Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Co798uclBPOx2APLMEA8N2Ck5Wg.roa
File:                     Co798uclBPOx2APLMEA8N2Ck5Wg.roa (raw, json)
Hash identifier:          nIPIVdhWnTIn/Apaz8NmxSGVT+NWOlzPd92Ad1NtY34=
Subject key identifier:   0A:8E:FD:F2:E7:25:04:F3:B1:D8:03:CB:30:40:3C:37:60:A4:E5:68
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A0564812FFFF7D599792EBB9C4E6C
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Co798uclBPOx2APLMEA8N2Ck5Wg.roa
Signing time:             Mon 01 Jan 2024 18:29:48 +0000
ROA not before:           Mon 01 Jan 2024 18:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200180
IP address blocks:        2a12:bec0:110::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:05:64:81:2f:ff:f7:d5:99:79:2e:bb:9c:4e:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a8efdf2e72504f3b1d803cb30403c3760a4e568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9f:03:6e:22:93:8d:83:da:60:c5:2b:a4:cb:
                    de:12:1d:65:fe:ab:0e:fb:f2:2f:7c:bd:ed:d9:8d:
                    58:67:b6:40:51:3e:31:24:4e:e4:4f:2b:19:7a:19:
                    84:4b:21:16:88:53:f6:87:59:1b:ca:af:bc:f1:22:
                    7f:31:25:82:86:53:8c:4c:62:50:2a:36:c2:8e:91:
                    8e:60:fd:1c:07:16:67:0b:fe:0d:4b:83:8f:7c:b3:
                    73:76:25:55:cf:8d:55:89:65:6a:b4:ea:b7:50:25:
                    b8:5d:82:b0:41:8f:57:f8:4e:af:4f:14:89:b6:37:
                    2f:c2:4c:30:bc:12:fe:24:b6:54:43:55:c0:ee:e0:
                    02:b5:0e:c8:1e:cb:5e:c8:44:16:60:76:ef:4f:63:
                    be:6d:34:e2:e9:98:8a:0d:cc:1d:c2:8b:2a:be:dc:
                    7a:85:e2:f6:7a:bd:b3:c9:ed:e6:9d:5e:5b:86:41:
                    dc:1f:ad:39:fe:87:7f:a5:58:3b:05:80:84:cd:69:
                    ec:d7:dd:39:bc:48:a6:04:4c:5e:3a:41:e8:35:c2:
                    0e:17:52:6d:c2:43:11:08:93:1f:9d:80:b3:27:d3:
                    3e:8d:80:35:54:3a:39:f3:84:a3:8c:6d:2b:fb:fd:
                    42:5c:8e:23:d3:39:75:dc:89:8d:02:ba:14:6a:6c:
                    70:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:8E:FD:F2:E7:25:04:F3:B1:D8:03:CB:30:40:3C:37:60:A4:E5:68
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Co798uclBPOx2APLMEA8N2Ck5Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:110::/44

    Signature Algorithm: sha256WithRSAEncryption
         c3:09:56:3c:6d:7f:df:39:c7:4c:c3:8b:20:23:b9:80:a4:19:
         14:58:18:da:54:56:58:06:74:7c:7b:53:ab:b3:4b:51:57:33:
         c8:3c:7a:4b:23:f0:cd:45:41:07:c1:08:b3:f0:bc:f5:58:c9:
         7d:c5:f5:dc:62:ea:72:63:98:bb:85:57:15:d7:0c:36:59:46:
         94:b5:1b:51:15:c8:48:69:4b:38:af:bc:78:a5:08:c1:9d:1d:
         2c:0f:52:d7:70:b6:5c:09:e0:5d:f2:eb:ce:01:ed:37:10:17:
         f0:04:a7:59:ac:4d:b3:ad:e0:39:cc:da:72:94:c2:58:24:67:
         8d:52:9e:01:c1:f6:bb:9b:07:fa:d5:a6:df:68:8f:ee:4b:4b:
         8c:a3:7a:23:7d:48:46:32:a0:69:a9:ed:cb:29:6e:1c:a4:94:
         c8:ee:92:f5:32:06:01:4b:cd:06:97:3a:4a:94:f0:fb:ca:7a:
         5a:3f:72:f8:15:a7:7b:6f:ee:93:56:6e:53:ed:d3:00:57:57:
         a6:e2:61:33:ab:18:d4:02:32:1b:68:89:f1:71:18:78:e1:69:
         ba:34:4e:f7:8a:44:1b:11:b0:d4:16:3e:83:6a:23:d5:03:0f:
         38:96:5c:b0:9b:b0:40:8f:18:c8:00:38:94:34:c6:f4:91:96:
         d9:09:d1:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgVkgS//99WZeS67nE5sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYThlZmRmMmU3MjUwNGYzYjFkODAzY2IzMDQwM2MzNzYwYTRlNTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm58DbiKTjYPaYMUrpMveEh1l/qsO
+/IvfL3t2Y1YZ7ZAUT4xJE7kTysZehmESyEWiFP2h1kbyq+88SJ/MSWChlOMTGJQ
KjbCjpGOYP0cBxZnC/4NS4OPfLNzdiVVz41ViWVqtOq3UCW4XYKwQY9X+E6vTxSJ
tjcvwkwwvBL+JLZUQ1XA7uACtQ7IHsteyEQWYHbvT2O+bTTi6ZiKDcwdwosqvtx6
heL2er2zye3mnV5bhkHcH605/od/pVg7BYCEzWns1905vEimBExeOkHoNcIOF1Jt
wkMRCJMfnYCzJ9M+jYA1VDo584SjjG0r+/1CXI4j0zl13ImNAroUamxwMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAqO/fLnJQTzsdgDyzBAPDdgpOVoMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvQ283OTh1Y2xCUE94MkFQTE1FQThOMkNrNVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDDCVY8bX/fOcdMw4sgI7mApBkUWBjaVFZYBnR8
e1Ors0tRVzPIPHpLI/DNRUEHwQiz8Lz1WMl9xfXcYupyY5i7hVcV1ww2WUaUtRtR
FchIaUs4r7x4pQjBnR0sD1LXcLZcCeBd8uvOAe03EBfwBKdZrE2zreA5zNpylMJY
JGeNUp4Bwfa7mwf61abfaI/uS0uMo3ojfUhGMqBpqe3LKW4cpJTI7pL1MgYBS80G
lzpKlPD7ynpaP3L4Fad7b+6TVm5T7dMAV1em4mEzqxjUAjIbaInxcRh44Wm6NE73
ikQbEbDUFj6DaiPVAw84llywm7BAjxjIADiUNMb0kZbZCdEO
-----END CERTIFICATE-----