Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2_oknfDa6X3-iEgEHL2QNd1A3sg.roa
File:                     2_oknfDa6X3-iEgEHL2QNd1A3sg.roa (raw, json)
Hash identifier:          uOXtdslqa7Jsc8bOu+gdpBqvxHZCwjabrP9nId2TT7s=
Subject key identifier:   DB:FA:24:9D:F0:DA:E9:7D:FE:88:48:04:1C:BD:90:35:DD:40:DE:C8
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01938BBDC52200B2CC15921F95CE9B707883
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2_oknfDa6X3-iEgEHL2QNd1A3sg.roa
Signing time:             Tue 03 Dec 2024 08:58:10 +0000
ROA not before:           Tue 03 Dec 2024 08:58:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214771
IP address blocks:        2a12:bec4:1330::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Dec 2024 23:12:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:8b:bd:c5:22:00:b2:cc:15:92:1f:95:ce:9b:70:78:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Dec  3 08:58:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbfa249df0dae97dfe8848041cbd9035dd40dec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:18:e5:75:9b:55:e8:54:0e:5d:d9:18:4c:a9:
                    6c:16:8f:c8:0c:07:85:0e:0b:39:aa:e3:d9:ee:c8:
                    56:3b:8b:da:10:10:2e:25:8f:6f:89:80:91:5d:7c:
                    a8:e5:9a:96:01:80:00:ea:25:a8:4e:2b:77:c2:cb:
                    46:02:18:78:7e:6d:36:34:37:de:d8:71:9d:e7:82:
                    04:5a:47:47:b2:04:b4:73:98:f0:b6:68:91:b2:5d:
                    d3:5a:7d:47:2c:bd:76:fd:a7:06:b4:bd:29:b3:9b:
                    48:c4:94:0c:4a:44:02:03:a4:ca:f9:e3:35:e3:c6:
                    41:27:34:6b:53:02:7f:3f:67:bb:93:b7:50:c4:97:
                    3a:88:13:54:74:8f:73:b3:43:44:b6:c7:af:9f:df:
                    74:39:99:e9:ce:47:04:d4:f0:6a:a2:d3:46:cd:f4:
                    5e:60:07:38:d0:3b:96:be:a1:1a:ec:6e:ec:ee:8d:
                    39:0d:e7:7a:c4:2a:a9:d9:ce:d9:7e:52:4b:77:98:
                    61:a3:2d:08:91:23:0d:27:9d:8e:94:19:de:64:5f:
                    43:57:99:f3:59:44:eb:78:67:46:ad:d4:4b:f4:dd:
                    9b:9b:6e:90:d2:cf:e7:3e:e6:d3:cc:bd:ae:b8:59:
                    cc:a8:90:6d:58:f8:f8:fc:47:43:fe:93:54:9e:81:
                    0e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:FA:24:9D:F0:DA:E9:7D:FE:88:48:04:1C:BD:90:35:DD:40:DE:C8
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2_oknfDa6X3-iEgEHL2QNd1A3sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1330::/44

    Signature Algorithm: sha256WithRSAEncryption
         4a:c8:f6:5c:db:b1:89:7f:97:cd:6b:bf:3a:55:70:38:70:b7:
         61:08:41:cf:9b:f0:9f:21:2c:99:7c:84:05:d1:6e:90:49:52:
         ba:ff:71:54:61:1b:cf:67:8f:9a:a1:89:5b:b7:58:e6:0a:7a:
         46:5e:0b:83:fb:c1:7f:f6:ce:98:fd:ac:4e:b2:20:51:cb:1e:
         5c:85:cd:4f:27:70:c4:6e:4c:dd:95:0e:54:d3:b0:98:fe:02:
         b3:0d:62:28:58:d0:0f:8c:98:50:42:66:9c:b2:ca:01:ce:dc:
         68:2d:f8:ba:62:98:0d:84:30:60:9a:8f:74:5b:9d:66:6d:42:
         f4:49:e5:a6:2b:cf:a0:2b:84:c8:0d:86:74:08:05:ae:b6:64:
         76:b3:7d:4c:e2:4a:ca:08:df:ab:b3:14:17:e6:6e:f0:4b:50:
         e4:c2:f7:72:e2:92:76:6b:f1:14:5d:ba:bc:39:65:8a:25:af:
         28:bd:74:fc:25:62:81:e0:5d:39:b8:a0:ce:ee:69:3a:83:31:
         53:57:4b:8f:2f:b7:5f:bf:ec:c9:6b:39:9c:9e:33:95:9d:12:
         42:21:9c:d3:23:4f:b0:0d:a8:c6:f5:5d:f9:f0:65:51:01:59:
         64:74:f9:61:b1:39:17:26:80:e6:76:6c:85:5c:f3:8f:f1:dd:
         1c:3b:b7:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZOLvcUiALLMFZIflc6bcHiDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQxMjAzMDg1ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmZhMjQ5ZGYwZGFlOTdkZmU4ODQ4MDQxY2JkOTAzNWRkNDBkZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhjldZtV6FQOXdkYTKlsFo/IDAeF
Dgs5quPZ7shWO4vaEBAuJY9viYCRXXyo5ZqWAYAA6iWoTit3wstGAhh4fm02NDfe
2HGd54IEWkdHsgS0c5jwtmiRsl3TWn1HLL12/acGtL0ps5tIxJQMSkQCA6TK+eM1
48ZBJzRrUwJ/P2e7k7dQxJc6iBNUdI9zs0NEtsevn990OZnpzkcE1PBqotNGzfRe
YAc40DuWvqEa7G7s7o05Ded6xCqp2c7ZflJLd5hhoy0IkSMNJ52OlBneZF9DV5nz
WUTreGdGrdRL9N2bm26Q0s/nPubTzL2uuFnMqJBtWPj4/EdD/pNUnoEOqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNv6JJ3w2ul9/ohIBBy9kDXdQN7IMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMl9va25mRGE2WDMtaUVnRUhMMlFOZDFBM3NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBMw
MA0GCSqGSIb3DQEBCwUAA4IBAQBKyPZc27GJf5fNa786VXA4cLdhCEHPm/CfISyZ
fIQF0W6QSVK6/3FUYRvPZ4+aoYlbt1jmCnpGXguD+8F/9s6Y/axOsiBRyx5chc1P
J3DEbkzdlQ5U07CY/gKzDWIoWNAPjJhQQmacssoBztxoLfi6YpgNhDBgmo90W51m
bUL0SeWmK8+gK4TIDYZ0CAWutmR2s31M4krKCN+rsxQX5m7wS1Dkwvdy4pJ2a/EU
Xbq8OWWKJa8ovXT8JWKB4F05uKDO7mk6gzFTV0uPL7dfv+zJazmcnjOVnRJCIZzT
I0+wDajG9V358GVRAVlkdPlhsTkXJoDmdmyFXPOP8d0cO7dJ
-----END CERTIFICATE-----