Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DakeFTGeHtaZ215wY-SvscsyFg4.roa
File:                     DakeFTGeHtaZ215wY-SvscsyFg4.roa (raw, json)
Hash identifier:          Lq28RF5Eg4R/86PGVnDk1e9//2k7jtSeF395IuAEjmw=
Subject key identifier:   0D:A9:1E:15:31:9E:1E:D6:99:DB:5E:70:63:E4:AF:B1:CB:32:16:0E
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018FF0E320AEDE75A43E9E3859DE005926F1
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DakeFTGeHtaZ215wY-SvscsyFg4.roa
Signing time:             Fri 07 Jun 2024 04:09:27 +0000
ROA not before:           Fri 07 Jun 2024 04:09:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215303
IP address blocks:        2a12:bec4:10f1::/48 maxlen: 48
                          2a12:bec4:10f2::/48 maxlen: 48
                          2a12:bec4:10f3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f0:e3:20:ae:de:75:a4:3e:9e:38:59:de:00:59:26:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jun  7 04:09:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0da91e15319e1ed699db5e7063e4afb1cb32160e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7f:c2:63:f5:a8:44:68:5d:cd:22:66:b1:87:
                    d1:b1:48:2b:12:cf:6d:45:2f:b6:2a:d3:a5:30:69:
                    39:26:ed:b8:f1:18:3d:69:fb:1b:c5:87:7d:0e:8b:
                    30:22:3c:04:0a:7a:f8:66:43:5d:ac:c0:52:02:ee:
                    dc:e2:0f:ff:89:30:f8:79:8c:b8:ca:fc:86:be:aa:
                    54:a7:82:8e:21:04:17:28:04:d4:ef:de:0e:6f:1d:
                    38:08:01:3c:b4:ac:fa:ec:bd:61:21:8c:ff:73:45:
                    d1:ed:3e:23:d3:74:c1:53:b0:7a:5b:92:05:5f:e3:
                    b4:7d:86:cb:a8:f3:3d:83:55:9e:9c:d1:52:73:0e:
                    91:ba:63:df:f5:d2:82:f8:33:e7:68:82:8f:6a:ad:
                    a0:37:79:b1:ae:21:ea:8b:ab:cd:14:3c:c2:b7:98:
                    a2:44:81:53:66:91:fa:25:84:93:24:17:f6:74:2c:
                    48:de:be:88:f1:61:11:95:96:f5:8e:0a:5e:7a:12:
                    78:b6:45:79:2f:77:3b:ab:24:db:e2:3d:55:98:fa:
                    16:ee:50:b6:45:a8:ed:90:01:3d:92:c6:3b:f8:c2:
                    e6:ef:bd:86:99:a2:18:2a:76:c1:fa:1d:59:e8:8a:
                    8a:b7:bb:93:e1:65:aa:cd:e4:2c:58:9e:8e:74:6f:
                    1c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:A9:1E:15:31:9E:1E:D6:99:DB:5E:70:63:E4:AF:B1:CB:32:16:0E
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DakeFTGeHtaZ215wY-SvscsyFg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:10f1::-2a12:bec4:10f3:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         35:55:44:90:9a:28:d1:b3:c8:8b:df:10:cb:7f:4a:ab:d4:b2:
         a2:e1:16:ec:a3:55:c7:9a:e8:b1:e3:95:06:0c:ad:a8:5a:48:
         d2:78:48:18:2d:64:2c:14:91:87:c9:57:6f:c7:e6:9d:17:ac:
         07:dd:82:82:c5:6e:b9:ee:66:93:c3:57:6f:51:03:ef:cd:33:
         60:b2:58:8e:f5:cb:99:95:0e:ce:28:4b:30:07:9c:8d:bb:8c:
         74:58:54:04:5d:45:06:a2:9b:0a:a4:62:86:a4:71:ec:e7:d3:
         26:f7:dc:a1:75:af:fb:bc:be:55:e3:e9:dd:e2:f0:25:c8:f2:
         34:1d:24:80:d4:0a:d1:27:e7:b3:8f:dc:31:56:54:77:f4:2c:
         23:55:24:b4:bd:ac:f0:87:bf:78:ad:7e:0f:6c:61:7f:71:c2:
         b7:78:1e:e2:35:c0:54:0d:ca:3a:ad:a2:66:0f:93:8f:b9:f1:
         44:c2:44:c5:fd:b8:69:27:5c:06:68:c4:14:57:5c:6c:1c:96:
         cf:80:7a:d5:7c:d9:d8:ed:a8:2d:98:e1:10:ed:64:a3:c6:d4:
         c2:76:e4:60:09:ee:a0:9b:8e:a9:7d:c7:00:28:e0:46:f1:41:
         87:f8:74:a4:ea:30:05:02:f3:ac:30:39:cd:b4:83:66:c2:c9:
         dd:21:09:52
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY/w4yCu3nWkPp44Wd4AWSbxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwNjA3MDQwOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGE5MWUxNTMxOWUxZWQ2OTlkYjVlNzA2M2U0YWZiMWNiMzIxNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1X/CY/WoRGhdzSJmsYfRsUgrEs9t
RS+2KtOlMGk5Ju248Rg9afsbxYd9DoswIjwECnr4ZkNdrMBSAu7c4g//iTD4eYy4
yvyGvqpUp4KOIQQXKATU794Obx04CAE8tKz67L1hIYz/c0XR7T4j03TBU7B6W5IF
X+O0fYbLqPM9g1WenNFScw6RumPf9dKC+DPnaIKPaq2gN3mxriHqi6vNFDzCt5ii
RIFTZpH6JYSTJBf2dCxI3r6I8WERlZb1jgpeehJ4tkV5L3c7qyTb4j1VmPoW7lC2
RajtkAE9ksY7+MLm772GmaIYKnbB+h1Z6IqKt7uT4WWqzeQsWJ6OdG8cnwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFA2pHhUxnh7WmdtecGPkr7HLMhYOMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRGFrZUZUR2VIdGFaMjE1d1ktU3ZzY3N5Rmc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqEr7E
EPEDBwIqEr7EEPAwDQYJKoZIhvcNAQELBQADggEBADVVRJCaKNGzyIvfEMt/SqvU
sqLhFuyjVcea6LHjlQYMrahaSNJ4SBgtZCwUkYfJV2/H5p0XrAfdgoLFbrnuZpPD
V29RA+/NM2CyWI71y5mVDs4oSzAHnI27jHRYVARdRQaimwqkYoakcezn0yb33KF1
r/u8vlXj6d3i8CXI8jQdJIDUCtEn57OP3DFWVHf0LCNVJLS9rPCHv3itfg9sYX9x
wrd4HuI1wFQNyjqtomYPk4+58UTCRMX9uGknXAZoxBRXXGwcls+AetV82djtqC2Y
4RDtZKPG1MJ25GAJ7qCbjql9xwAo4EbxQYf4dKTqMAUC86wwOc20g2bCyd0hCVI=
-----END CERTIFICATE-----