 06:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49505
IP address blocks:        2a12:c181::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5c:44:bb:0a:f9:d7:36:a2:d8:d8:11:fe:8a:32:49:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Apr 22 06:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f1b4d6920227f2115ea63fe01cbe3907df15529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:60:f8:7d:48:55:0a:eb:97:61:cc:07:1c:a9:
                    a1:8f:b2:b4:59:84:5c:69:a4:58:46:29:9c:52:f3:
                    9f:9e:03:a4:6f:23:38:03:fd:8d:f3:16:e7:93:ed:
                    6e:01:28:ca:f4:04:01:92:c0:d2:52:db:8a:e3:a2:
                    6b:23:57:a0:89:ce:e7:88:e2:fc:04:18:83:fa:af:
                    6d:5e:5f:b8:ed:d8:89:e3:56:a4:e1:90:cb:80:29:
                    e8:a1:a2:e3:3f:20:06:7a:a7:19:ff:e5:78:46:82:
                    f2:8c:23:06:75:2b:8c:f1:13:5d:0f:4c:56:c8:b3:
                    98:c1:37:f6:7b:ff:b3:de:fc:ea:ee:0e:7f:cc:32:
                    79:8b:de:d2:87:49:98:32:93:40:d3:a4:82:25:7d:
                    86:29:e9:0a:8e:6f:ea:31:1f:c6:ea:db:06:13:91:
                    99:f3:2e:e6:e2:c5:b1:53:a7:d5:1c:10:34:02:79:
                    a5:f7:a5:b7:1d:c4:1a:37:e5:3e:b8:ef:b9:db:b6:
                    11:f6:64:a5:04:21:8d:55:d3:1b:9e:26:50:20:96:
                    43:ff:07:42:2b:55:59:f2:0a:0e:2d:e4:11:a8:34:
                    d2:bf:66:d0:21:b5:b3:6f:5e:39:e3:8f:ed:f8:f8:
                    44:a1:d4:d6:8a:2b:1f:7a:65:ef:b5:cf:9e:99:20:
                    09:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:1B:4D:69:20:22:7F:21:15:EA:63:FE:01:CB:E3:90:7D:F1:55:29
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/TxtNaSAifyEV6mP-AcvjkH3xVSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:c181::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:8b:6a:0c:24:74:ab:95:5b:97:ae:cc:75:5f:bd:d0:a3:56:
         61:ef:15:cf:26:ce:7a:96:f5:a2:51:c0:8b:e7:c9:b2:0c:3f:
         20:59:18:df:9f:a7:00:85:fb:09:b9:05:06:96:4d:f0:02:69:
         a5:c2:3c:84:5f:f3:de:83:7d:04:f6:bd:cd:89:91:c6:46:9f:
         29:b1:61:0b:52:ee:bb:a8:4f:91:42:01:75:64:9d:75:73:03:
         1a:23:d5:22:8c:32:6d:41:41:9f:9a:44:92:64:6a:de:ee:3a:
         04:ff:8e:4e:41:ba:87:4b:5c:30:43:e6:90:bf:71:d5:57:2e:
         74:1a:de:5c:53:dc:06:85:e9:6c:7c:ff:08:34:c3:0e:c6:31:
         c9:a1:b9:21:d4:7b:a6:68:ab:c2:41:3d:c0:c5:25:3f:c9:b8:
         d3:7a:71:41:cf:cf:e6:2f:d0:76:63:9f:79:70:e0:c5:8c:ce:
         b5:bb:13:7e:f7:8d:16:24:c6:e5:a9:4a:97:c5:b2:e6:c9:e8:
         db:f6:49:c8:6b:89:df:16:10:81:79:89:cf:79:be:7b:4b:8d:
         2a:ce:ec:05:04:76:d5:5d:92:ca:1e:5c:e8:5a:33:c7:f2:58:
         f3:ac:9d:66:cd:e9:b3:b9:55:cd:67:03:b1:21:dc:33:69:fa:
         fa:c0:e3:59
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZcRLsK+dc2otjYEf6KMkkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNDIyMDY1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjFiNGQ2OTIwMjI3ZjIxMTVlYTYzZmUwMWNiZTM5MDdkZjE1NTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymD4fUhVCuuXYcwHHKmhj7K0WYRc
aaRYRimcUvOfngOkbyM4A/2N8xbnk+1uASjK9AQBksDSUtuK46JrI1egic7niOL8
BBiD+q9tXl+47diJ41ak4ZDLgCnooaLjPyAGeqcZ/+V4RoLyjCMGdSuM8RNdD0xW
yLOYwTf2e/+z3vzq7g5/zDJ5i97Sh0mYMpNA06SCJX2GKekKjm/qMR/G6tsGE5GZ
8y7m4sWxU6fVHBA0Anml96W3HcQaN+U+uO+527YR9mSlBCGNVdMbniZQIJZD/wdC
K1VZ8goOLeQRqDTSv2bQIbWzb14544/t+PhEodTWiisfemXvtc+emSAJtQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE8bTWkgIn8hFepj/gHL45B98VUpMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvVHh0TmFTQWlmeUVWNm1QLUFjdmprSDN4VlNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhLBgTAN
BgkqhkiG9w0BAQsFAAOCAQEAbItqDCR0q5Vbl67MdV+90KNWYe8VzybOepb1olHA
i+fJsgw/IFkY35+nAIX7CbkFBpZN8AJppcI8hF/z3oN9BPa9zYmRxkafKbFhC1Lu
u6hPkUIBdWSddXMDGiPVIowybUFBn5pEkmRq3u46BP+OTkG6h0tcMEPmkL9x1Vcu
dBreXFPcBoXpbHz/CDTDDsYxyaG5IdR7pmirwkE9wMUlP8m403pxQc/P5i/QdmOf
eXDgxYzOtbsTfveNFiTG5alKl8Wy5sno2/ZJyGuJ3xYQgXmJz3m+e0uNKs7sBQR2
1V2Syh5c6Fozx/JY86ydZs3ps7lVzWcDsSHcM2n6+sDjWQ==
-----END CERTIFICATE-----