Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/J_p1S4vWnoxdCiz_ZS5A6OWkUDY.roa
File:                     J_p1S4vWnoxdCiz_ZS5A6OWkUDY.roa (raw, json)
Hash identifier:          iHjLTsHcX/FYFp6RMZx1XwoF92MS91b22UkbflXOZ3Y=
Subject key identifier:   27:FA:75:4B:8B:D6:9E:8C:5D:0A:2C:FF:65:2E:40:E8:E5:A4:50:36
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018F000D64E659878BEB8509B43AC6E482E0
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/J_p1S4vWnoxdCiz_ZS5A6OWkUDY.roa
Signing time:             Sun 21 Apr 2024 09:47:08 +0000
ROA not before:           Sun 21 Apr 2024 09:47:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199654
IP address blocks:        2a12:bec0:200::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:00:0d:64:e6:59:87:8b:eb:85:09:b4:3a:c6:e4:82:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Apr 21 09:47:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27fa754b8bd69e8c5d0a2cff652e40e8e5a45036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:57:03:38:6f:1b:c9:16:bc:3f:9c:12:31:be:
                    b3:cf:88:42:47:a2:f9:99:b9:ff:37:80:5c:19:73:
                    23:4f:8c:81:2e:d1:5a:7d:eb:2c:a2:f1:bb:2e:b7:
                    9f:fc:ab:0a:b9:81:8a:8a:80:84:29:76:71:81:91:
                    78:02:3d:ab:36:e3:83:84:3d:10:9a:c2:72:55:f6:
                    2e:1b:e5:21:f3:ff:c8:eb:81:67:d1:d3:71:a7:27:
                    bc:5d:89:6e:35:52:69:4a:0e:58:53:8a:26:48:5e:
                    96:0e:ab:65:57:71:71:83:cf:ba:18:4d:03:5e:5a:
                    e9:27:ec:69:8d:74:cb:5f:49:ac:b2:33:f5:5c:7d:
                    a5:bf:e3:b0:8a:c1:dd:de:83:9b:01:c9:3b:19:f6:
                    fc:12:84:2a:e7:7b:bc:06:3b:5c:51:21:68:16:57:
                    d3:b1:dd:38:e5:e5:ff:aa:e5:69:67:9d:fd:f0:d6:
                    a3:27:07:74:b8:92:70:93:08:9a:a3:f4:ea:a8:a8:
                    3e:ab:13:ed:05:3a:4d:0e:97:ec:c4:28:a9:f6:8e:
                    7e:d4:27:cf:3d:0d:af:51:13:fb:4b:77:84:09:1f:
                    8a:e8:a2:5a:51:69:cd:54:94:9b:30:54:f0:c9:da:
                    df:69:14:c3:20:e3:9e:a6:e1:fd:26:ba:90:cd:0f:
                    3f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:FA:75:4B:8B:D6:9E:8C:5D:0A:2C:FF:65:2E:40:E8:E5:A4:50:36
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/J_p1S4vWnoxdCiz_ZS5A6OWkUDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         16:dc:ea:62:7b:e5:18:07:35:97:0d:ae:80:0c:8f:fa:d5:1d:
         a4:13:a4:3e:b3:50:e6:3e:f1:92:5e:1c:28:d2:0a:37:fb:7e:
         da:97:1a:5e:61:1c:b2:63:fe:04:c9:11:e4:be:8e:94:59:4a:
         e9:dd:64:9c:18:66:8f:3e:ff:3c:3e:f8:75:2e:73:89:6b:63:
         02:29:e7:a2:77:d7:31:98:b9:4c:83:b5:4d:ab:05:67:1e:18:
         9e:a2:ec:d5:c1:8f:c1:c7:b4:04:83:5f:33:36:66:2b:1d:47:
         52:03:0b:8f:4e:13:1e:ff:28:02:14:67:18:73:1d:0d:be:29:
         af:34:9a:9e:08:10:42:f7:49:32:1a:fd:2d:c2:4e:ca:df:4a:
         90:04:71:e4:e9:f0:57:ea:d8:3f:51:55:4d:6d:1e:6e:e6:2e:
         85:66:a5:47:11:bf:14:b7:42:f0:e1:c9:31:f0:21:86:95:92:
         38:c6:b4:c7:1d:48:45:59:b9:23:a7:02:8b:15:1d:6a:24:98:
         f9:4f:c8:ac:4e:30:4f:72:e2:26:d4:09:91:74:03:d8:49:c0:
         df:d6:59:ea:87:98:44:40:68:f9:32:35:63:8e:b3:82:c4:ed:
         47:fd:33:cb:23:cf:59:b3:5a:e3:8c:7c:7a:ed:b9:f0:e7:b0:
         ca:b7:45:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8ADWTmWYeL64UJtDrG5ILgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwNDIxMDk0NzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2ZhNzU0YjhiZDY5ZThjNWQwYTJjZmY2NTJlNDBlOGU1YTQ1MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVcDOG8byRa8P5wSMb6zz4hCR6L5
mbn/N4BcGXMjT4yBLtFafessovG7Lref/KsKuYGKioCEKXZxgZF4Aj2rNuODhD0Q
msJyVfYuG+Uh8//I64Fn0dNxpye8XYluNVJpSg5YU4omSF6WDqtlV3Fxg8+6GE0D
XlrpJ+xpjXTLX0mssjP1XH2lv+OwisHd3oObAck7Gfb8EoQq53u8BjtcUSFoFlfT
sd045eX/quVpZ5398NajJwd0uJJwkwiao/TqqKg+qxPtBTpNDpfsxCip9o5+1CfP
PQ2vURP7S3eECR+K6KJaUWnNVJSbMFTwydrfaRTDIOOepuH9JrqQzQ8/awIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCf6dUuL1p6MXQos/2UuQOjlpFA2MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvSl9wMVM0dldub3hkQ2l6X1pTNUE2T1drVURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAIA
MA0GCSqGSIb3DQEBCwUAA4IBAQAW3Opie+UYBzWXDa6ADI/61R2kE6Q+s1DmPvGS
Xhwo0go3+37alxpeYRyyY/4EyRHkvo6UWUrp3WScGGaPPv88Pvh1LnOJa2MCKeei
d9cxmLlMg7VNqwVnHhieouzVwY/Bx7QEg18zNmYrHUdSAwuPThMe/ygCFGcYcx0N
vimvNJqeCBBC90kyGv0twk7K30qQBHHk6fBX6tg/UVVNbR5u5i6FZqVHEb8Ut0Lw
4ckx8CGGlZI4xrTHHUhFWbkjpwKLFR1qJJj5T8isTjBPcuIm1AmRdAPYScDf1lnq
h5hEQGj5MjVjjrOCxO1H/TPLI89Zs1rjjHx67bnw57DKt0U1
-----END CERTIFICATE-----