Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/N4w5gzi6vG_06HN7SjV_d_QYe1c.roa
File:                     N4w5gzi6vG_06HN7SjV_d_QYe1c.roa (raw, json)
Hash identifier:          7UjSgo3LPIF+DRvesyPv6i3P3UJiO8+/iVe0o6EPyUw=
Subject key identifier:   37:8C:39:83:38:BA:BC:6F:F4:E8:73:7B:4A:35:7F:77:F4:18:7B:57
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A038B4DA51B3855105D7C38A9319C
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/N4w5gzi6vG_06HN7SjV_d_QYe1c.roa
Signing time:             Mon 01 Jan 2024 18:29:48 +0000
ROA not before:           Mon 01 Jan 2024 18:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199671
IP address blocks:        2a12:bec0:190::/44 maxlen: 48
                          2a12:bec0:190::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:03:8b:4d:a5:1b:38:55:10:5d:7c:38:a9:31:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=378c398338babc6ff4e8737b4a357f77f4187b57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f4:b7:29:1f:86:05:0d:75:18:3a:87:83:de:
                    1f:d9:3f:94:4b:75:79:61:54:50:b9:e2:8d:e8:c5:
                    84:c5:a6:b8:42:d8:dc:35:62:52:cc:b8:51:89:2e:
                    ca:4e:72:65:3e:11:27:3f:9e:9f:4a:86:b8:4f:3c:
                    90:ad:53:0a:38:f9:5c:a9:6c:76:00:bc:aa:6b:a9:
                    fe:eb:00:b3:7b:4a:6b:ba:d0:59:7e:57:96:6d:99:
                    f9:80:56:c3:39:db:9b:a5:fb:ab:a1:ec:4a:c5:02:
                    38:3d:d8:bb:d7:86:64:d6:4d:66:d4:0a:fc:79:be:
                    38:a3:98:b6:5f:e4:af:7c:41:af:50:e6:3b:19:55:
                    36:90:72:aa:6f:1a:2c:c2:06:ce:d5:ed:33:cf:f3:
                    ee:a4:48:09:e7:d7:54:d4:b4:76:99:4d:eb:2a:51:
                    d5:10:12:f9:2d:5e:3e:97:18:eb:bd:5f:85:d1:a4:
                    bd:63:b3:43:11:3d:c1:a8:95:2d:49:15:2a:b9:f6:
                    7c:8d:b6:b3:d1:87:60:ad:da:8d:9f:e0:53:dc:a7:
                    43:81:1e:44:8a:3b:26:17:c2:db:c5:6b:12:a6:b1:
                    1f:6b:3f:61:11:bc:1f:4e:b1:81:43:5e:b3:85:5f:
                    b0:9c:78:f9:9e:7d:b4:52:50:5c:67:3e:81:b2:2f:
                    81:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:8C:39:83:38:BA:BC:6F:F4:E8:73:7B:4A:35:7F:77:F4:18:7B:57
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/N4w5gzi6vG_06HN7SjV_d_QYe1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:190::/44

    Signature Algorithm: sha256WithRSAEncryption
         31:2f:9e:cf:4a:66:29:dd:e9:ab:fe:e9:c4:e6:cc:a5:84:5d:
         f4:86:55:2f:25:8c:2e:bc:0f:03:48:23:30:5f:6b:c5:69:84:
         4e:08:c2:44:06:4c:71:ee:a6:16:3c:8b:c4:f9:1d:d4:db:3f:
         57:49:2e:49:d3:8d:88:a7:aa:85:a6:3d:d7:23:06:e3:5c:69:
         ab:87:17:25:11:e4:14:c9:59:c2:eb:2c:21:4c:52:05:bb:77:
         a0:00:23:d7:d0:70:a1:86:2a:4d:bb:3c:4f:9c:d3:c0:ea:31:
         86:6f:87:03:fb:62:1b:7f:aa:9c:52:8a:c4:01:0c:5e:ea:b6:
         55:29:b2:4c:99:fe:ef:cd:da:97:35:23:18:bd:0e:53:0e:7f:
         50:89:99:f8:08:91:46:49:80:e9:c3:5c:9f:76:b3:87:b5:0a:
         50:42:ce:5d:8b:1b:11:e8:7d:1b:9f:a4:a8:50:2d:6e:06:4d:
         6a:8c:65:24:2a:19:49:5b:79:ac:a8:57:48:6a:33:1d:03:d6:
         b3:46:71:73:ac:2b:8f:12:46:d2:d8:f6:40:2b:ce:d3:2b:27:
         dc:87:c5:b9:19:93:c8:5e:e5:4a:c6:81:16:e2:e5:5e:a4:43:
         07:3c:94:b9:e2:09:00:6f:7d:5a:cc:4d:b0:89:8d:37:70:ea:
         87:71:a7:c6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgOLTaUbOFUQXXw4qTGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzhjMzk4MzM4YmFiYzZmZjRlODczN2I0YTM1N2Y3N2Y0MTg3YjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfS3KR+GBQ11GDqHg94f2T+US3V5
YVRQueKN6MWExaa4QtjcNWJSzLhRiS7KTnJlPhEnP56fSoa4TzyQrVMKOPlcqWx2
ALyqa6n+6wCze0prutBZfleWbZn5gFbDOdubpfuroexKxQI4Pdi714Zk1k1m1Ar8
eb44o5i2X+SvfEGvUOY7GVU2kHKqbxoswgbO1e0zz/PupEgJ59dU1LR2mU3rKlHV
EBL5LV4+lxjrvV+F0aS9Y7NDET3BqJUtSRUqufZ8jbaz0YdgrdqNn+BT3KdDgR5E
ijsmF8LbxWsSprEfaz9hEbwfTrGBQ16zhV+wnHj5nn20UlBcZz6Bsi+BaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDeMOYM4urxv9Ohze0o1f3f0GHtXMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvTjR3NWd6aTZ2R18wNkhON1NqVl9kX1FZZTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAxL57PSmYp3emr/unE5sylhF30hlUvJYwuvA8D
SCMwX2vFaYROCMJEBkxx7qYWPIvE+R3U2z9XSS5J042Ip6qFpj3XIwbjXGmrhxcl
EeQUyVnC6ywhTFIFu3egACPX0HChhipNuzxPnNPA6jGGb4cD+2Ibf6qcUorEAQxe
6rZVKbJMmf7vzdqXNSMYvQ5TDn9QiZn4CJFGSYDpw1yfdrOHtQpQQs5dixsR6H0b
n6SoUC1uBk1qjGUkKhlJW3msqFdIajMdA9azRnFzrCuPEkbS2PZAK87TKyfch8W5
GZPIXuVKxoEW4uVepEMHPJS54gkAb31azE2wiY03cOqHcafG
-----END CERTIFICATE-----