Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/JFRvfIJuq2pj9YF_Kd_KZaP2kM8.roa
File:                     JFRvfIJuq2pj9YF_Kd_KZaP2kM8.roa (raw, json)
Hash identifier:          0G+r+Y9XPxL1qaISvq+YkTF3lyztm5Aq8K/Z0EqEeNU=
Subject key identifier:   24:54:6F:7C:82:6E:AB:6A:63:F5:81:7F:29:DF:CA:65:A3:F6:90:CF
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A01C000BF766390CC4E41ABA0D035
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/JFRvfIJuq2pj9YF_Kd_KZaP2kM8.roa
Signing time:             Mon 01 Jan 2024 18:29:48 +0000
ROA not before:           Mon 01 Jan 2024 18:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199457
IP address blocks:        2a12:bec0:220::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:01:c0:00:bf:76:63:90:cc:4e:41:ab:a0:d0:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24546f7c826eab6a63f5817f29dfca65a3f690cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c8:cb:d5:b1:09:62:c3:f5:a5:85:e2:64:da:
                    9f:24:7e:05:a0:5b:ee:41:66:2e:22:6a:95:c7:69:
                    fa:c1:16:90:0d:36:87:7e:e1:fe:20:31:b1:9a:20:
                    76:f4:e7:23:46:a3:55:c1:8c:2c:15:e4:ce:3e:28:
                    5b:84:12:61:a1:a9:d3:39:48:6c:8d:8e:a2:a3:b5:
                    52:42:84:f8:1e:49:8b:d6:a6:e8:d5:c9:99:96:07:
                    f4:4e:b0:6f:c7:2b:17:ec:a4:3d:d4:65:6b:7c:0b:
                    1f:04:b2:f8:a3:d9:fc:6f:40:a9:8b:a4:c0:03:26:
                    09:ed:1c:fd:32:4e:d4:57:e8:ee:ef:20:c2:22:f6:
                    4d:e2:48:4a:60:ec:ed:b4:83:e9:7e:4f:0c:cd:34:
                    03:eb:2c:86:a9:26:d4:5d:af:51:8c:ea:ec:9c:07:
                    33:ac:bc:1a:9e:f9:bb:64:af:bc:ea:2e:9c:06:f3:
                    0c:02:d3:4d:c7:14:b2:28:49:b5:c4:7e:3a:f2:37:
                    ad:11:73:8c:8f:87:b8:31:0e:73:33:4d:74:92:64:
                    e6:7d:0a:58:3f:ba:44:ae:ae:7d:16:b3:7d:0f:2f:
                    bd:e7:80:1b:bc:f6:87:b9:3b:50:ae:11:c5:04:68:
                    84:22:56:4f:8a:81:f6:3c:a6:19:f9:88:b7:8a:4b:
                    6b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:54:6F:7C:82:6E:AB:6A:63:F5:81:7F:29:DF:CA:65:A3:F6:90:CF
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/JFRvfIJuq2pj9YF_Kd_KZaP2kM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:220::/44

    Signature Algorithm: sha256WithRSAEncryption
         27:23:b7:29:73:45:6a:7f:07:fd:26:b2:07:cc:d4:02:58:aa:
         af:13:fb:f1:d6:f7:44:f4:31:fb:dd:f0:0e:62:26:fb:b3:f3:
         98:f6:51:0d:55:48:42:56:b9:31:e7:9d:6e:44:bc:8a:96:b5:
         8f:37:85:14:4d:a6:b4:3a:2a:f8:14:e3:f6:6f:f6:65:9f:63:
         77:fb:5a:78:d2:60:1c:16:77:f2:f8:49:8f:58:bf:5f:1e:2a:
         73:e2:90:11:cf:c8:0f:25:44:c8:22:f6:a8:0a:58:2b:e4:26:
         55:12:26:da:e5:6c:78:8f:4f:7a:9b:b4:dd:9b:d6:12:69:fd:
         3b:c1:c0:6e:f3:ca:0c:f0:e8:82:21:f7:87:65:7e:68:67:59:
         0b:a8:3b:b1:da:94:e3:a4:51:e5:ad:99:9a:41:55:fb:e6:78:
         11:8c:04:8f:ef:8e:e4:16:a7:28:9d:b3:ce:1c:33:99:05:10:
         39:e0:3b:f8:9a:29:51:6e:2b:fc:94:de:32:61:18:98:a9:10:
         48:3e:92:47:8b:d2:a5:f1:cf:56:cd:c8:1f:8d:53:de:3c:8b:
         1b:8e:bc:be:c5:1c:9f:62:3e:e1:77:14:a5:5e:08:01:ca:e6:
         29:98:68:66:2b:74:36:dc:b1:9d:db:fd:45:95:eb:02:2d:d7:
         1f:61:d3:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgHAAL92Y5DMTkGroNA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDU0NmY3YzgyNmVhYjZhNjNmNTgxN2YyOWRmY2E2NWEzZjY5MGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcjL1bEJYsP1pYXiZNqfJH4FoFvu
QWYuImqVx2n6wRaQDTaHfuH+IDGxmiB29OcjRqNVwYwsFeTOPihbhBJhoanTOUhs
jY6io7VSQoT4HkmL1qbo1cmZlgf0TrBvxysX7KQ91GVrfAsfBLL4o9n8b0Cpi6TA
AyYJ7Rz9Mk7UV+ju7yDCIvZN4khKYOzttIPpfk8MzTQD6yyGqSbUXa9RjOrsnAcz
rLwanvm7ZK+86i6cBvMMAtNNxxSyKEm1xH468jetEXOMj4e4MQ5zM010kmTmfQpY
P7pErq59FrN9Dy+954AbvPaHuTtQrhHFBGiEIlZPioH2PKYZ+Yi3iktrjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCRUb3yCbqtqY/WBfynfymWj9pDPMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvSkZSdmZJSnVxMnBqOVlGX0tkX0taYVAya004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAIg
MA0GCSqGSIb3DQEBCwUAA4IBAQAnI7cpc0Vqfwf9JrIHzNQCWKqvE/vx1vdE9DH7
3fAOYib7s/OY9lENVUhCVrkx551uRLyKlrWPN4UUTaa0Oir4FOP2b/Zln2N3+1p4
0mAcFnfy+EmPWL9fHipz4pARz8gPJUTIIvaoClgr5CZVEiba5Wx4j096m7Tdm9YS
af07wcBu88oM8OiCIfeHZX5oZ1kLqDux2pTjpFHlrZmaQVX75ngRjASP747kFqco
nbPOHDOZBRA54Dv4milRbiv8lN4yYRiYqRBIPpJHi9Kl8c9WzcgfjVPePIsbjry+
xRyfYj7hdxSlXggByuYpmGhmK3Q23LGd2/1FlesCLdcfYdOc
-----END CERTIFICATE-----