Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/5B1-hEVL8F0B-kUmm9qkv3nIrs4.roa
File:                     5B1-hEVL8F0B-kUmm9qkv3nIrs4.roa (raw, json)
Hash identifier:          q1MrrbHkvePypmky6ePtodKUy5lpijF4YufbTYHcxHE=
Subject key identifier:   E4:1D:7E:84:45:4B:F0:5D:01:FA:45:26:9B:DA:A4:BF:79:C8:AE:CE
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A0E9F98A10886D0773C25B5C97D42
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/5B1-hEVL8F0B-kUmm9qkv3nIrs4.roa
Signing time:             Mon 01 Jan 2024 18:29:51 +0000
ROA not before:           Mon 01 Jan 2024 18:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215965
IP address blocks:        2a12:bec0:600::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:0e:9f:98:a1:08:86:d0:77:3c:25:b5:c9:7d:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e41d7e84454bf05d01fa45269bdaa4bf79c8aece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f1:15:21:5e:d8:4a:92:9b:39:e6:2b:b8:11:
                    68:c9:ef:67:8b:12:0d:66:be:a3:f6:e7:05:f9:15:
                    ed:31:de:4a:96:aa:5d:52:eb:22:85:ae:df:90:6c:
                    f9:42:a8:b0:ef:57:0a:a1:63:e8:bc:3e:eb:7c:a8:
                    97:d4:44:b9:db:c7:b8:29:35:18:1f:c7:23:03:07:
                    42:97:6f:ea:fe:b6:4b:c8:c4:71:b3:5a:fe:27:21:
                    d3:cf:0e:8e:82:26:0b:48:e0:dd:f8:18:cc:ec:4d:
                    34:8b:b0:08:83:21:d3:c7:34:57:e6:df:a9:8b:ce:
                    5f:00:e3:43:2a:14:1a:0a:b0:72:c5:e3:0a:1f:12:
                    5b:03:e1:5e:6d:d8:aa:26:e9:82:a0:4d:d8:06:1d:
                    c9:40:a3:66:15:e6:66:6e:5a:b0:b4:ed:d6:28:cf:
                    1f:4a:35:c2:73:73:76:3e:1e:43:56:be:9a:32:97:
                    b3:7c:7d:2c:f6:d2:c8:57:fa:b3:65:c8:42:df:7a:
                    5b:36:66:90:0f:e4:db:e3:40:62:a0:c6:2b:88:e4:
                    92:b9:80:1c:f7:06:2a:2e:5b:a6:b4:d6:85:16:cd:
                    fa:d0:d5:1c:ff:6f:1d:59:ee:a0:5a:3c:7e:dd:ab:
                    79:00:4b:33:9a:e5:4c:48:1c:4e:4d:4f:2b:77:1a:
                    66:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:1D:7E:84:45:4B:F0:5D:01:FA:45:26:9B:DA:A4:BF:79:C8:AE:CE
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/5B1-hEVL8F0B-kUmm9qkv3nIrs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:600::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:4e:db:0f:43:a7:2a:dc:df:ff:3c:6d:d2:cb:4c:60:88:5c:
         27:95:b5:08:c3:01:de:b0:67:a1:d9:12:d5:37:79:0a:ee:0d:
         a9:2a:72:06:e2:02:9d:b0:1d:b8:6b:b6:d8:98:38:18:f1:ff:
         80:3f:ff:1d:f1:41:4e:10:6d:68:a1:3e:7f:2b:cd:e6:ae:8e:
         c3:53:08:57:b9:c3:12:ba:7e:76:d4:c3:64:ef:95:cd:e2:09:
         27:2e:fc:2c:98:c0:01:6f:a5:01:22:aa:b0:a3:b8:ef:b8:62:
         08:32:f5:9c:ff:2f:3f:81:48:ae:d6:2c:29:f4:ea:b4:ce:a3:
         bd:1b:2c:d9:38:35:1d:76:9b:be:bd:25:aa:17:a9:5e:ad:39:
         43:fa:20:64:e7:80:91:3c:c5:7a:b8:11:99:9d:a7:a1:3d:0a:
         df:a8:32:53:33:49:74:d5:c7:dc:1a:32:2f:78:61:d7:cb:a9:
         3b:62:c9:79:33:68:1f:5c:12:50:75:d7:d0:10:23:f8:7a:d1:
         e5:e1:81:26:43:b9:12:ae:20:ba:db:f5:ba:48:82:38:46:c7:
         a1:ce:8a:0e:7e:f7:96:ed:97:1f:34:39:0d:36:43:a8:db:9b:
         73:a7:10:16:89:c4:b1:a6:19:79:9a:5e:37:a0:79:71:43:9f:
         f6:75:10:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSg6fmKEIhtB3PCW1yX1CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDFkN2U4NDQ1NGJmMDVkMDFmYTQ1MjY5YmRhYTRiZjc5YzhhZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPEVIV7YSpKbOeYruBFoye9nixIN
Zr6j9ucF+RXtMd5KlqpdUusiha7fkGz5Qqiw71cKoWPovD7rfKiX1ES528e4KTUY
H8cjAwdCl2/q/rZLyMRxs1r+JyHTzw6OgiYLSODd+BjM7E00i7AIgyHTxzRX5t+p
i85fAONDKhQaCrByxeMKHxJbA+FebdiqJumCoE3YBh3JQKNmFeZmblqwtO3WKM8f
SjXCc3N2Ph5DVr6aMpezfH0s9tLIV/qzZchC33pbNmaQD+Tb40BioMYriOSSuYAc
9wYqLlumtNaFFs360NUc/28dWe6gWjx+3at5AEszmuVMSBxOTU8rdxpmlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOQdfoRFS/BdAfpFJpvapL95yK7OMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvNUIxLWhFVkw4RjBCLWtVbW05cWt2M25JcnM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAYA
MA0GCSqGSIb3DQEBCwUAA4IBAQBVTtsPQ6cq3N//PG3Sy0xgiFwnlbUIwwHesGeh
2RLVN3kK7g2pKnIG4gKdsB24a7bYmDgY8f+AP/8d8UFOEG1ooT5/K83mro7DUwhX
ucMSun521MNk75XN4gknLvwsmMABb6UBIqqwo7jvuGIIMvWc/y8/gUiu1iwp9Oq0
zqO9GyzZODUddpu+vSWqF6lerTlD+iBk54CRPMV6uBGZnaehPQrfqDJTM0l01cfc
GjIveGHXy6k7Ysl5M2gfXBJQddfQECP4etHl4YEmQ7kSriC62/W6SII4RsehzooO
fveW7ZcfNDkNNkOo25tzpxAWicSxphl5ml43oHlxQ5/2dRBI
-----END CERTIFICATE-----