Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/OX26DKXRr3wtW_jdI5b8Iy0CgUo.roa
File:                     OX26DKXRr3wtW_jdI5b8Iy0CgUo.roa (raw, json)
Hash identifier:          mEu9FhpDV4caXrEBiMYkvK4nTdkXF5HSFeOJw9bWViE=
Subject key identifier:   39:7D:BA:0C:A5:D1:AF:7C:2D:5B:F8:DD:23:96:FC:23:2D:02:81:4A
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC649FC50F398903582D2E53C01C552E2
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/OX26DKXRr3wtW_jdI5b8Iy0CgUo.roa
Signing time:             Mon 01 Jan 2024 18:29:46 +0000
ROA not before:           Mon 01 Jan 2024 18:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52181
IP address blocks:        2a12:bec0:300::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:fc:50:f3:98:90:35:82:d2:e5:3c:01:c5:52:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=397dba0ca5d1af7c2d5bf8dd2396fc232d02814a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8e:e3:f3:7e:8c:df:80:db:83:b2:3c:e1:22:
                    a5:14:3d:2d:55:e5:b8:e7:aa:c3:f1:5f:99:0b:0d:
                    7e:9c:c0:b3:ac:8d:4f:22:1a:a7:01:b6:f8:5f:52:
                    19:f9:94:88:8d:4d:4f:c2:06:8c:46:30:c1:3a:d5:
                    41:af:c8:cd:f4:9d:ad:e0:9f:ad:33:f5:a8:de:5a:
                    19:4e:e0:cc:75:6e:4e:e2:a2:62:ab:3f:a3:13:ec:
                    cc:70:62:4f:87:7b:59:86:4f:5b:4c:23:7c:7f:3b:
                    2a:ae:bf:d1:0c:a9:80:b9:2d:16:6a:69:1a:7b:45:
                    6e:f1:c0:d2:00:25:69:01:c0:44:5d:4b:b7:96:62:
                    0a:f3:dc:94:c2:6b:7d:e7:7e:c3:e6:18:77:04:ef:
                    04:19:b2:53:1f:ca:82:ca:d4:ac:ac:57:b1:92:6f:
                    b5:2f:68:53:a5:3f:77:d7:16:c5:4c:7c:b5:a1:de:
                    19:56:86:17:6a:41:7e:70:d9:30:27:97:a6:0a:f5:
                    6a:cd:d2:d2:25:5b:87:ef:d1:13:f7:ab:d4:6b:67:
                    de:8b:11:65:6d:02:5d:7c:b3:95:71:3a:7b:01:0a:
                    f0:d3:0b:ea:91:39:9f:3c:be:58:92:a6:2a:d1:86:
                    9c:75:c3:fc:d7:4b:c7:e3:4e:b7:a6:2f:87:50:03:
                    82:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:7D:BA:0C:A5:D1:AF:7C:2D:5B:F8:DD:23:96:FC:23:2D:02:81:4A
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/OX26DKXRr3wtW_jdI5b8Iy0CgUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:300::/44

    Signature Algorithm: sha256WithRSAEncryption
         8c:f6:9b:18:43:86:5c:88:90:ec:a8:f2:39:5a:aa:e1:fc:03:
         52:7c:5e:56:0b:f2:0f:3f:e5:65:8d:c0:6c:39:24:26:13:e5:
         39:8d:be:27:82:ca:e4:43:44:a7:8d:6d:47:97:e5:49:94:de:
         26:50:2c:4b:c0:38:bc:3d:bb:92:03:4d:85:3c:c0:f0:b3:f5:
         72:5f:5a:d3:ab:72:40:2b:23:86:18:3d:07:b7:5b:ae:bc:ea:
         3c:3c:a1:b7:40:ce:45:50:27:05:9e:3c:3e:c0:a4:b0:68:89:
         e9:70:cc:ec:6d:48:40:79:3e:d5:c2:9b:cd:49:c0:4c:ee:8f:
         8b:7e:20:a6:e9:a7:cf:12:8d:30:88:a7:20:b3:06:f1:ed:93:
         a2:a8:1b:cb:2f:dc:ca:ba:2d:4c:bb:a6:3a:43:ef:b1:9a:53:
         49:50:dc:b6:b3:ef:04:ea:df:65:73:4e:bb:a3:33:70:28:ec:
         6f:44:63:06:a6:22:65:15:5f:71:fb:1c:0f:c9:c1:97:94:db:
         dd:0b:cc:73:ec:d8:36:77:66:48:ec:82:75:2d:d5:39:f4:03:
         37:84:17:4e:9c:a9:90:98:f7:24:d6:8c:fd:4b:90:a2:c9:bc:
         20:18:5c:29:d0:00:26:40:54:89:99:9b:b2:80:a7:4b:71:3f:
         c0:5a:88:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSfxQ85iQNYLS5TwBxVLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTdkYmEwY2E1ZDFhZjdjMmQ1YmY4ZGQyMzk2ZmMyMzJkMDI4MTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn47j836M34Dbg7I84SKlFD0tVeW4
56rD8V+ZCw1+nMCzrI1PIhqnAbb4X1IZ+ZSIjU1PwgaMRjDBOtVBr8jN9J2t4J+t
M/Wo3loZTuDMdW5O4qJiqz+jE+zMcGJPh3tZhk9bTCN8fzsqrr/RDKmAuS0Wamka
e0Vu8cDSACVpAcBEXUu3lmIK89yUwmt9537D5hh3BO8EGbJTH8qCytSsrFexkm+1
L2hTpT931xbFTHy1od4ZVoYXakF+cNkwJ5emCvVqzdLSJVuH79ET96vUa2feixFl
bQJdfLOVcTp7AQrw0wvqkTmfPL5YkqYq0YacdcP810vH4063pi+HUAOCxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDl9ugyl0a98LVv43SOW/CMtAoFKMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvT1gyNkRLWFJyM3d0V19qZEk1YjhJeTBDZ1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAMA
MA0GCSqGSIb3DQEBCwUAA4IBAQCM9psYQ4ZciJDsqPI5Wqrh/ANSfF5WC/IPP+Vl
jcBsOSQmE+U5jb4ngsrkQ0SnjW1Hl+VJlN4mUCxLwDi8PbuSA02FPMDws/VyX1rT
q3JAKyOGGD0Ht1uuvOo8PKG3QM5FUCcFnjw+wKSwaInpcMzsbUhAeT7VwpvNScBM
7o+LfiCm6afPEo0wiKcgswbx7ZOiqBvLL9zKui1Mu6Y6Q++xmlNJUNy2s+8E6t9l
c067ozNwKOxvRGMGpiJlFV9x+xwPycGXlNvdC8xz7Ng2d2ZI7IJ1LdU59AM3hBdO
nKmQmPck1oz9S5CiybwgGFwp0AAmQFSJmZuygKdLcT/AWohP
-----END CERTIFICATE-----