Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/CfvHNYCjn9VxXcgbXlvhBNOFxfA.roa
File:                     CfvHNYCjn9VxXcgbXlvhBNOFxfA.roa (raw, json)
Hash identifier:          4s710vA4w4fJSIKecfH99Jhhn22QZY5IR34aNT7qLyY=
Subject key identifier:   09:FB:C7:35:80:A3:9F:D5:71:5D:C8:1B:5E:5B:E1:04:D3:85:C5:F0
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018FA0A02BD896363EBB4F296447E9C44281
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/CfvHNYCjn9VxXcgbXlvhBNOFxfA.roa
Signing time:             Wed 22 May 2024 14:06:42 +0000
ROA not before:           Wed 22 May 2024 14:06:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214847
IP address blocks:        2a12:bec4:12a0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a0:a0:2b:d8:96:36:3e:bb:4f:29:64:47:e9:c4:42:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: May 22 14:06:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09fbc73580a39fd5715dc81b5e5be104d385c5f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b9:a4:bb:71:15:c1:ca:ad:02:e1:92:db:3e:
                    fa:48:5e:d2:73:80:c0:77:d8:f4:ac:99:d3:11:d4:
                    d7:52:d9:de:03:a7:6f:95:e5:96:da:f4:7e:c8:1e:
                    85:9e:0c:11:ae:4a:fc:76:03:94:da:16:96:6e:e7:
                    57:c2:09:81:26:37:4b:42:5b:60:03:b8:a0:df:f1:
                    a3:14:ec:a4:6f:52:91:b9:2f:c4:e4:8c:e4:0c:b7:
                    8f:6f:d1:e1:df:72:d3:9a:47:cc:94:77:a3:0d:7d:
                    2a:91:49:44:f3:c8:87:8e:a8:00:b0:0d:e2:ea:61:
                    4f:4b:e5:04:7c:c3:b5:b6:1e:1f:7e:f7:7a:3b:46:
                    88:5b:09:87:02:01:26:3d:d0:5d:b6:79:bc:e3:a8:
                    27:14:fc:ef:2b:f7:8c:20:74:0d:d5:af:7c:6c:3a:
                    ee:52:a3:ed:a7:b1:4a:36:1c:42:59:9c:8c:61:e2:
                    f8:e8:c9:5e:4a:5f:29:88:ef:cc:a8:0d:e4:89:da:
                    de:79:1a:e2:5f:93:d5:d9:35:85:61:2d:cb:98:88:
                    5c:77:9f:48:56:e2:c9:c8:6e:e8:b2:21:c9:45:ce:
                    2f:57:02:e3:e0:bd:40:65:49:e1:c4:a4:13:e5:e5:
                    a0:27:04:8e:e4:72:de:04:1c:e4:5a:d2:28:0a:9b:
                    d0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:FB:C7:35:80:A3:9F:D5:71:5D:C8:1B:5E:5B:E1:04:D3:85:C5:F0
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/CfvHNYCjn9VxXcgbXlvhBNOFxfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:12a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         02:b8:20:10:ae:93:2c:78:52:17:31:5d:01:16:c8:5d:a6:37:
         14:fe:45:9e:eb:3f:23:91:ce:83:8a:1d:c6:99:3e:b0:75:4b:
         b7:6c:34:3c:3d:3e:cf:0e:6f:f3:17:aa:38:f2:e9:21:16:25:
         ce:05:28:53:c6:69:9a:83:25:be:e1:59:be:2d:1b:95:1c:0c:
         c7:6a:6e:cf:ec:70:a1:89:5a:a8:a9:d9:f3:6d:4d:88:47:63:
         77:cd:09:59:97:44:ce:d8:0b:33:90:5e:05:3f:cd:6b:a4:f9:
         cc:95:78:ea:0f:f7:64:06:b1:0e:3c:71:c2:ba:3b:8c:c6:d3:
         ce:99:d7:b6:d7:c0:87:42:65:86:61:a0:e0:cb:bb:24:76:bf:
         9f:4c:ae:82:f3:9d:e0:b8:eb:42:6b:11:39:97:e5:83:13:af:
         75:64:b4:f7:c8:b6:d2:d2:06:87:dc:af:93:99:0a:d2:51:16:
         26:08:88:d2:a7:21:11:e5:91:52:38:86:28:b3:c0:3a:46:7f:
         59:bd:ab:32:40:d6:ea:e8:46:88:83:c1:8a:2d:75:d1:6c:99:
         a4:95:0e:7b:95:f0:2a:45:b9:b7:ee:71:95:08:9d:00:8e:2e:
         db:bf:ee:e3:71:9d:1d:74:7f:a8:79:e5:1a:2c:cd:f8:ca:dc:
         d0:d5:d2:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+goCvYljY+u08pZEfpxEKBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwNTIyMTQwNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWZiYzczNTgwYTM5ZmQ1NzE1ZGM4MWI1ZTViZTEwNGQzODVjNWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbmku3EVwcqtAuGS2z76SF7Sc4DA
d9j0rJnTEdTXUtneA6dvleWW2vR+yB6FngwRrkr8dgOU2haWbudXwgmBJjdLQltg
A7ig3/GjFOykb1KRuS/E5IzkDLePb9Hh33LTmkfMlHejDX0qkUlE88iHjqgAsA3i
6mFPS+UEfMO1th4ffvd6O0aIWwmHAgEmPdBdtnm846gnFPzvK/eMIHQN1a98bDru
UqPtp7FKNhxCWZyMYeL46MleSl8piO/MqA3kidreeRriX5PV2TWFYS3LmIhcd59I
VuLJyG7osiHJRc4vVwLj4L1AZUnhxKQT5eWgJwSO5HLeBBzkWtIoCpvQ0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAn7xzWAo5/VcV3IG15b4QTThcXwMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvQ2Z2SE5ZQ2puOVZ4WGNnYlhsdmhCTk9GeGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBKg
MA0GCSqGSIb3DQEBCwUAA4IBAQACuCAQrpMseFIXMV0BFshdpjcU/kWe6z8jkc6D
ih3GmT6wdUu3bDQ8PT7PDm/zF6o48ukhFiXOBShTxmmagyW+4Vm+LRuVHAzHam7P
7HChiVqoqdnzbU2IR2N3zQlZl0TO2AszkF4FP81rpPnMlXjqD/dkBrEOPHHCujuM
xtPOmde218CHQmWGYaDgy7skdr+fTK6C853guOtCaxE5l+WDE691ZLT3yLbS0gaH
3K+TmQrSURYmCIjSpyER5ZFSOIYos8A6Rn9ZvasyQNbq6EaIg8GKLXXRbJmklQ57
lfAqRbm37nGVCJ0Aji7bv+7jcZ0ddH+oeeUaLM34ytzQ1dIi
-----END CERTIFICATE-----