Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2py3Inc8u4TSPeiRj1MZlupMrbc.roa
File:                     2py3Inc8u4TSPeiRj1MZlupMrbc.roa (raw, json)
Hash identifier:          7LXD93h5Sj3vHl0TKjgGcAjc+y7yPDpicTHARpa8YNs=
Subject key identifier:   DA:9C:B7:22:77:3C:BB:84:D2:3D:E8:91:8F:53:19:96:EA:4C:AD:B7
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018D8E4A617506B88BCA6E0AFF820EF9B585
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2py3Inc8u4TSPeiRj1MZlupMrbc.roa
Signing time:             Fri 09 Feb 2024 14:34:15 +0000
ROA not before:           Fri 09 Feb 2024 14:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215538
IP address blocks:        2a12:bec0:6b0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8e:4a:61:75:06:b8:8b:ca:6e:0a:ff:82:0e:f9:b5:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Feb  9 14:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da9cb722773cbb84d23de8918f531996ea4cadb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b2:73:9a:3f:94:63:30:a5:fa:11:24:52:46:
                    fe:26:da:6f:e2:e5:40:39:8a:69:66:e2:ab:13:69:
                    4c:61:35:0b:36:a7:c3:84:f5:ad:e0:89:6b:6d:70:
                    0c:8f:44:6a:05:20:82:a2:94:43:97:df:d1:92:f3:
                    aa:0a:f8:b7:21:1d:33:06:c5:ce:0c:26:bf:6b:f4:
                    49:ea:b2:f9:51:43:75:84:89:be:c2:4e:1e:85:35:
                    84:d9:7b:4b:ae:0d:b0:58:79:98:20:c6:7c:34:2a:
                    0b:60:3c:53:24:5d:af:99:9c:fa:d3:ca:70:0e:67:
                    af:97:40:c5:2a:0a:71:d6:26:d6:fc:47:47:f1:a4:
                    be:eb:5c:7f:24:95:67:79:e8:18:b6:ee:4b:c6:5b:
                    fd:ad:a9:2a:83:4c:72:61:d3:66:3f:b8:7a:29:21:
                    fd:36:cf:db:11:a6:40:1c:c9:65:b8:ca:4e:cc:3c:
                    ff:23:71:03:15:87:a4:13:09:14:c5:b4:8b:d6:62:
                    73:17:34:3d:36:7e:d8:72:81:62:90:8d:ed:3b:6d:
                    85:36:92:a5:85:63:be:eb:5a:05:db:f8:1f:08:19:
                    00:91:84:d7:70:2f:20:37:95:3b:15:bb:81:db:33:
                    29:0b:58:ef:1b:7a:53:3d:c3:26:91:75:29:0a:32:
                    c0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:9C:B7:22:77:3C:BB:84:D2:3D:E8:91:8F:53:19:96:EA:4C:AD:B7
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2py3Inc8u4TSPeiRj1MZlupMrbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:6b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:30:44:34:5d:33:a9:94:50:90:04:67:fd:79:f4:71:81:45:
         ad:8b:11:80:30:ec:f8:29:3c:94:89:5d:9d:1d:cd:78:9e:32:
         3e:f7:14:1e:8f:08:ea:f6:ea:f9:2d:ba:f4:1e:62:ab:b3:30:
         41:75:61:06:21:f9:59:0f:f0:24:46:45:b8:fa:70:30:53:b8:
         6d:af:2d:21:99:e2:aa:8b:95:e6:b1:46:e9:1f:a0:c0:51:2a:
         5d:0e:71:ec:4a:f5:44:54:44:8f:4b:14:8c:2a:65:c5:6b:c5:
         ae:64:c8:d0:9e:73:5a:86:a6:cb:5c:d8:1a:1b:60:86:44:6f:
         01:7e:5f:b9:28:e8:dc:a5:dd:ae:7d:4a:63:11:01:14:a5:50:
         3b:3b:eb:6f:14:c2:ef:44:d0:b4:a7:d4:04:e4:39:e6:f0:0e:
         43:69:25:bc:90:87:ce:2b:2b:34:c6:f9:4b:66:52:b6:c7:4b:
         b4:1b:20:cf:50:f4:be:24:1f:66:5d:cb:7b:9f:08:fa:91:1a:
         82:24:69:cb:7a:54:a7:77:62:f8:93:b2:50:b0:05:5c:3f:c3:
         ca:34:23:ee:b8:a8:cd:ac:26:3f:00:a3:ea:12:85:4f:d6:5b:
         5e:16:38:b6:7b:39:11:b8:3d:23:32:0d:e8:95:9d:7f:45:05:
         48:ed:20:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2OSmF1BriLym4K/4IO+bWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMjA5MTQzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTljYjcyMjc3M2NiYjg0ZDIzZGU4OTE4ZjUzMTk5NmVhNGNhZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbJzmj+UYzCl+hEkUkb+Jtpv4uVA
OYppZuKrE2lMYTULNqfDhPWt4IlrbXAMj0RqBSCCopRDl9/RkvOqCvi3IR0zBsXO
DCa/a/RJ6rL5UUN1hIm+wk4ehTWE2XtLrg2wWHmYIMZ8NCoLYDxTJF2vmZz608pw
Dmevl0DFKgpx1ibW/EdH8aS+61x/JJVneegYtu5Lxlv9rakqg0xyYdNmP7h6KSH9
Ns/bEaZAHMlluMpOzDz/I3EDFYekEwkUxbSL1mJzFzQ9Nn7YcoFikI3tO22FNpKl
hWO+61oF2/gfCBkAkYTXcC8gN5U7FbuB2zMpC1jvG3pTPcMmkXUpCjLAtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNqctyJ3PLuE0j3okY9TGZbqTK23MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMnB5M0luYzh1NFRTUGVpUmoxTVpsdXBNcmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAaw
MA0GCSqGSIb3DQEBCwUAA4IBAQB9MEQ0XTOplFCQBGf9efRxgUWtixGAMOz4KTyU
iV2dHc14njI+9xQejwjq9ur5Lbr0HmKrszBBdWEGIflZD/AkRkW4+nAwU7htry0h
meKqi5XmsUbpH6DAUSpdDnHsSvVEVESPSxSMKmXFa8WuZMjQnnNahqbLXNgaG2CG
RG8Bfl+5KOjcpd2ufUpjEQEUpVA7O+tvFMLvRNC0p9QE5Dnm8A5DaSW8kIfOKys0
xvlLZlK2x0u0GyDPUPS+JB9mXct7nwj6kRqCJGnLelSnd2L4k7JQsAVcP8PKNCPu
uKjNrCY/AKPqEoVP1lteFji2ezkRuD0jMg3olZ1/RQVI7SCv
-----END CERTIFICATE-----