Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/9n9FeHGLVjXGtxbbr2vnXEKTKaE.roa
File:                     9n9FeHGLVjXGtxbbr2vnXEKTKaE.roa (raw, json)
Hash identifier:          QB4gx+vr3RpP6Wz56Y1YUkClTJayk0Xl9I23alE9SUw=
Subject key identifier:   F6:7F:45:78:71:8B:56:35:C6:B7:16:DB:AF:6B:E7:5C:42:93:29:A1
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019052BFB8B425E2F753795E1DE0F9F4FF9A
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/9n9FeHGLVjXGtxbbr2vnXEKTKaE.roa
Signing time:             Wed 26 Jun 2024 04:13:34 +0000
ROA not before:           Wed 26 Jun 2024 04:13:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215052
IP address blocks:        2a12:bec4:11d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:52:bf:b8:b4:25:e2:f7:53:79:5e:1d:e0:f9:f4:ff:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jun 26 04:13:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f67f4578718b5635c6b716dbaf6be75c429329a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1f:c8:5b:16:4f:50:07:c1:db:9b:8a:4d:1f:
                    ee:81:fa:33:aa:05:91:a0:ac:40:d7:1a:fb:20:5a:
                    20:4a:47:84:ee:83:5f:17:30:bd:13:b0:0e:a4:38:
                    b6:21:90:4a:cd:b4:0e:9d:74:77:dd:14:db:d8:6a:
                    bd:f9:a6:28:05:a5:e6:1e:27:13:c4:d1:bc:b1:0e:
                    95:12:88:f7:89:34:c2:46:8f:ac:3c:1d:2f:38:70:
                    2b:11:b0:94:7f:1d:82:b4:2b:04:a7:c6:4f:f8:14:
                    73:6c:14:36:57:a1:ac:d9:e5:a9:f4:ea:91:e2:97:
                    a5:4f:b8:9a:e5:34:78:64:7c:21:cf:f6:70:9b:b8:
                    3a:df:5d:22:30:d5:12:36:dd:49:9a:71:dc:2b:17:
                    e2:bb:fb:90:60:eb:b8:c1:40:77:d6:e8:76:8a:05:
                    5e:c1:d6:9d:e1:7a:96:99:da:f6:bc:82:30:aa:c0:
                    14:a6:b2:23:f9:7d:1b:e6:62:e8:fc:a7:b9:65:a7:
                    f4:89:e1:88:6e:41:8f:36:17:75:c5:3c:80:cd:53:
                    4a:86:90:57:80:a8:0e:75:be:68:b1:37:cb:5e:95:
                    a4:35:75:a4:9c:ec:a5:cb:50:4d:c6:12:69:36:57:
                    9c:ae:62:d9:2a:27:ae:8d:c5:6d:d0:0c:1d:7b:42:
                    c6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:7F:45:78:71:8B:56:35:C6:B7:16:DB:AF:6B:E7:5C:42:93:29:A1
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/9n9FeHGLVjXGtxbbr2vnXEKTKaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:11d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         97:d6:05:a4:2d:97:24:7c:85:09:e1:bc:a9:10:13:a9:ec:65:
         9f:80:10:8b:04:93:2f:22:27:71:cd:55:a6:d5:4f:ba:12:2c:
         0e:f6:af:b4:b5:99:8b:e0:86:e1:06:78:73:a5:43:1c:45:40:
         2b:78:aa:f8:c2:9c:74:6e:25:27:25:70:e6:6b:59:1b:14:9f:
         0d:85:b0:af:4b:18:f3:39:03:6f:43:39:d0:b7:6d:6d:d2:19:
         30:9e:ce:ad:53:7e:2b:39:7f:6b:6d:4f:83:27:d4:39:1f:9a:
         ba:11:d8:4e:df:56:e1:f6:9a:61:1f:89:ba:e2:3c:2d:07:4d:
         79:4f:d8:c4:b4:e4:fe:60:ec:54:ad:1c:66:c6:44:91:34:ca:
         dd:ff:d5:76:6a:e2:0c:51:d4:a4:6c:a4:cf:e7:1c:a5:40:2d:
         a9:d9:76:19:58:05:e8:6e:44:41:d4:e6:d2:0f:29:dc:a6:30:
         8b:34:70:aa:79:c7:33:01:3f:84:d8:3e:68:4c:41:cc:0c:1b:
         ef:a0:a4:65:36:a9:df:36:ee:7e:76:b4:77:00:c9:9e:04:69:
         d4:12:cc:e3:c3:4a:fa:38:f2:f7:a2:fa:c0:49:ed:bd:c3:b1:
         a7:17:5c:93:6f:ff:a5:92:22:ba:2e:89:81:d7:ec:26:d9:0c:
         78:d8:15:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBSv7i0JeL3U3leHeD59P+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwNjI2MDQxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjdmNDU3ODcxOGI1NjM1YzZiNzE2ZGJhZjZiZTc1YzQyOTMyOWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR/IWxZPUAfB25uKTR/ugfozqgWR
oKxA1xr7IFogSkeE7oNfFzC9E7AOpDi2IZBKzbQOnXR33RTb2Gq9+aYoBaXmHicT
xNG8sQ6VEoj3iTTCRo+sPB0vOHArEbCUfx2CtCsEp8ZP+BRzbBQ2V6Gs2eWp9OqR
4pelT7ia5TR4ZHwhz/Zwm7g6310iMNUSNt1JmnHcKxfiu/uQYOu4wUB31uh2igVe
wdad4XqWmdr2vIIwqsAUprIj+X0b5mLo/Ke5Zaf0ieGIbkGPNhd1xTyAzVNKhpBX
gKgOdb5osTfLXpWkNXWknOyly1BNxhJpNlecrmLZKieujcVt0Awde0LGnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPZ/RXhxi1Y1xrcW269r51xCkymhMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvOW45RmVIR0xWalhHdHhiYnIydm5YRUtUS2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCX1gWkLZckfIUJ4bypEBOp7GWfgBCLBJMvIidx
zVWm1U+6EiwO9q+0tZmL4IbhBnhzpUMcRUAreKr4wpx0biUnJXDma1kbFJ8NhbCv
SxjzOQNvQznQt21t0hkwns6tU34rOX9rbU+DJ9Q5H5q6EdhO31bh9pphH4m64jwt
B015T9jEtOT+YOxUrRxmxkSRNMrd/9V2auIMUdSkbKTP5xylQC2p2XYZWAXobkRB
1ObSDyncpjCLNHCqecczAT+E2D5oTEHMDBvvoKRlNqnfNu5+drR3AMmeBGnUEszj
w0r6OPL3ovrASe29w7GnF1yTb/+lkiK6LomB1+wm2Qx42BU+
-----END CERTIFICATE-----