Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/7_XH5Nynjubz_xMsaz4B-ZtLWyg.roa
File:                     7_XH5Nynjubz_xMsaz4B-ZtLWyg.roa (raw, json)
Hash identifier:          Rwwjw6ZsPEInkgNJsjkcr6AILeNdbh4/LbvWL8QdTLY=
Subject key identifier:   EF:F5:C7:E4:DC:A7:8E:E6:F3:FF:13:2C:6B:3E:01:F9:9B:4B:5B:28
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC649F958E23B0DBCA9B5FB14187F99E1
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/7_XH5Nynjubz_xMsaz4B-ZtLWyg.roa
Signing time:             Mon 01 Jan 2024 18:29:45 +0000
ROA not before:           Mon 01 Jan 2024 18:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        2a12:bec0:420::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:f9:58:e2:3b:0d:bc:a9:b5:fb:14:18:7f:99:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eff5c7e4dca78ee6f3ff132c6b3e01f99b4b5b28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e6:be:9b:ed:cd:9c:dd:4b:c6:7e:87:4a:43:
                    ea:2e:cf:81:d3:0e:78:3e:dc:3a:23:ba:e5:6c:a5:
                    2b:fe:e5:a0:8e:7f:f3:ed:84:7c:06:71:17:89:26:
                    54:ca:35:85:b8:4e:b2:94:00:f5:26:52:6c:c5:0f:
                    ab:25:08:e4:0d:d6:02:67:d7:6b:b3:e2:21:6b:1d:
                    db:ac:17:17:59:c1:9c:cd:22:74:41:9c:3a:b5:de:
                    63:53:b2:df:e6:12:2b:ca:62:3c:9f:f2:71:85:df:
                    3f:6e:1b:56:f4:72:b8:ab:8e:54:09:6e:54:5c:00:
                    28:f6:a4:76:4f:d2:67:5c:8c:fb:fc:d0:aa:23:85:
                    d8:05:4c:05:1e:4e:fe:f7:77:07:cb:5d:85:da:f0:
                    a9:b5:e6:c7:f1:f1:83:74:4f:b0:69:9c:96:2e:9d:
                    df:a3:63:49:2a:db:35:c2:ff:08:db:5d:a2:4a:69:
                    a9:f9:11:1b:bc:c5:e7:80:df:b9:d6:d0:18:2e:3e:
                    7c:21:39:30:55:a0:17:d4:91:55:b8:3e:18:30:0f:
                    1b:a1:34:c5:5b:00:95:a0:c5:bd:56:fb:c7:55:9b:
                    a6:2c:4a:13:8e:47:68:ff:60:df:43:6d:ab:dc:42:
                    01:80:2d:b0:a7:b2:2e:39:16:ac:cd:62:95:53:8d:
                    4f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:F5:C7:E4:DC:A7:8E:E6:F3:FF:13:2C:6B:3E:01:F9:9B:4B:5B:28
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/7_XH5Nynjubz_xMsaz4B-ZtLWyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:420::/44

    Signature Algorithm: sha256WithRSAEncryption
         b0:97:d1:be:9c:7c:0a:60:8e:9a:23:c0:4d:db:a5:e3:d8:89:
         b1:13:41:d6:3e:88:d3:26:88:7e:47:ef:eb:67:19:2e:83:97:
         17:f4:3c:83:ed:cd:6b:cd:b9:f7:a2:45:20:59:a9:1a:91:66:
         f8:81:d3:84:f4:93:4b:00:81:ba:9b:69:44:eb:81:98:49:cb:
         90:22:5d:b7:20:90:fa:85:35:d3:a9:ad:aa:50:0a:d4:bf:7f:
         fa:15:d4:11:13:b8:81:64:5d:8a:56:19:5e:2d:95:bf:ab:7d:
         94:87:65:bc:18:53:50:94:31:9a:fa:b0:94:69:b3:1c:da:ad:
         52:cd:2c:31:d4:0f:bd:59:a2:65:87:52:86:63:c1:58:6d:3c:
         e4:75:f8:49:f8:55:ed:ef:89:b1:ad:a3:9f:0d:08:2c:b0:2d:
         e0:80:ab:d6:77:8a:27:72:bc:d2:4f:15:94:f0:0d:92:19:41:
         80:b7:1e:30:fb:27:da:5e:ca:f0:b1:18:05:89:18:d5:ad:33:
         57:ea:46:34:33:01:97:99:27:c1:6b:8e:80:f6:b3:8b:38:46:
         62:03:5e:1b:f6:fd:e4:50:f3:be:c5:3e:26:93:b7:89:fa:cb:
         a8:36:8e:ac:bc:65:02:0b:ab:e2:d2:c9:8a:24:03:aa:56:96:
         c8:13:23:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSflY4jsNvKm1+xQYf5nhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmY1YzdlNGRjYTc4ZWU2ZjNmZjEzMmM2YjNlMDFmOTliNGI1YjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+a+m+3NnN1Lxn6HSkPqLs+B0w54
Ptw6I7rlbKUr/uWgjn/z7YR8BnEXiSZUyjWFuE6ylAD1JlJsxQ+rJQjkDdYCZ9dr
s+Ihax3brBcXWcGczSJ0QZw6td5jU7Lf5hIrymI8n/Jxhd8/bhtW9HK4q45UCW5U
XAAo9qR2T9JnXIz7/NCqI4XYBUwFHk7+93cHy12F2vCptebH8fGDdE+waZyWLp3f
o2NJKts1wv8I212iSmmp+REbvMXngN+51tAYLj58ITkwVaAX1JFVuD4YMA8boTTF
WwCVoMW9VvvHVZumLEoTjkdo/2DfQ22r3EIBgC2wp7IuORaszWKVU41PDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO/1x+Tcp47m8/8TLGs+AfmbS1soMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvN19YSDVOeW5qdWJ6X3hNc2F6NEItWnRMV3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAQg
MA0GCSqGSIb3DQEBCwUAA4IBAQCwl9G+nHwKYI6aI8BN26Xj2ImxE0HWPojTJoh+
R+/rZxkug5cX9DyD7c1rzbn3okUgWakakWb4gdOE9JNLAIG6m2lE64GYScuQIl23
IJD6hTXTqa2qUArUv3/6FdQRE7iBZF2KVhleLZW/q32Uh2W8GFNQlDGa+rCUabMc
2q1SzSwx1A+9WaJlh1KGY8FYbTzkdfhJ+FXt74mxraOfDQgssC3ggKvWd4oncrzS
TxWU8A2SGUGAtx4w+yfaXsrwsRgFiRjVrTNX6kY0MwGXmSfBa46A9rOLOEZiA14b
9v3kUPO+xT4mk7eJ+suoNo6svGUCC6vi0smKJAOqVpbIEyPM
-----END CERTIFICATE-----