Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/gF6AKed4couVOz3NOJqCQYCLevk.roa
File:                     gF6AKed4couVOz3NOJqCQYCLevk.roa (raw, json)
Hash identifier:          6l/9r+cSuVPSnWGdowJTLgijOZRa+XbwTnTFR/9ssTk=
Subject key identifier:   80:5E:80:29:E7:78:72:8B:95:3B:3D:CD:38:9A:82:41:80:8B:7A:F9
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A0855B1FDB7DFE6B76EC19F11AF28
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/gF6AKed4couVOz3NOJqCQYCLevk.roa
Signing time:             Mon 01 Jan 2024 18:29:49 +0000
ROA not before:           Mon 01 Jan 2024 18:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207304
IP address blocks:        2a12:bec0:360::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:08:55:b1:fd:b7:df:e6:b7:6e:c1:9f:11:af:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=805e8029e778728b953b3dcd389a8241808b7af9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:41:28:95:98:4e:c4:7e:6d:58:1d:31:b3:bd:
                    9e:f5:dc:26:e0:c3:b3:d4:16:72:5a:7b:8a:51:e0:
                    92:65:0f:07:ad:43:03:5f:2e:be:94:1f:0d:c6:57:
                    56:bd:85:e9:6c:bc:1b:f3:d4:27:5b:9f:b3:f6:4c:
                    15:cd:49:d4:80:89:d9:97:60:d2:81:9e:1e:0d:19:
                    37:ae:0d:4c:17:b7:77:75:c2:7a:8c:f7:81:75:95:
                    53:13:40:6b:94:0f:40:09:97:75:bc:47:a2:9f:96:
                    1a:d7:51:0e:f2:1f:85:03:c2:3e:b6:32:fd:a5:ae:
                    62:4d:8b:f6:9c:36:ea:4f:d4:95:fd:dd:91:92:8c:
                    c4:01:9e:34:a3:c8:dd:85:65:53:55:29:90:8d:1f:
                    37:93:07:4f:89:3a:ca:1e:f1:99:02:b6:5b:31:34:
                    4b:a6:3c:5d:52:b0:a9:7b:e6:eb:c9:c8:bb:67:2f:
                    89:84:1c:98:41:d4:bb:62:9a:d2:68:ed:83:ae:47:
                    d4:3a:70:9f:5a:a4:4d:a4:99:87:b7:e0:c5:b2:85:
                    ab:4f:ea:97:93:e4:14:a9:1a:9e:0e:fd:6b:b8:14:
                    a4:d4:b3:36:1f:30:e3:d2:20:f0:a7:94:23:61:7e:
                    d5:d0:a2:8e:96:74:a7:92:ba:e9:59:1d:c9:9d:59:
                    27:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:5E:80:29:E7:78:72:8B:95:3B:3D:CD:38:9A:82:41:80:8B:7A:F9
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/gF6AKed4couVOz3NOJqCQYCLevk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:360::/44

    Signature Algorithm: sha256WithRSAEncryption
         a9:ee:04:9c:98:7f:5b:20:7f:4b:82:2d:9f:30:47:d9:b7:42:
         bf:4d:3e:83:20:67:25:c0:06:5b:41:a5:17:3b:7d:d8:b6:d8:
         ec:99:6c:6d:34:c9:c9:54:8b:78:36:4c:64:a0:48:ee:34:d6:
         52:80:48:06:04:78:20:4a:94:89:47:c9:11:ea:cc:62:02:e4:
         d6:e4:ec:52:9b:50:a5:6d:a3:4e:77:6d:f1:30:99:71:76:76:
         dd:1b:d3:9f:c4:c5:9d:79:2a:8a:3b:67:1f:03:98:46:df:f4:
         e9:ab:e2:4e:55:15:f6:f0:a4:ad:4b:eb:ae:50:55:81:b0:68:
         71:22:c5:56:39:05:e4:68:a1:9e:63:1c:f8:d0:26:55:d2:23:
         28:19:8b:4c:bc:e0:18:9b:f9:ba:f7:a0:54:88:79:ba:ae:de:
         c8:cd:0f:c2:5b:a9:58:a1:0e:82:f3:2a:c9:1b:e4:13:85:9d:
         b6:3a:db:d0:8b:15:74:67:f7:30:77:e7:f0:22:64:52:5e:92:
         6f:ec:6f:e2:35:13:3c:a5:e7:31:7c:93:26:6f:68:d0:75:a9:
         ec:c1:a9:e6:24:9b:0d:55:a5:40:9c:8e:5e:bc:58:b0:76:ee:
         89:22:88:07:e8:57:db:94:05:1a:f9:65:a2:0e:3c:6b:16:6c:
         32:65:27:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSghVsf233+a3bsGfEa8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDVlODAyOWU3Nzg3MjhiOTUzYjNkY2QzODlhODI0MTgwOGI3YWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEEolZhOxH5tWB0xs72e9dwm4MOz
1BZyWnuKUeCSZQ8HrUMDXy6+lB8NxldWvYXpbLwb89QnW5+z9kwVzUnUgInZl2DS
gZ4eDRk3rg1MF7d3dcJ6jPeBdZVTE0BrlA9ACZd1vEein5Ya11EO8h+FA8I+tjL9
pa5iTYv2nDbqT9SV/d2RkozEAZ40o8jdhWVTVSmQjR83kwdPiTrKHvGZArZbMTRL
pjxdUrCpe+bryci7Zy+JhByYQdS7YprSaO2DrkfUOnCfWqRNpJmHt+DFsoWrT+qX
k+QUqRqeDv1ruBSk1LM2HzDj0iDwp5QjYX7V0KKOlnSnkrrpWR3JnVkn9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIBegCnneHKLlTs9zTiagkGAi3r5MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvZ0Y2QUtlZDRjb3VWT3ozTk9KcUNRWUNMZXZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wANg
MA0GCSqGSIb3DQEBCwUAA4IBAQCp7gScmH9bIH9Lgi2fMEfZt0K/TT6DIGclwAZb
QaUXO33YttjsmWxtNMnJVIt4NkxkoEjuNNZSgEgGBHggSpSJR8kR6sxiAuTW5OxS
m1ClbaNOd23xMJlxdnbdG9OfxMWdeSqKO2cfA5hG3/Tpq+JOVRX28KStS+uuUFWB
sGhxIsVWOQXkaKGeYxz40CZV0iMoGYtMvOAYm/m696BUiHm6rt7IzQ/CW6lYoQ6C
8yrJG+QThZ22OtvQixV0Z/cwd+fwImRSXpJv7G/iNRM8pecxfJMmb2jQdanswanm
JJsNVaVAnI5evFiwdu6JIogH6FfblAUa+WWiDjxrFmwyZSca
-----END CERTIFICATE-----