Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FVSV2ypBYdsDVEdfZHCD514zx3A.roa
File:                     FVSV2ypBYdsDVEdfZHCD514zx3A.roa (raw, json)
Hash identifier:          KOMNU2q9S7bWCuuivHkCo3oG3IQEsLJfLnQAnrvcsZw=
Subject key identifier:   15:54:95:DB:2A:41:61:DB:03:54:47:5F:64:70:83:E7:5E:33:C7:70
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018D3CC5CA0BCF5A3D1F3CF94A5414219163
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FVSV2ypBYdsDVEdfZHCD514zx3A.roa
Signing time:             Wed 24 Jan 2024 18:40:11 +0000
ROA not before:           Wed 24 Jan 2024 18:40:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215651
IP address blocks:        2a12:bec0:670::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:c5:ca:0b:cf:5a:3d:1f:3c:f9:4a:54:14:21:91:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan 24 18:40:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=155495db2a4161db0354475f647083e75e33c770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:0c:da:a0:af:12:cf:41:27:88:6d:11:f7:76:
                    16:77:33:34:35:45:5d:49:7b:bb:df:bf:6d:da:84:
                    18:1e:8e:97:7f:6a:96:09:19:50:30:58:46:7b:a5:
                    1e:68:f6:4c:6d:00:06:a3:da:6e:4a:ed:fb:13:22:
                    c0:6c:68:5a:b7:14:3a:52:6b:59:ff:d5:9f:d6:e8:
                    2f:59:99:45:a4:7f:a6:2e:bc:e6:81:7b:ea:7a:4b:
                    36:7a:16:e2:d4:88:4a:8c:a6:22:f7:75:72:77:61:
                    98:ea:23:72:48:e3:2c:ee:4f:f7:b0:92:5d:c4:64:
                    74:ae:a4:47:f8:0c:fd:b8:da:62:8f:ec:5b:84:09:
                    d0:f7:39:bf:9e:bb:75:11:40:b2:86:1e:0e:b8:f8:
                    76:7a:47:3e:c6:86:90:81:e2:b0:51:e3:7c:d7:17:
                    72:56:be:16:93:0d:7b:c6:10:ea:1c:78:fb:e4:b5:
                    3e:41:53:fe:97:59:51:8f:76:08:68:9f:ee:dc:24:
                    e7:9d:5a:92:46:95:fb:8e:71:c6:63:45:ca:c9:4e:
                    80:8a:4b:4c:48:7c:a4:66:35:7f:48:70:98:a0:92:
                    fb:ad:0a:48:be:62:99:46:30:8e:be:3c:61:47:a3:
                    ed:aa:b6:2d:3e:c7:18:31:8a:b5:4f:39:e6:1b:04:
                    e3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:54:95:DB:2A:41:61:DB:03:54:47:5F:64:70:83:E7:5E:33:C7:70
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FVSV2ypBYdsDVEdfZHCD514zx3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:670::/44

    Signature Algorithm: sha256WithRSAEncryption
         54:b0:c9:b1:a7:73:3e:14:84:ab:db:3a:11:84:6b:6b:c7:9a:
         e3:6b:b7:75:c1:f7:d5:50:f9:02:03:a8:b0:58:83:b3:03:20:
         a5:74:2e:ad:16:6c:12:6e:70:85:a6:b3:5e:5a:bd:1c:f1:78:
         12:76:b7:5c:12:82:01:62:1f:1b:4a:ac:c9:70:05:fd:80:db:
         ca:d7:38:0b:eb:03:3c:70:c4:8d:cc:8c:16:f4:c6:e9:da:9f:
         c2:f4:86:80:06:ea:1d:48:ab:71:fb:50:81:a1:56:19:63:0d:
         09:f0:9e:2c:22:2b:da:b3:4c:c0:4e:0c:81:17:df:70:18:b1:
         1b:4c:44:ce:ee:be:e8:cf:aa:c2:2f:ee:0e:0e:7c:36:fb:5b:
         ee:83:e1:6d:ba:3e:7c:04:bd:15:89:f7:b2:4c:2c:bc:af:d9:
         67:02:2b:e6:e4:36:10:02:57:8c:3f:fc:9b:d1:96:33:a3:ac:
         cd:e6:55:3b:87:66:4a:40:ea:8e:a9:9f:d9:86:4d:f3:02:fc:
         d8:77:29:d8:41:e4:cb:25:11:24:b5:92:6b:b5:20:59:12:92:
         c3:23:39:9c:ae:7b:44:50:c2:ca:bf:e5:6f:1b:b1:2a:56:cf:
         66:b4:c4:fd:0d:75:77:cd:be:27:9f:06:c3:9e:ed:14:fe:d6:
         7e:da:25:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY08xcoLz1o9Hzz5SlQUIZFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTI0MTg0MDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTU0OTVkYjJhNDE2MWRiMDM1NDQ3NWY2NDcwODNlNzVlMzNjNzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQzaoK8Sz0EniG0R93YWdzM0NUVd
SXu7379t2oQYHo6Xf2qWCRlQMFhGe6UeaPZMbQAGo9puSu37EyLAbGhatxQ6UmtZ
/9Wf1ugvWZlFpH+mLrzmgXvqeks2ehbi1IhKjKYi93Vyd2GY6iNySOMs7k/3sJJd
xGR0rqRH+Az9uNpij+xbhAnQ9zm/nrt1EUCyhh4OuPh2ekc+xoaQgeKwUeN81xdy
Vr4Wkw17xhDqHHj75LU+QVP+l1lRj3YIaJ/u3CTnnVqSRpX7jnHGY0XKyU6AiktM
SHykZjV/SHCYoJL7rQpIvmKZRjCOvjxhR6PtqrYtPscYMYq1TznmGwTjEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBVUldsqQWHbA1RHX2Rwg+deM8dwMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRlZTVjJ5cEJZZHNEVkVkZlpIQ0Q1MTR6eDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAZw
MA0GCSqGSIb3DQEBCwUAA4IBAQBUsMmxp3M+FISr2zoRhGtrx5rja7d1wffVUPkC
A6iwWIOzAyCldC6tFmwSbnCFprNeWr0c8XgSdrdcEoIBYh8bSqzJcAX9gNvK1zgL
6wM8cMSNzIwW9Mbp2p/C9IaABuodSKtx+1CBoVYZYw0J8J4sIivas0zATgyBF99w
GLEbTETO7r7oz6rCL+4ODnw2+1vug+Ftuj58BL0VifeyTCy8r9lnAivm5DYQAleM
P/yb0ZYzo6zN5lU7h2ZKQOqOqZ/Zhk3zAvzYdynYQeTLJREktZJrtSBZEpLDIzmc
rntEUMLKv+VvG7EqVs9mtMT9DXV3zb4nnwbDnu0U/tZ+2iWG
-----END CERTIFICATE-----