Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/H4EK-fyy44-uBaaxyoA2So9uODk.roa
File:                     H4EK-fyy44-uBaaxyoA2So9uODk.roa (raw, json)
Hash identifier:          JkVGZuUGAlD51SOOznp1hKK7fIKOmyrplm5JDL+lJv0=
Subject key identifier:   1F:81:0A:F9:FC:B2:E3:8F:AE:05:A6:B1:CA:80:36:4A:8F:6E:38:39
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A141476AA29D733D180C50B2F2A5F
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/H4EK-fyy44-uBaaxyoA2So9uODk.roa
Signing time:             Mon 01 Jan 2024 18:29:52 +0000
ROA not before:           Mon 01 Jan 2024 18:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216418
IP address blocks:        2a12:bec0:430::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:14:14:76:aa:29:d7:33:d1:80:c5:0b:2f:2a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f810af9fcb2e38fae05a6b1ca80364a8f6e3839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e7:71:7f:cf:d1:be:49:06:5e:fb:b5:2f:c0:
                    f7:f4:e6:25:d4:ca:5b:66:3f:d0:15:82:48:4b:db:
                    5f:28:5c:2e:17:76:7c:cc:4e:a2:fe:7f:ed:26:0b:
                    01:79:fe:34:80:20:84:94:8c:00:d0:9e:f7:b0:a7:
                    99:a5:99:33:38:4e:42:d1:cd:8e:94:92:ea:d1:29:
                    8f:4e:b6:18:99:b4:f5:e6:3b:4a:c1:d2:61:a7:27:
                    a6:ef:df:f2:d6:c0:42:d0:16:87:0a:55:c9:ff:98:
                    06:7c:61:ba:37:42:13:a5:82:b5:1e:04:f9:22:a0:
                    1d:7f:13:db:c9:0b:19:af:04:78:b5:85:70:ac:d5:
                    c9:b3:a2:1d:84:1d:55:32:0f:14:10:b4:31:70:0c:
                    69:44:c7:a2:f2:8b:dc:42:50:02:52:73:0a:42:8d:
                    58:b6:e7:ef:c8:5d:ad:e5:19:ce:cc:57:89:c7:6c:
                    cc:ac:a4:56:85:c0:c6:25:98:bf:64:ff:45:e7:71:
                    3a:a8:c5:71:20:44:ec:50:f3:bd:fb:59:f9:67:bb:
                    9c:45:25:56:18:cb:66:dc:42:bb:23:63:ea:27:3b:
                    89:e6:c9:1e:ee:7f:85:1f:40:4a:da:d7:1f:b6:5f:
                    c1:23:79:ef:88:d0:99:b7:5d:c6:fa:6c:b2:e2:1a:
                    e5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:81:0A:F9:FC:B2:E3:8F:AE:05:A6:B1:CA:80:36:4A:8F:6E:38:39
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/H4EK-fyy44-uBaaxyoA2So9uODk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:430::/44

    Signature Algorithm: sha256WithRSAEncryption
         b8:d0:87:cc:d1:fc:54:db:69:b2:8e:e7:54:23:38:52:9f:93:
         2f:db:6c:1b:a8:82:1b:5f:4d:e4:7e:70:93:b3:c0:8a:1e:a0:
         7a:8e:79:da:dc:47:c4:76:6f:2b:6d:1b:f7:f3:f2:98:af:d5:
         6f:a4:ac:53:ff:56:a3:e1:4f:4d:f9:12:da:c9:9c:e7:36:f4:
         77:e3:a7:5d:21:4a:52:ab:01:c6:9d:b5:46:a7:2b:58:c5:c2:
         60:33:59:7b:5b:77:1b:c8:a4:d7:b1:45:01:85:85:6f:70:51:
         b4:d0:d8:63:66:6d:78:6d:e1:fb:34:10:00:d5:20:62:07:2b:
         0d:ed:ae:37:b9:82:0c:bd:64:7a:8e:22:9e:bd:f3:43:94:8f:
         e0:36:8d:ab:5d:48:b5:5c:d2:a9:a0:b9:86:43:66:84:57:b1:
         71:fa:67:4b:ee:dc:08:d4:95:fd:88:3d:1e:e6:bf:ce:2f:fc:
         b1:7e:a3:96:e5:e9:45:00:ae:81:f1:58:17:55:f8:e2:c3:83:
         84:bc:03:96:c3:0f:dc:e2:52:cf:c1:44:92:3f:c9:fc:c2:8a:
         20:b9:6f:7d:4b:f3:67:a7:e6:d8:dc:8b:7d:49:61:8f:22:0b:
         c8:88:f0:5e:62:0f:80:96:63:49:57:2f:a7:00:b0:81:58:4b:
         ab:bd:52:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGShQUdqop1zPRgMULLypfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjgxMGFmOWZjYjJlMzhmYWUwNWE2YjFjYTgwMzY0YThmNmUzODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsedxf8/RvkkGXvu1L8D39OYl1Mpb
Zj/QFYJIS9tfKFwuF3Z8zE6i/n/tJgsBef40gCCElIwA0J73sKeZpZkzOE5C0c2O
lJLq0SmPTrYYmbT15jtKwdJhpyem79/y1sBC0BaHClXJ/5gGfGG6N0ITpYK1HgT5
IqAdfxPbyQsZrwR4tYVwrNXJs6IdhB1VMg8UELQxcAxpRMei8ovcQlACUnMKQo1Y
tufvyF2t5RnOzFeJx2zMrKRWhcDGJZi/ZP9F53E6qMVxIETsUPO9+1n5Z7ucRSVW
GMtm3EK7I2PqJzuJ5ske7n+FH0BK2tcftl/BI3nviNCZt13G+myy4hrl/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB+BCvn8suOPrgWmscqANkqPbjg5MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvSDRFSy1meXk0NC11QmFheHlvQTJTbzl1T0RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAQw
MA0GCSqGSIb3DQEBCwUAA4IBAQC40IfM0fxU22myjudUIzhSn5Mv22wbqIIbX03k
fnCTs8CKHqB6jnna3EfEdm8rbRv38/KYr9VvpKxT/1aj4U9N+RLayZznNvR346dd
IUpSqwHGnbVGpytYxcJgM1l7W3cbyKTXsUUBhYVvcFG00NhjZm14beH7NBAA1SBi
BysN7a43uYIMvWR6jiKevfNDlI/gNo2rXUi1XNKpoLmGQ2aEV7Fx+mdL7twI1JX9
iD0e5r/OL/yxfqOW5elFAK6B8VgXVfjiw4OEvAOWww/c4lLPwUSSP8n8wooguW99
S/Nnp+bY3It9SWGPIgvIiPBeYg+AlmNJVy+nALCBWEurvVIF
-----END CERTIFICATE-----