Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LrFbgQXo3eWghMrBguhgC3GM9rg.roa
File:                     LrFbgQXo3eWghMrBguhgC3GM9rg.roa (raw, json)
Hash identifier:          tbs4LiGCaOIG6KyMBiwWbAT5a9xiCNX4h2kSfwGbFfk=
Subject key identifier:   2E:B1:5B:81:05:E8:DD:E5:A0:84:CA:C1:82:E8:60:0B:71:8C:F6:B8
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC649F97F367C2363805A968520D68FC2
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LrFbgQXo3eWghMrBguhgC3GM9rg.roa
Signing time:             Mon 01 Jan 2024 18:29:45 +0000
ROA not before:           Mon 01 Jan 2024 18:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        2a12:bec0:5df::/48 maxlen: 48
                          2a12:bec0:230::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:f9:7f:36:7c:23:63:80:5a:96:85:20:d6:8f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eb15b8105e8dde5a084cac182e8600b718cf6b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:02:aa:5e:e4:9a:4c:ba:11:77:e7:b9:19:f7:
                    8a:93:0a:e0:ac:85:7a:89:a8:b8:87:88:2a:2d:41:
                    ad:e1:13:e0:30:63:1d:33:a9:a5:66:f5:8b:ef:98:
                    f0:72:a7:9e:e3:31:6f:8b:70:ee:08:56:a1:3b:be:
                    2b:61:41:fd:47:34:46:dd:dd:54:8f:7b:30:18:ef:
                    ee:f7:e9:2e:d4:22:d2:32:61:0d:78:25:b5:f0:68:
                    5f:b1:78:4a:56:c6:52:da:b1:d7:25:02:48:dc:2b:
                    6e:7f:dc:b6:e9:74:97:45:76:b3:b1:f5:0a:8f:dd:
                    44:a2:2c:64:8e:5b:f8:bb:4a:d8:8d:a0:d0:98:cd:
                    bc:bd:0e:9b:9d:4d:5e:60:be:0f:8a:7a:1d:6e:b7:
                    c8:fc:c5:d4:42:8d:fc:9a:3f:a6:a7:af:18:ce:04:
                    2e:1c:99:ba:a0:58:cc:e3:05:8b:88:68:1a:98:3d:
                    d5:0a:8f:bd:0c:f9:80:79:96:70:eb:c2:21:47:12:
                    c9:84:3f:75:39:67:38:c2:8a:92:50:18:e1:c8:5f:
                    f9:03:4e:d8:17:81:d2:fc:fa:90:6e:6b:bf:d1:2c:
                    1b:b8:09:f2:68:8c:e5:f0:7f:85:96:f9:6b:72:3a:
                    47:16:b7:47:bb:eb:b7:d5:bb:73:d7:82:91:7c:40:
                    85:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B1:5B:81:05:E8:DD:E5:A0:84:CA:C1:82:E8:60:0B:71:8C:F6:B8
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LrFbgQXo3eWghMrBguhgC3GM9rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:230::/44
                  2a12:bec0:5df::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:3b:28:a9:61:f7:29:a5:16:da:71:5c:85:f0:ba:99:54:5f:
         d7:58:30:24:70:f4:41:23:0f:d9:61:6c:84:a5:35:ec:dc:93:
         c3:ba:ce:ca:bb:5a:6a:8c:85:0f:33:e0:6c:72:fa:a5:7d:02:
         b2:12:43:e6:67:62:f5:18:8b:24:ef:2e:1f:53:9f:71:78:02:
         7f:46:71:9d:86:a7:ba:32:aa:78:d8:da:99:b9:3e:ea:b9:a7:
         ff:58:64:5b:a1:d8:cc:4f:f0:79:6f:9c:48:a7:83:0c:fb:b5:
         c9:d5:a0:43:4d:fc:87:eb:60:91:7c:35:2e:5d:39:4f:f1:8f:
         ea:26:33:28:71:e3:3f:95:30:63:77:93:b3:36:a8:ee:79:96:
         12:e0:ad:2d:03:b8:51:ca:0d:df:b6:65:bc:ac:fd:c0:c9:90:
         e8:3b:1b:8d:e2:01:b2:d0:45:4d:96:dc:f1:a4:01:1e:9e:a9:
         97:83:f8:62:f6:33:ce:6e:f2:80:13:df:10:9e:6f:43:37:5e:
         c5:b9:41:28:ba:4a:3b:ba:25:99:7c:92:a6:c3:93:ea:98:6b:
         57:04:8d:66:53:5b:38:4b:d8:e2:2a:fd:6a:d0:f0:a2:27:47:
         ef:44:71:be:f4:d4:ae:69:3c:9d:00:b4:56:19:73:25:bc:da:
         df:1a:60:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGSfl/NnwjY4BaloUg1o/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWIxNWI4MTA1ZThkZGU1YTA4NGNhYzE4MmU4NjAwYjcxOGNmNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgKqXuSaTLoRd+e5GfeKkwrgrIV6
iai4h4gqLUGt4RPgMGMdM6mlZvWL75jwcqee4zFvi3DuCFahO74rYUH9RzRG3d1U
j3swGO/u9+ku1CLSMmENeCW18GhfsXhKVsZS2rHXJQJI3Ctuf9y26XSXRXazsfUK
j91Eoixkjlv4u0rYjaDQmM28vQ6bnU1eYL4PinodbrfI/MXUQo38mj+mp68YzgQu
HJm6oFjM4wWLiGgamD3VCo+9DPmAeZZw68IhRxLJhD91OWc4woqSUBjhyF/5A07Y
F4HS/PqQbmu/0SwbuAnyaIzl8H+FlvlrcjpHFrdHu+u31btz14KRfECF4wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC6xW4EF6N3loITKwYLoYAtxjPa4MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvTHJGYmdRWG8zZVdnaE1yQmd1aGdDM0dNOXJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+wAIw
AwcAKhK+wAXfMA0GCSqGSIb3DQEBCwUAA4IBAQA5OyipYfcppRbacVyF8LqZVF/X
WDAkcPRBIw/ZYWyEpTXs3JPDus7Ku1pqjIUPM+BscvqlfQKyEkPmZ2L1GIsk7y4f
U59xeAJ/RnGdhqe6Mqp42NqZuT7quaf/WGRbodjMT/B5b5xIp4MM+7XJ1aBDTfyH
62CRfDUuXTlP8Y/qJjMoceM/lTBjd5OzNqjueZYS4K0tA7hRyg3ftmW8rP3AyZDo
OxuN4gGy0EVNltzxpAEenqmXg/hi9jPObvKAE98Qnm9DN17FuUEouko7uiWZfJKm
w5PqmGtXBI1mU1s4S9jiKv1q0PCiJ0fvRHG+9NSuaTydALRWGXMlvNrfGmC8
-----END CERTIFICATE-----