Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/34FAdHwe_ILWPqKzHQoH7XKtL4M.roa
File:                     34FAdHwe_ILWPqKzHQoH7XKtL4M.roa (raw, json)
Hash identifier:          dmiGksesjwlY29lbOo+2nFktgZzi7Bkgmhih/fJHh2s=
Subject key identifier:   DF:81:40:74:7C:1E:FC:82:D6:3E:A2:B3:1D:0A:07:ED:72:AD:2F:83
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A052FEB91B074F49A6D2A778A69F8
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/34FAdHwe_ILWPqKzHQoH7XKtL4M.roa
Signing time:             Mon 01 Jan 2024 18:29:48 +0000
ROA not before:           Mon 01 Jan 2024 18:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200111
IP address blocks:        2a12:bec0:120::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:05:2f:eb:91:b0:74:f4:9a:6d:2a:77:8a:69:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df8140747c1efc82d63ea2b31d0a07ed72ad2f83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:75:d7:b2:4f:65:bf:72:ac:89:0d:1a:7b:91:
                    36:c8:3c:5b:53:87:cd:88:af:f4:f8:88:17:7f:1f:
                    95:30:56:e6:b8:1a:64:33:a2:80:9d:e6:03:4a:fb:
                    30:91:6e:04:d0:6f:70:55:fe:fe:83:a7:b5:f1:ea:
                    8e:e9:f0:2f:1a:6b:36:9c:4e:a0:82:f3:19:5f:b1:
                    1f:d6:52:1b:98:ea:51:fe:1f:c4:65:36:88:7c:14:
                    1d:da:88:31:2d:90:83:18:0b:f6:d4:49:25:2c:16:
                    a7:78:08:07:45:5b:6d:49:8a:65:2f:d8:2b:79:78:
                    e8:15:66:63:24:1c:d4:8c:d0:55:49:1b:02:30:ea:
                    b5:49:45:4b:c0:1b:13:c5:0b:c4:a0:78:45:2c:d8:
                    b6:35:9b:24:60:50:f7:80:02:4c:c9:d0:0b:9b:ed:
                    1a:d4:d8:21:c7:62:b1:ce:13:30:3b:21:47:1c:96:
                    d5:b5:e1:6c:5f:79:81:1c:dd:51:de:5f:a6:67:bd:
                    cd:5d:db:aa:23:47:f9:f8:08:68:eb:39:67:72:5d:
                    51:eb:6a:d7:26:c3:17:56:63:fe:f7:cb:c5:ee:a2:
                    7b:44:c2:ce:1b:eb:9d:2b:d2:d8:b8:05:14:e1:18:
                    1a:74:61:fd:f6:9b:58:b3:4e:98:32:9a:f7:66:78:
                    a8:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:81:40:74:7C:1E:FC:82:D6:3E:A2:B3:1D:0A:07:ED:72:AD:2F:83
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/34FAdHwe_ILWPqKzHQoH7XKtL4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:120::/44

    Signature Algorithm: sha256WithRSAEncryption
         64:e6:f1:cb:8c:48:1c:2d:19:fd:8a:ec:14:89:f4:bf:d7:a2:
         30:c5:c7:11:26:92:a9:9e:91:8d:c8:68:4c:a0:2e:28:54:5f:
         d9:55:70:f4:68:13:e9:fe:82:b3:8f:fd:5c:f2:8a:47:00:e7:
         f0:15:7e:09:a2:13:4b:86:58:7f:b7:9b:07:9c:f7:45:8d:60:
         69:8b:32:ad:0a:bf:e2:91:51:f7:ad:0a:47:e0:40:57:e6:f6:
         ca:71:75:3d:4f:ea:0e:d1:61:4b:42:55:b3:d3:50:a9:11:0e:
         99:49:ba:6c:cf:7f:ba:d5:20:55:e5:35:e9:34:32:3d:8b:a6:
         0b:6b:d5:82:74:dc:f4:ef:b9:33:da:d0:08:73:b4:7f:00:cd:
         1f:ad:80:84:12:da:6e:42:88:d8:ad:44:27:f5:34:71:bc:39:
         5f:7c:61:24:c3:ac:7d:35:2b:a3:55:d3:6e:25:ea:0e:ec:ee:
         aa:7c:a4:aa:ed:0c:71:fb:53:80:57:ab:c3:44:e9:7e:c0:34:
         fd:5f:68:ed:aa:dc:72:34:33:23:aa:49:1f:bc:74:ec:ab:c3:
         fb:d3:8c:5b:00:54:58:48:b0:12:4c:d5:6f:4c:a5:16:37:18:
         76:99:3c:80:70:7b:31:7d:9b:f2:2f:08:00:5d:f1:24:8a:32:
         3b:bf:f3:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgUv65GwdPSabSp3imn4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjgxNDA3NDdjMWVmYzgyZDYzZWEyYjMxZDBhMDdlZDcyYWQyZjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXXXsk9lv3KsiQ0ae5E2yDxbU4fN
iK/0+IgXfx+VMFbmuBpkM6KAneYDSvswkW4E0G9wVf7+g6e18eqO6fAvGms2nE6g
gvMZX7Ef1lIbmOpR/h/EZTaIfBQd2ogxLZCDGAv21EklLBaneAgHRVttSYplL9gr
eXjoFWZjJBzUjNBVSRsCMOq1SUVLwBsTxQvEoHhFLNi2NZskYFD3gAJMydALm+0a
1Nghx2KxzhMwOyFHHJbVteFsX3mBHN1R3l+mZ73NXduqI0f5+Aho6zlncl1R62rX
JsMXVmP+98vF7qJ7RMLOG+udK9LYuAUU4RgadGH99ptYs06YMpr3ZnioyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN+BQHR8HvyC1j6isx0KB+1yrS+DMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMzRGQWRId2VfSUxXUHFLekhRb0g3WEt0TDRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAEg
MA0GCSqGSIb3DQEBCwUAA4IBAQBk5vHLjEgcLRn9iuwUifS/16IwxccRJpKpnpGN
yGhMoC4oVF/ZVXD0aBPp/oKzj/1c8opHAOfwFX4JohNLhlh/t5sHnPdFjWBpizKt
Cr/ikVH3rQpH4EBX5vbKcXU9T+oO0WFLQlWz01CpEQ6ZSbpsz3+61SBV5TXpNDI9
i6YLa9WCdNz077kz2tAIc7R/AM0frYCEEtpuQojYrUQn9TRxvDlffGEkw6x9NSuj
VdNuJeoO7O6qfKSq7Qxx+1OAV6vDROl+wDT9X2jtqtxyNDMjqkkfvHTsq8P704xb
AFRYSLASTNVvTKUWNxh2mTyAcHsxfZvyLwgAXfEkijI7v/NM
-----END CERTIFICATE-----