Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2hPQjCK5xQ6VELSYofOBNPOEjsE.roa
File:                     2hPQjCK5xQ6VELSYofOBNPOEjsE.roa (raw, json)
Hash identifier:          DJzUvz/SBooHUUQx2Bi8xRgNLNE/cR3wqh3dx0A8XTE=
Subject key identifier:   DA:13:D0:8C:22:B9:C5:0E:95:10:B4:98:A1:F3:81:34:F3:84:8E:C1
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A1126C8F003B17090633F0F098892
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2hPQjCK5xQ6VELSYofOBNPOEjsE.roa
Signing time:             Mon 01 Jan 2024 18:29:52 +0000
ROA not before:           Mon 01 Jan 2024 18:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216250
IP address blocks:        2a12:bec0:510::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:11:26:c8:f0:03:b1:70:90:63:3f:0f:09:88:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da13d08c22b9c50e9510b498a1f38134f3848ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:21:4e:2f:23:bd:80:33:69:25:d1:18:0f:4d:
                    ac:32:5c:2d:04:0c:4a:7e:bf:52:1e:a1:df:51:8c:
                    05:d4:8e:09:59:03:3f:1b:30:88:ae:6a:32:2a:23:
                    3f:81:91:ab:66:dd:90:c3:a7:b6:3a:e2:79:32:fd:
                    09:4a:9f:0d:56:df:f8:41:40:34:a6:07:c5:2c:7d:
                    06:4f:e1:4d:ef:99:b2:63:26:94:d3:e4:b0:fc:d1:
                    76:5e:9c:a1:76:f6:47:d4:c3:c7:91:28:94:b9:8e:
                    36:9c:7b:8f:78:1a:c0:01:65:43:78:84:8b:35:08:
                    92:e1:93:61:d0:60:0d:de:be:cb:e0:35:15:78:2a:
                    85:d4:4e:08:bf:90:e5:8c:e6:96:68:90:59:df:ae:
                    51:fa:ad:4c:05:61:4a:54:0b:61:99:59:20:43:f0:
                    c9:27:25:2c:e8:88:f1:57:30:0f:63:cb:e2:1a:3b:
                    75:4f:aa:53:36:4e:be:a7:03:4b:6a:d7:b6:d6:71:
                    08:b4:4d:d1:48:ce:81:30:bf:13:f9:6b:bf:e0:a4:
                    d8:02:34:1c:b2:52:2b:70:c3:2a:a4:ed:ec:e5:0f:
                    41:66:b4:e9:6f:cc:f8:24:f9:9c:ad:ec:1a:2a:e7:
                    db:48:35:87:db:64:f8:0e:90:2d:70:73:5f:95:53:
                    ee:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:13:D0:8C:22:B9:C5:0E:95:10:B4:98:A1:F3:81:34:F3:84:8E:C1
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2hPQjCK5xQ6VELSYofOBNPOEjsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:510::/44

    Signature Algorithm: sha256WithRSAEncryption
         10:35:f9:08:02:38:a6:25:9f:51:7d:33:58:44:85:64:05:6c:
         82:d5:7b:90:02:01:81:26:67:56:b6:ad:ba:0f:53:91:25:ac:
         b5:b8:85:86:4c:a8:7a:40:4d:80:3a:87:03:28:44:54:89:9f:
         5e:55:ff:66:1a:d2:14:81:aa:e1:1e:60:b1:8c:ca:70:70:d2:
         cf:6d:9a:fe:48:7f:e6:ab:97:5a:42:60:a7:8a:70:0f:20:ab:
         20:b5:d7:71:18:11:ce:14:b7:ed:f7:4a:8b:de:eb:25:a8:02:
         9a:78:f4:fb:80:99:ce:35:5f:f3:43:b4:5e:d1:39:25:bd:2a:
         40:83:b3:9d:64:8c:7f:90:89:b0:fa:cd:04:6f:64:56:9b:4a:
         50:16:09:66:85:23:6a:00:40:17:14:8f:1c:6d:2d:a6:a9:dc:
         c0:a6:ca:6c:b7:eb:bb:db:37:be:5a:db:07:f5:d9:4f:1a:af:
         11:2c:1d:ac:b3:ad:5e:5c:ab:89:34:5c:ee:4d:0d:c4:b7:4c:
         5b:e1:39:ab:b4:5e:19:85:29:d0:51:49:44:c8:b6:54:e0:82:
         97:67:bd:45:85:7d:a9:dd:d2:29:b2:59:f4:16:b1:3f:49:cd:
         fa:a9:36:7b:1f:25:5a:cf:eb:cf:d9:ca:39:a5:7a:22:38:0e:
         cf:46:c2:97
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGShEmyPADsXCQYz8PCYiSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTEzZDA4YzIyYjljNTBlOTUxMGI0OThhMWYzODEzNGYzODQ4ZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CFOLyO9gDNpJdEYD02sMlwtBAxK
fr9SHqHfUYwF1I4JWQM/GzCIrmoyKiM/gZGrZt2Qw6e2OuJ5Mv0JSp8NVt/4QUA0
pgfFLH0GT+FN75myYyaU0+Sw/NF2XpyhdvZH1MPHkSiUuY42nHuPeBrAAWVDeISL
NQiS4ZNh0GAN3r7L4DUVeCqF1E4Iv5DljOaWaJBZ365R+q1MBWFKVAthmVkgQ/DJ
JyUs6IjxVzAPY8viGjt1T6pTNk6+pwNLate21nEItE3RSM6BML8T+Wu/4KTYAjQc
slIrcMMqpO3s5Q9BZrTpb8z4JPmcrewaKufbSDWH22T4DpAtcHNflVPu5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNoT0IwiucUOlRC0mKHzgTTzhI7BMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMmhQUWpDSzV4UTZWRUxTWW9mT0JOUE9FanNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAUQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAQNfkIAjimJZ9RfTNYRIVkBWyC1XuQAgGBJmdW
tq26D1ORJay1uIWGTKh6QE2AOocDKERUiZ9eVf9mGtIUgarhHmCxjMpwcNLPbZr+
SH/mq5daQmCninAPIKsgtddxGBHOFLft90qL3uslqAKaePT7gJnONV/zQ7Re0Tkl
vSpAg7OdZIx/kImw+s0Eb2RWm0pQFglmhSNqAEAXFI8cbS2mqdzApspst+u72ze+
WtsH9dlPGq8RLB2ss61eXKuJNFzuTQ3Et0xb4TmrtF4ZhSnQUUlEyLZU4IKXZ71F
hX2p3dIpsln0FrE/Sc36qTZ7HyVaz+vP2co5pXoiOA7PRsKX
-----END CERTIFICATE-----