Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/4-7VGYMV4Ybce7U5_N-L-4k94cY.roa
File:                     4-7VGYMV4Ybce7U5_N-L-4k94cY.roa (raw, json)
Hash identifier:          iktyuUABHwMOsKQIO5ryQarEhafgT7fLXUVbRGCxvw0=
Subject key identifier:   E3:EE:D5:19:83:15:E1:86:DC:7B:B5:39:FC:DF:8B:FB:89:3D:E1:C6
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018E5757F1BFE14955CC3573D7AEF9F439E1
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/4-7VGYMV4Ybce7U5_N-L-4k94cY.roa
Signing time:             Tue 19 Mar 2024 15:32:45 +0000
ROA not before:           Tue 19 Mar 2024 15:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215283
IP address blocks:        2a12:bec4:1100::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:57:57:f1:bf:e1:49:55:cc:35:73:d7:ae:f9:f4:39:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Mar 19 15:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3eed5198315e186dc7bb539fcdf8bfb893de1c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7b:ff:c4:12:46:a2:2b:13:ba:bf:48:e9:2c:
                    a9:13:b3:e7:ba:de:07:46:62:70:99:29:7b:c9:6f:
                    04:d3:b2:12:60:f5:0c:e4:e8:f8:88:e9:f6:a8:dc:
                    7e:33:a5:b7:35:3b:dc:5c:ec:5f:ab:7d:fa:e8:d6:
                    15:49:52:44:12:5d:c6:38:df:ff:b9:b5:58:fb:99:
                    7e:1b:88:39:a3:b7:03:8e:40:fc:56:20:5c:b1:e9:
                    bc:ab:46:03:28:43:1d:00:95:ae:96:8a:03:d1:53:
                    c0:63:85:05:de:50:b1:07:dd:ed:c1:01:b9:ac:80:
                    74:64:3e:2e:ff:37:e6:5f:fb:fd:43:f7:08:3c:b8:
                    dc:73:37:c0:6c:7a:69:8a:3e:fb:34:26:bb:53:1c:
                    fe:7e:03:a7:b2:87:4b:b3:12:0f:10:94:fc:bb:a9:
                    35:40:07:7f:aa:57:62:3a:eb:85:60:6d:91:1f:cb:
                    a3:1f:70:53:a2:8d:1a:f0:6b:ce:ee:7d:c7:58:4d:
                    a8:c1:1e:f4:89:8f:f8:08:8a:fa:c2:21:27:f6:5a:
                    72:2d:3d:43:29:93:a1:49:0a:8b:03:8f:eb:c9:bc:
                    8e:d4:c7:71:68:f3:d9:b9:53:7c:81:c3:b8:a6:e9:
                    81:df:eb:72:ff:37:2d:b6:df:7c:ce:f5:d8:80:70:
                    7b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:EE:D5:19:83:15:E1:86:DC:7B:B5:39:FC:DF:8B:FB:89:3D:E1:C6
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/4-7VGYMV4Ybce7U5_N-L-4k94cY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1100::/44

    Signature Algorithm: sha256WithRSAEncryption
         0b:41:3b:87:99:3b:57:8e:59:86:2f:9f:6f:b6:5b:cd:8a:45:
         9d:a6:0d:d2:7b:aa:a7:33:7a:26:cb:58:5e:3e:5b:17:bf:ae:
         8c:68:95:ee:11:c1:ee:7c:93:50:75:6e:82:94:b3:aa:fc:ab:
         23:67:1b:9e:a9:d2:ec:0d:89:79:57:c6:ad:05:a8:84:4a:02:
         97:df:83:d2:fb:e9:16:f8:d5:6d:3f:ad:31:3a:6b:81:93:6b:
         e0:8f:68:5f:00:a4:05:70:52:06:67:40:47:a5:9c:14:7b:49:
         6a:8e:7b:d3:d1:8e:6f:3c:ab:2b:67:29:34:15:69:bc:44:85:
         df:a2:64:50:b0:ad:8e:82:85:90:68:86:54:3e:f1:db:d4:30:
         ec:b5:ae:41:38:7c:47:74:95:58:68:46:b7:9d:d4:64:c1:aa:
         a0:4c:91:60:9f:e2:02:f3:17:97:89:da:70:c7:b4:e6:d2:2a:
         d4:e1:22:16:4b:76:85:7b:9d:c3:4c:50:03:80:a1:c6:93:6d:
         8e:95:6d:0e:b3:1c:8c:10:2f:3f:4c:4f:90:28:6b:de:13:05:
         6c:8a:37:c0:4f:86:a6:44:b9:4d:12:32:9c:c4:b9:7a:c4:f6:
         9c:ac:6c:66:85:92:d7:bc:1c:af:fd:54:49:9c:96:f8:78:2e:
         3e:46:83:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5XV/G/4UlVzDVz16759DnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMzE5MTUzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2VlZDUxOTgzMTVlMTg2ZGM3YmI1MzlmY2RmOGJmYjg5M2RlMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3v/xBJGoisTur9I6SypE7Pnut4H
RmJwmSl7yW8E07ISYPUM5Oj4iOn2qNx+M6W3NTvcXOxfq3366NYVSVJEEl3GON//
ubVY+5l+G4g5o7cDjkD8ViBcsem8q0YDKEMdAJWulooD0VPAY4UF3lCxB93twQG5
rIB0ZD4u/zfmX/v9Q/cIPLjcczfAbHppij77NCa7Uxz+fgOnsodLsxIPEJT8u6k1
QAd/qldiOuuFYG2RH8ujH3BToo0a8GvO7n3HWE2owR70iY/4CIr6wiEn9lpyLT1D
KZOhSQqLA4/rybyO1MdxaPPZuVN8gcO4pumB3+ty/zcttt98zvXYgHB7hwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOPu1RmDFeGG3Hu1Ofzfi/uJPeHGMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvNC03VkdZTVY0WWJjZTdVNV9OLUwtNGs5NGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBEA
MA0GCSqGSIb3DQEBCwUAA4IBAQALQTuHmTtXjlmGL59vtlvNikWdpg3Se6qnM3om
y1hePlsXv66MaJXuEcHufJNQdW6ClLOq/KsjZxueqdLsDYl5V8atBaiESgKX34PS
++kW+NVtP60xOmuBk2vgj2hfAKQFcFIGZ0BHpZwUe0lqjnvT0Y5vPKsrZyk0FWm8
RIXfomRQsK2OgoWQaIZUPvHb1DDsta5BOHxHdJVYaEa3ndRkwaqgTJFgn+IC8xeX
idpwx7Tm0irU4SIWS3aFe53DTFADgKHGk22OlW0OsxyMEC8/TE+QKGveEwVsijfA
T4amRLlNEjKcxLl6xPacrGxmhZLXvByv/VRJnJb4eC4+RoNv
-----END CERTIFICATE-----