Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2FOm0oWLZjZ9xssE_i0cxhR8dA0.roa
File:                     2FOm0oWLZjZ9xssE_i0cxhR8dA0.roa (raw, json)
Hash identifier:          s0aWh0SE7OaX7Ema4kW4x6Ghgh4F5F5xAUGpu8kVJ5A=
Subject key identifier:   D8:53:A6:D2:85:8B:66:36:7D:C6:CB:04:FE:2D:1C:C6:14:7C:74:0D
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC649FF7F061EE3E8B09EC00410D52161
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2FOm0oWLZjZ9xssE_i0cxhR8dA0.roa
Signing time:             Mon 01 Jan 2024 18:29:47 +0000
ROA not before:           Mon 01 Jan 2024 18:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198699
IP address blocks:        2a12:bec0:320::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ff:7f:06:1e:e3:e8:b0:9e:c0:04:10:d5:21:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d853a6d2858b66367dc6cb04fe2d1cc6147c740d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:5f:00:9c:63:4c:4d:b7:fb:8d:73:4f:49:e2:
                    0e:07:cb:a2:21:2c:b6:b6:3e:5a:f3:63:e3:9c:f7:
                    50:a9:60:4f:b8:2a:54:d8:d0:a4:df:9e:42:32:36:
                    56:31:6e:c9:fd:ca:a4:fe:8d:15:05:a1:15:ea:2b:
                    0b:b4:06:16:dd:b7:8f:42:f8:2b:b5:3e:4b:a7:2d:
                    3a:cc:eb:ae:49:88:1d:18:10:ac:67:90:70:bd:cb:
                    a3:fd:23:ce:c3:14:34:cf:09:94:f4:8c:a9:ed:61:
                    46:bc:61:4a:88:7f:e2:13:4d:91:b9:e0:fb:01:d8:
                    a1:c5:c2:f6:17:da:83:93:5c:45:b4:7c:4b:26:20:
                    b8:9d:c6:ae:8a:46:cf:cb:fa:aa:68:a9:4f:a0:12:
                    ab:ee:43:80:10:7e:6b:07:50:d7:e2:59:ed:e8:63:
                    61:b6:91:4e:59:4f:fa:c5:18:00:0d:27:1e:51:91:
                    a9:6c:6e:ea:54:d5:b0:8d:4c:af:13:c0:0e:5b:a9:
                    d0:33:16:6c:97:45:2c:1c:1c:31:a2:fd:db:ca:17:
                    fd:92:41:ec:7b:45:47:02:6f:ca:6c:65:7a:49:1d:
                    23:23:53:9f:c1:6d:ac:83:0c:98:71:a9:e2:56:0e:
                    71:3e:79:07:40:40:e5:31:b3:6c:55:19:dc:f7:c5:
                    2e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:53:A6:D2:85:8B:66:36:7D:C6:CB:04:FE:2D:1C:C6:14:7C:74:0D
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2FOm0oWLZjZ9xssE_i0cxhR8dA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:320::/44

    Signature Algorithm: sha256WithRSAEncryption
         a2:40:24:9a:f3:de:98:b3:ec:84:e3:0a:8d:14:52:17:84:61:
         a8:a2:21:ab:50:a9:69:df:ff:02:30:8d:e6:03:1f:8f:0e:9b:
         76:38:94:1f:4e:48:07:58:16:8e:c7:fa:96:b4:4c:b2:8b:62:
         21:ca:3e:6d:d2:24:0b:a3:5d:bf:10:bf:39:95:e2:3a:c6:52:
         80:b3:b1:af:4a:44:3a:cb:d1:e0:53:22:e4:f1:57:26:cd:9d:
         01:a3:7b:16:09:ef:3c:cc:8e:a5:e5:86:5d:04:35:49:7b:0f:
         a3:29:81:ec:6e:c6:e1:7b:4a:e2:09:32:27:85:38:cc:cc:16:
         6d:52:70:e9:ef:f8:4c:05:42:35:08:97:ac:c8:13:3b:9f:c2:
         ab:d7:88:34:99:84:e1:38:f1:5e:70:e4:31:a0:67:07:be:fb:
         7e:97:84:8e:9b:70:5f:ef:8b:9a:45:65:97:d4:e7:ee:49:ce:
         a2:a8:9a:23:e7:5a:5a:b4:c9:29:f5:83:1c:a9:70:6f:e3:fa:
         27:2a:18:41:03:e6:55:54:d2:5f:65:ce:e2:d2:57:0c:6a:41:
         ce:d1:1a:23:a7:29:a8:05:b4:eb:93:5c:24:cf:fd:71:c5:e5:
         08:4a:b8:bc:1f:11:bf:70:2a:73:fe:b9:f9:dc:16:a4:67:b0:
         e2:50:3e:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSf9/Bh7j6LCewAQQ1SFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODUzYTZkMjg1OGI2NjM2N2RjNmNiMDRmZTJkMWNjNjE0N2M3NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgl8AnGNMTbf7jXNPSeIOB8uiISy2
tj5a82PjnPdQqWBPuCpU2NCk355CMjZWMW7J/cqk/o0VBaEV6isLtAYW3bePQvgr
tT5Lpy06zOuuSYgdGBCsZ5Bwvcuj/SPOwxQ0zwmU9Iyp7WFGvGFKiH/iE02RueD7
AdihxcL2F9qDk1xFtHxLJiC4ncauikbPy/qqaKlPoBKr7kOAEH5rB1DX4lnt6GNh
tpFOWU/6xRgADSceUZGpbG7qVNWwjUyvE8AOW6nQMxZsl0UsHBwxov3byhf9kkHs
e0VHAm/KbGV6SR0jI1OfwW2sgwyYcaniVg5xPnkHQEDlMbNsVRnc98UutwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNhTptKFi2Y2fcbLBP4tHMYUfHQNMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMkZPbTBvV0xaalo5eHNzRV9pMGN4aFI4ZEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAMg
MA0GCSqGSIb3DQEBCwUAA4IBAQCiQCSa896Ys+yE4wqNFFIXhGGooiGrUKlp3/8C
MI3mAx+PDpt2OJQfTkgHWBaOx/qWtEyyi2Ihyj5t0iQLo12/EL85leI6xlKAs7Gv
SkQ6y9HgUyLk8VcmzZ0Bo3sWCe88zI6l5YZdBDVJew+jKYHsbsbhe0riCTInhTjM
zBZtUnDp7/hMBUI1CJesyBM7n8Kr14g0mYThOPFecOQxoGcHvvt+l4SOm3Bf74ua
RWWX1OfuSc6iqJoj51patMkp9YMcqXBv4/onKhhBA+ZVVNJfZc7i0lcMakHO0Roj
pymoBbTrk1wkz/1xxeUISri8HxG/cCpz/rn53BakZ7DiUD5e
-----END CERTIFICATE-----