Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1-qE4rQdFrmhSIyjTnG1RvOfQkQ8.roa
File:                     1-qE4rQdFrmhSIyjTnG1RvOfQkQ8.roa (raw, json)
Hash identifier:          /ug06Z6olPs4yyvDu2nFx2IxO8SxKT12tichAJ2io5w=
Subject key identifier:   FA:A1:38:AD:07:45:AE:68:52:23:28:D3:9C:6D:51:BC:E7:D0:91:0F
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0190FBD8248AFA045C6F48FCD8B41A5A3A38
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1-qE4rQdFrmhSIyjTnG1RvOfQkQ8.roa
Signing time:             Mon 29 Jul 2024 00:16:04 +0000
ROA not before:           Mon 29 Jul 2024 00:16:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214980
IP address blocks:        2a12:bec4:1240::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fb:d8:24:8a:fa:04:5c:6f:48:fc:d8:b4:1a:5a:3a:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jul 29 00:16:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faa138ad0745ae68522328d39c6d51bce7d0910f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:a8:77:3a:16:c4:9d:14:f6:b7:cf:6d:3c:25:
                    76:fd:c7:db:85:f3:d8:dc:75:33:19:43:58:8a:56:
                    4d:fc:b7:05:d7:74:bc:3b:96:fc:21:56:73:7a:89:
                    94:2d:7c:ec:af:f1:18:7a:dc:41:d1:23:bd:c4:d6:
                    a7:09:10:be:cd:97:73:f4:71:07:8b:19:ef:28:e6:
                    e8:fc:8d:b5:7c:94:62:33:3c:1f:d3:3e:13:dd:11:
                    ec:06:71:85:4c:69:31:95:5c:c3:58:8c:9e:66:2f:
                    70:53:0d:6e:41:20:00:06:b8:03:c5:3b:63:f0:2e:
                    06:7d:38:a2:eb:a5:d3:58:1f:05:8d:08:fd:90:67:
                    ac:05:6b:40:d9:33:cd:29:7a:d5:ea:93:ef:9c:c8:
                    80:e1:46:25:6e:93:e5:2f:3f:62:4c:04:1c:cc:61:
                    44:05:6e:1c:12:12:cc:35:d3:c4:89:17:66:ef:51:
                    f8:d9:26:ca:d6:4f:4c:12:0f:94:cb:e7:c5:4b:36:
                    41:da:b2:a3:9a:33:cc:5b:1f:82:30:25:13:c3:36:
                    a6:94:7e:47:a3:ae:69:89:9e:fa:81:f7:a0:02:88:
                    e1:80:16:23:a8:dd:eb:17:38:45:db:c6:d2:77:3c:
                    d2:17:39:da:46:5f:01:b6:fb:be:99:d9:69:58:4e:
                    64:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:A1:38:AD:07:45:AE:68:52:23:28:D3:9C:6D:51:BC:E7:D0:91:0F
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1-qE4rQdFrmhSIyjTnG1RvOfQkQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1240::/44

    Signature Algorithm: sha256WithRSAEncryption
         2e:16:f8:75:fd:40:33:f4:60:24:5f:20:58:cf:e6:f6:3e:92:
         d7:f7:93:d5:5c:71:7b:92:0c:d4:7d:b7:ac:0d:7f:19:b8:6f:
         18:ac:6c:8c:5a:ea:8b:14:06:78:9c:94:fb:25:aa:3d:af:13:
         80:68:f8:64:1e:24:56:57:83:04:d8:db:1c:c7:13:e6:ed:18:
         e1:57:ac:1b:10:f6:c8:d2:13:0f:a4:a8:bc:67:95:1a:ea:46:
         58:27:45:a6:a7:4a:42:5a:db:c5:b7:18:42:9f:7a:e1:e8:0d:
         a6:3c:b9:ca:74:0d:60:b4:49:b4:17:09:0a:a5:74:c9:b4:05:
         6d:fd:4a:c4:08:c9:d5:db:6b:3d:4a:15:ac:14:e6:09:66:fc:
         6c:c3:83:e6:13:dd:2b:76:46:51:72:d2:99:56:32:83:ca:09:
         3d:90:1b:cd:1e:c6:ae:74:32:77:29:c0:e8:93:4e:28:73:3c:
         22:89:74:87:36:8b:30:08:1a:e4:e5:6b:5d:53:97:f8:81:50:
         7a:60:10:6b:5a:d5:f1:42:2d:6e:06:3f:02:28:1a:4d:3c:13:
         d1:e8:7e:7a:d4:77:5d:e7:ea:20:21:e8:60:89:21:9e:6b:40:
         f8:5e:2e:35:c6:ea:3d:7b:fb:17:05:87:49:8d:ac:fc:b5:db:
         d0:bb:98:23
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZD72CSK+gRcb0j82LQaWjo4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwNzI5MDAxNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWExMzhhZDA3NDVhZTY4NTIyMzI4ZDM5YzZkNTFiY2U3ZDA5MTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ah3OhbEnRT2t89tPCV2/cfbhfPY
3HUzGUNYilZN/LcF13S8O5b8IVZzeomULXzsr/EYetxB0SO9xNanCRC+zZdz9HEH
ixnvKObo/I21fJRiMzwf0z4T3RHsBnGFTGkxlVzDWIyeZi9wUw1uQSAABrgDxTtj
8C4GfTii66XTWB8FjQj9kGesBWtA2TPNKXrV6pPvnMiA4UYlbpPlLz9iTAQczGFE
BW4cEhLMNdPEiRdm71H42SbK1k9MEg+Uy+fFSzZB2rKjmjPMWx+CMCUTwzamlH5H
o65piZ76gfegAojhgBYjqN3rFzhF28bSdzzSFznaRl8Btvu+mdlpWE5kkQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPqhOK0HRa5oUiMo05xtUbzn0JEPMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMS1xRTRyUWRGcm1oU0l5alRuRzFSdk9mUWtROC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODcvOTdmNDlhLTdhOTUtNGRkNS04Yzc0LTU1MzY5Y2Y1MDdl
ZS8xL3MzNGhXa0ZlMTdYZVMyM0JMeTk3ZDFERDFtOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoSvsQS
QDANBgkqhkiG9w0BAQsFAAOCAQEALhb4df1AM/RgJF8gWM/m9j6S1/eT1Vxxe5IM
1H23rA1/GbhvGKxsjFrqixQGeJyU+yWqPa8TgGj4ZB4kVleDBNjbHMcT5u0Y4Ves
GxD2yNITD6SovGeVGupGWCdFpqdKQlrbxbcYQp964egNpjy5ynQNYLRJtBcJCqV0
ybQFbf1KxAjJ1dtrPUoVrBTmCWb8bMOD5hPdK3ZGUXLSmVYyg8oJPZAbzR7GrnQy
dynA6JNOKHM8Iol0hzaLMAga5OVrXVOX+IFQemAQa1rV8UItbgY/AigaTTwT0eh+
etR3XefqICHoYIkhnmtA+F4uNcbqPXv7FwWHSY2s/LXb0LuYIw==
-----END CERTIFICATE-----