Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/9X6lK-5qTTgqKrULGeD4VU8wZwA.roa
File:                     9X6lK-5qTTgqKrULGeD4VU8wZwA.roa (raw, json)
Hash identifier:          gPrdDvMynF2CRJLbIJR+vi3Pcq+V1rbrBMuVtZ7mWus=
Subject key identifier:   F5:7E:A5:2B:EE:6A:4D:38:2A:2A:B5:0B:19:E0:F8:55:4F:30:67:00
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A0013045C72809843D602E82F69EB
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/9X6lK-5qTTgqKrULGeD4VU8wZwA.roa
Signing time:             Mon 01 Jan 2024 18:29:47 +0000
ROA not before:           Mon 01 Jan 2024 18:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199030
IP address blocks:        2a12:bec0:1e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:00:13:04:5c:72:80:98:43:d6:02:e8:2f:69:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f57ea52bee6a4d382a2ab50b19e0f8554f306700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:18:70:ae:d3:e8:40:b6:94:57:19:d4:11:4a:
                    e6:ae:c0:17:97:93:da:22:06:3a:b7:66:fd:52:15:
                    73:65:73:de:6b:11:ce:1a:63:f0:d3:8d:ad:82:30:
                    36:9d:fd:c2:2b:1a:d3:c3:10:af:4f:a5:44:db:db:
                    24:9e:8f:6b:57:9d:da:d6:45:8f:fa:2b:10:6e:71:
                    9c:10:ce:ae:6d:1c:4a:aa:2f:b0:3d:2d:d0:15:41:
                    08:89:f6:cc:b2:1a:f5:84:d2:9d:5e:cf:d8:de:9e:
                    3d:cd:ea:e0:41:2b:b4:9d:c1:d9:b9:53:20:3a:67:
                    3f:cc:5f:4f:3a:e0:3f:05:2b:94:84:c6:c4:d5:8e:
                    bd:08:ae:fd:33:d0:61:3d:a2:91:b0:85:25:68:df:
                    ae:48:61:a7:83:71:29:f5:44:60:4e:06:1d:40:38:
                    5b:4e:ee:9a:1a:75:48:56:93:b8:cf:c8:e2:f0:e4:
                    ca:97:79:39:5a:f7:0d:39:45:96:d2:3a:a5:d3:8b:
                    48:e2:00:75:6f:9b:35:52:46:6c:5c:82:c9:54:7d:
                    87:48:a4:fc:f6:a6:8d:5a:75:e8:f3:b2:40:b3:df:
                    d5:53:22:75:f0:ec:a7:52:b6:90:54:98:78:3c:8f:
                    f0:b7:b6:a7:a4:63:ee:c6:1e:76:60:9e:59:96:ee:
                    24:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:7E:A5:2B:EE:6A:4D:38:2A:2A:B5:0B:19:E0:F8:55:4F:30:67:00
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/9X6lK-5qTTgqKrULGeD4VU8wZwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:1e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         79:ec:b8:a6:cc:76:25:7b:c2:c1:28:69:e2:57:40:3e:3d:3f:
         28:3e:12:0d:a1:0d:a9:62:cf:00:a2:36:66:26:42:3c:b4:5d:
         2c:1f:d7:01:d1:cb:73:6f:dd:69:20:ad:0f:87:64:4a:7c:d8:
         7e:45:a2:eb:0c:8d:2c:90:f5:37:90:20:af:38:19:b5:f6:af:
         32:05:9c:56:d5:28:31:d9:63:a2:a4:75:f8:cf:64:69:e5:ba:
         bb:0e:ab:a4:e9:a6:41:13:b7:14:f8:dc:59:fe:c5:06:de:87:
         2e:42:17:a0:e6:20:29:bf:28:fc:58:00:bf:0e:5e:f3:61:af:
         23:4f:e6:10:82:95:ba:2a:5d:20:ae:54:f6:b0:b8:31:ba:b1:
         79:ed:89:6d:c5:82:cc:b5:db:73:63:85:a8:16:d7:eb:98:ec:
         ab:2d:41:93:a8:0f:62:f0:21:2a:ec:87:62:e3:10:fb:8a:b6:
         5c:60:86:53:a3:56:7f:f0:2b:e3:52:6b:5d:81:b8:2d:e6:33:
         4b:a3:ed:b1:a5:89:51:4e:c5:d5:5a:80:e9:27:21:1d:86:01:
         a8:a8:e1:c3:79:3f:39:3d:a4:4f:b4:fe:b1:a5:e0:7f:8c:0b:
         43:31:29:08:4f:5d:ce:b3:69:d3:3d:e4:e8:f3:0a:69:4b:1e:
         20:19:29:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgATBFxygJhD1gLoL2nrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTdlYTUyYmVlNmE0ZDM4MmEyYWI1MGIxOWUwZjg1NTRmMzA2NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hhwrtPoQLaUVxnUEUrmrsAXl5Pa
IgY6t2b9UhVzZXPeaxHOGmPw042tgjA2nf3CKxrTwxCvT6VE29skno9rV53a1kWP
+isQbnGcEM6ubRxKqi+wPS3QFUEIifbMshr1hNKdXs/Y3p49zergQSu0ncHZuVMg
Omc/zF9POuA/BSuUhMbE1Y69CK79M9BhPaKRsIUlaN+uSGGng3Ep9URgTgYdQDhb
Tu6aGnVIVpO4z8ji8OTKl3k5WvcNOUWW0jql04tI4gB1b5s1UkZsXILJVH2HSKT8
9qaNWnXo87JAs9/VUyJ18OynUraQVJh4PI/wt7anpGPuxh52YJ5Zlu4kuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPV+pSvuak04Kiq1Cxng+FVPMGcAMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvOVg2bEstNXFUVGdxS3JVTEdlRDRWVTh3WndBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAHg
MA0GCSqGSIb3DQEBCwUAA4IBAQB57LimzHYle8LBKGniV0A+PT8oPhINoQ2pYs8A
ojZmJkI8tF0sH9cB0ctzb91pIK0Ph2RKfNh+RaLrDI0skPU3kCCvOBm19q8yBZxW
1Sgx2WOipHX4z2Rp5bq7Dquk6aZBE7cU+NxZ/sUG3ocuQheg5iApvyj8WAC/Dl7z
Ya8jT+YQgpW6Kl0grlT2sLgxurF57YltxYLMtdtzY4WoFtfrmOyrLUGTqA9i8CEq
7Idi4xD7irZcYIZTo1Z/8CvjUmtdgbgt5jNLo+2xpYlRTsXVWoDpJyEdhgGoqOHD
eT85PaRPtP6xpeB/jAtDMSkIT13Os2nTPeTo8wppSx4gGSkT
-----END CERTIFICATE-----