Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/E4VrMyZVcocrG5VqUV3JjNFRvFU.roa
File:                     E4VrMyZVcocrG5VqUV3JjNFRvFU.roa (raw, json)
Hash identifier:          XeoCRgvHN2KXY2d1GveQE1l7aLi0as96dFR0R6o+AKQ=
Subject key identifier:   13:85:6B:33:26:55:72:87:2B:1B:95:6A:51:5D:C9:8C:D1:51:BC:55
Certificate issuer:       /CN=12b87c6caf81de3625fe1ce0559f39e30505a051
Certificate serial:       018CC6B9411FF53CDEE37E2BCC2E1FDA0646
Authority key identifier: 12:B8:7C:6C:AF:81:DE:36:25:FE:1C:E0:55:9F:39:E3:05:05:A0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Erh8bK-B3jYl_hzgVZ854wUFoFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/E4VrMyZVcocrG5VqUV3JjNFRvFU.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210070
IP address blocks:        2a0f:f7c0::/32 maxlen: 32
                          2a0f:f7c1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/Erh8bK-B3jYl_hzgVZ854wUFoFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/Erh8bK-B3jYl_hzgVZ854wUFoFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Erh8bK-B3jYl_hzgVZ854wUFoFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:41:1f:f5:3c:de:e3:7e:2b:cc:2e:1f:da:06:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12b87c6caf81de3625fe1ce0559f39e30505a051
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13856b33265572872b1b956a515dc98cd151bc55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b6:44:1a:2d:6a:3a:a6:c4:d5:d4:d8:50:81:
                    d0:a1:5f:06:72:32:cf:62:f6:1e:63:13:d9:df:26:
                    7a:ec:ed:7d:58:c8:25:52:e7:c8:92:68:ba:1e:b2:
                    69:04:af:22:6d:4a:b0:97:58:9e:54:52:92:0a:17:
                    db:6b:54:0b:a4:92:3d:81:5e:2a:42:b1:0b:19:5c:
                    2b:ad:cc:d4:38:27:41:06:07:1f:f8:a7:d7:72:12:
                    f8:64:92:0e:3a:ee:da:e9:a4:0d:4c:1d:ba:c5:75:
                    89:fb:ba:3a:f0:8c:3a:b3:65:af:6b:cf:47:fc:35:
                    8c:8f:0b:06:b6:78:e2:67:6b:99:5a:82:74:5c:a8:
                    77:f0:c9:42:a0:35:ff:a8:ed:f8:7e:f2:2f:de:e0:
                    bc:3b:18:83:48:ca:32:7d:76:f6:cb:22:b2:b9:f3:
                    9c:f0:26:ff:ba:5b:fa:26:c2:ff:d5:1f:3b:73:b9:
                    c7:09:9a:80:68:83:1b:0b:4e:3a:e3:42:cd:5a:a1:
                    6c:ba:5a:c3:66:5f:70:ba:68:d2:b1:75:de:7d:75:
                    0d:d8:28:07:73:44:aa:de:8c:97:59:36:b5:5b:74:
                    43:2e:eb:c5:4e:22:3e:28:17:05:30:21:12:70:d2:
                    b7:85:da:ea:ae:19:f1:d6:41:c6:d8:3b:eb:59:ae:
                    12:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:85:6B:33:26:55:72:87:2B:1B:95:6A:51:5D:C9:8C:D1:51:BC:55
            X509v3 Authority Key Identifier:
                keyid:12:B8:7C:6C:AF:81:DE:36:25:FE:1C:E0:55:9F:39:E3:05:05:A0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Erh8bK-B3jYl_hzgVZ854wUFoFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/E4VrMyZVcocrG5VqUV3JjNFRvFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/Erh8bK-B3jYl_hzgVZ854wUFoFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:f7c0::/31

    Signature Algorithm: sha256WithRSAEncryption
         64:62:47:f8:8a:3f:9d:8b:8d:ca:e7:a6:31:b5:0a:65:d7:92:
         d7:fa:ee:1a:28:7b:e4:7f:dc:40:57:36:fb:36:e7:b6:f4:f8:
         35:1f:67:56:11:dc:59:c7:01:f8:0e:94:01:3f:c4:8b:24:57:
         82:93:2d:d4:81:1b:fd:d9:80:6a:24:c8:ee:be:1d:13:42:d6:
         a4:02:e0:1e:4d:36:59:c9:3b:36:cc:39:5c:74:8a:1c:c1:fa:
         ff:f6:a8:eb:25:98:be:6e:17:cb:a4:34:e6:03:74:d2:49:3d:
         12:b5:75:a8:c2:94:10:fa:7c:ed:3b:15:11:7f:33:40:64:e8:
         23:10:50:8a:43:cc:b6:5c:1d:b3:05:e2:ae:57:56:f9:c7:f5:
         14:5a:95:2a:1a:b3:e9:3f:b8:40:f1:c5:d6:21:5f:9f:e0:4d:
         11:a9:dc:8f:83:4f:48:77:ce:11:77:9a:3f:28:b3:18:6c:c4:
         d2:f4:fd:fe:b0:dc:8e:8f:57:bf:85:af:05:26:a2:62:fb:8e:
         38:85:07:e3:9f:32:a6:6f:cd:82:1c:44:3d:a1:b6:fa:9e:ad:
         d1:14:9c:4d:6e:10:3d:4e:44:bb:9f:5e:25:e9:e5:11:c6:28:
         f2:aa:c7:f5:d8:43:2c:5e:a5:0f:83:c7:02:17:c5:01:0f:c6:
         87:8e:3b:c1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuUEf9Tze434rzC4f2gZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYjg3YzZjYWY4MWRlMzYyNWZlMWNlMDU1OWYzOWUzMDUw
NWEwNTEwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzg1NmIzMzI2NTU3Mjg3MmIxYjk1NmE1MTVkYzk4Y2QxNTFiYzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbZEGi1qOqbE1dTYUIHQoV8GcjLP
YvYeYxPZ3yZ67O19WMglUufIkmi6HrJpBK8ibUqwl1ieVFKSChfba1QLpJI9gV4q
QrELGVwrrczUOCdBBgcf+KfXchL4ZJIOOu7a6aQNTB26xXWJ+7o68Iw6s2Wva89H
/DWMjwsGtnjiZ2uZWoJ0XKh38MlCoDX/qO34fvIv3uC8OxiDSMoyfXb2yyKyufOc
8Cb/ulv6JsL/1R87c7nHCZqAaIMbC04640LNWqFsulrDZl9wumjSsXXefXUN2CgH
c0Sq3oyXWTa1W3RDLuvFTiI+KBcFMCEScNK3hdrqrhnx1kHG2DvrWa4SXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBOFazMmVXKHKxuValFdyYzRUbxVMB8GA1UdIwQY
MBaAFBK4fGyvgd42Jf4c4FWfOeMFBaBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXJoOGJLLUIzallsX2h6Z1ZaODU0d1VGb0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9lMjkzNGMtMDUzYS00Yjk3LWFhMmEt
NjI4MDhiYmJkZDIxLzEvRTRWck15WlZjb2NyRzVWcVVWM0pqTkZSdkZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9lMjkzNGMtMDUzYS00Yjk3LWFhMmEtNjI4MDhiYmJkZDIx
LzEvRXJoOGJLLUIzallsX2h6Z1ZaODU0d1VGb0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKg/3wDAN
BgkqhkiG9w0BAQsFAAOCAQEAZGJH+Io/nYuNyuemMbUKZdeS1/ruGih75H/cQFc2
+zbntvT4NR9nVhHcWccB+A6UAT/EiyRXgpMt1IEb/dmAaiTI7r4dE0LWpALgHk02
Wck7Nsw5XHSKHMH6//ao6yWYvm4Xy6Q05gN00kk9ErV1qMKUEPp87TsVEX8zQGTo
IxBQikPMtlwdswXirldW+cf1FFqVKhqz6T+4QPHF1iFfn+BNEancj4NPSHfOEXea
PyizGGzE0vT9/rDcjo9Xv4WvBSaiYvuOOIUH458ypm/NghxEPaG2+p6t0RScTW4Q
PU5Eu59eJenlEcYo8qrH9dhDLF6lD4PHAhfFAQ/Gh447wQ==
-----END CERTIFICATE-----