Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/P2u4KPeqzSQcwAgZ8deIfwyGubY.roa
File:                     P2u4KPeqzSQcwAgZ8deIfwyGubY.roa (raw, json)
Hash identifier:          Als/ffLK0Q91tczz4CfkRCOsGHHaJ5ik5/xjQ0GWyQU=
Subject key identifier:   3F:6B:B8:28:F7:AA:CD:24:1C:C0:08:19:F1:D7:88:7F:0C:86:B9:B6
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A0BF8164BC58A589EA169CE9332A9
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/P2u4KPeqzSQcwAgZ8deIfwyGubY.roa
Signing time:             Mon 01 Jan 2024 18:29:50 +0000
ROA not before:           Mon 01 Jan 2024 18:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212050
IP address blocks:        2a12:bec0:e00::/48 maxlen: 48
                          2a12:bec0:e01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:0b:f8:16:4b:c5:8a:58:9e:a1:69:ce:93:32:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f6bb828f7aacd241cc00819f1d7887f0c86b9b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b4:a4:a0:91:6c:e4:1d:a1:19:fd:f1:6e:a4:
                    71:d3:d1:62:4b:a3:2c:02:87:e3:74:3c:2c:8f:97:
                    1c:e5:cf:7f:a4:8d:74:5e:57:10:12:60:3e:b8:66:
                    08:48:6e:67:8e:e0:f2:b2:30:6e:b2:24:ab:ec:59:
                    b2:ff:c8:ea:5c:4f:48:a7:3d:1b:95:0b:af:14:0b:
                    9e:b2:26:6d:ec:be:8b:cd:d8:c3:7a:92:b9:a9:a4:
                    68:a1:e9:a7:7f:f8:81:2a:75:14:6b:35:20:da:9b:
                    fc:a4:ee:b2:c0:32:ef:9f:c7:37:bb:14:2a:62:9b:
                    e1:1d:2c:1a:68:18:47:0f:76:0f:b2:e5:c5:b4:35:
                    53:31:ca:d5:1f:10:b4:cf:55:cc:ec:1a:58:cf:5f:
                    60:5e:f9:aa:70:cb:56:61:c8:85:3c:d3:05:15:8c:
                    92:63:0c:b7:2b:db:ae:02:4d:f6:bd:0e:22:0a:54:
                    5b:6d:10:25:66:55:bb:3e:15:ed:0e:46:38:a8:04:
                    b4:d5:32:27:7f:e8:94:ba:e5:a1:a5:7b:ce:dd:4a:
                    0c:4a:1c:8c:71:a5:59:0c:22:d4:f8:ac:bb:5f:56:
                    48:2b:ee:cd:9f:80:21:ab:86:27:e8:1c:6e:00:ef:
                    84:1c:30:00:12:7e:4b:65:4d:e1:3b:96:14:32:a6:
                    24:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6B:B8:28:F7:AA:CD:24:1C:C0:08:19:F1:D7:88:7F:0C:86:B9:B6
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/P2u4KPeqzSQcwAgZ8deIfwyGubY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:e00::/47

    Signature Algorithm: sha256WithRSAEncryption
         1d:4f:7d:7d:90:58:71:d6:71:3b:88:e1:48:53:70:ec:29:e1:
         2d:80:a8:a8:c8:46:c2:09:c3:02:27:00:51:04:56:83:30:9d:
         80:4d:86:ed:ac:52:7c:71:08:b6:1c:b0:b9:22:15:12:e6:5e:
         07:f9:4d:c7:2a:f0:a0:c9:19:bb:51:d7:b8:5b:a8:da:ad:6b:
         08:91:59:b5:cd:2b:d9:a9:3f:e2:4c:b0:2c:19:f4:e9:9f:32:
         c9:23:2d:2d:d3:c3:18:6e:45:af:1d:94:51:c2:5f:81:4a:8f:
         fc:27:8f:8e:96:88:c9:70:93:29:d1:c0:22:70:49:2e:8b:6c:
         12:6e:3b:15:86:61:cd:2a:c7:47:68:88:8d:28:51:40:03:a4:
         ce:0d:22:86:54:76:7a:56:69:a7:ed:01:f4:fd:63:3e:cb:c1:
         1e:19:e9:8f:d7:a1:23:32:b3:95:fe:86:af:50:3e:9a:7e:a0:
         78:a7:ac:03:a1:ba:34:c1:94:4b:d4:83:23:ee:52:e8:10:c4:
         6b:84:ae:56:9d:f0:2e:49:5f:6c:50:56:d6:20:be:5a:c4:8c:
         b8:0e:28:76:37:f1:76:26:38:04:e4:29:64:14:a2:89:df:70:
         87:26:4d:d4:df:8e:b9:93:28:94:81:a1:7d:6f:88:bd:cb:23:
         71:09:d1:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgv4FkvFilieoWnOkzKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZiYjgyOGY3YWFjZDI0MWNjMDA4MTlmMWQ3ODg3ZjBjODZiOWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLSkoJFs5B2hGf3xbqRx09FiS6Ms
AofjdDwsj5cc5c9/pI10XlcQEmA+uGYISG5njuDysjBusiSr7Fmy/8jqXE9Ipz0b
lQuvFAuesiZt7L6LzdjDepK5qaRooemnf/iBKnUUazUg2pv8pO6ywDLvn8c3uxQq
YpvhHSwaaBhHD3YPsuXFtDVTMcrVHxC0z1XM7BpYz19gXvmqcMtWYciFPNMFFYyS
Ywy3K9uuAk32vQ4iClRbbRAlZlW7PhXtDkY4qAS01TInf+iUuuWhpXvO3UoMShyM
caVZDCLU+Ky7X1ZIK+7Nn4Ahq4Yn6BxuAO+EHDAAEn5LZU3hO5YUMqYksQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD9ruCj3qs0kHMAIGfHXiH8Mhrm2MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvUDJ1NEtQZXF6U1Fjd0FnWjhkZUlmd3lHdWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhK+wA4A
MA0GCSqGSIb3DQEBCwUAA4IBAQAdT319kFhx1nE7iOFIU3DsKeEtgKioyEbCCcMC
JwBRBFaDMJ2ATYbtrFJ8cQi2HLC5IhUS5l4H+U3HKvCgyRm7Ude4W6jarWsIkVm1
zSvZqT/iTLAsGfTpnzLJIy0t08MYbkWvHZRRwl+BSo/8J4+OlojJcJMp0cAicEku
i2wSbjsVhmHNKsdHaIiNKFFAA6TODSKGVHZ6Vmmn7QH0/WM+y8EeGemP16EjMrOV
/oavUD6afqB4p6wDobo0wZRL1IMj7lLoEMRrhK5WnfAuSV9sUFbWIL5axIy4Dih2
N/F2JjgE5ClkFKKJ33CHJk3U3465kyiUgaF9b4i9yyNxCdFi
-----END CERTIFICATE-----