Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/PMoUs85LH_LkfMxxm3YcrAXC75E.roa
File:                     PMoUs85LH_LkfMxxm3YcrAXC75E.roa (raw, json)
Hash identifier:          5l0okh/0iLlIcVimO8dTTU/sPkd4oJNnxfYn/CobrL4=
Subject key identifier:   3C:CA:14:B3:CE:4B:1F:F2:E4:7C:CC:71:9B:76:1C:AC:05:C2:EF:91
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A06D266F749605F585067014594D1
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/PMoUs85LH_LkfMxxm3YcrAXC75E.roa
Signing time:             Mon 01 Jan 2024 18:29:49 +0000
ROA not before:           Mon 01 Jan 2024 18:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202585
IP address blocks:        2a12:bec0:5e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:06:d2:66:f7:49:60:5f:58:50:67:01:45:94:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cca14b3ce4b1ff2e47ccc719b761cac05c2ef91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:21:9b:2d:62:05:ce:53:f7:bc:cc:2c:2f:03:
                    c0:e2:2e:45:69:c4:04:40:8b:67:0c:a5:36:92:69:
                    21:d4:bc:bc:94:b1:c4:36:3b:7e:bf:bf:7c:eb:76:
                    56:fd:1a:a6:86:0e:46:56:fa:56:80:59:a5:b8:da:
                    39:e9:2a:6f:ff:1d:28:39:b8:39:a3:83:99:6f:c1:
                    78:cc:62:22:67:f5:ee:60:a3:cc:a2:03:35:6c:32:
                    37:85:35:35:0d:d0:7a:7c:1d:cd:7d:d1:5a:4a:f6:
                    a0:96:9f:02:88:0d:87:d6:00:08:93:c8:90:1c:b6:
                    f6:c5:9b:07:77:4c:f5:04:59:6a:6c:b7:52:36:a4:
                    ec:9f:ef:a3:6b:52:fd:ec:99:94:c9:c5:f7:49:6b:
                    cc:0b:b6:31:14:59:17:3b:53:ca:d1:ec:6d:12:4e:
                    ad:66:8b:b5:ae:7d:ad:7b:fa:81:4f:21:e2:33:a0:
                    33:2b:5d:bc:ac:44:45:00:a0:87:8b:68:f6:fe:e7:
                    64:bf:6b:df:5b:5a:4f:a5:cf:0c:be:dc:95:aa:95:
                    40:20:13:b2:8e:ce:15:08:93:67:ad:8a:08:97:87:
                    16:ba:92:23:24:72:e7:ee:d0:7b:4a:53:e2:e7:1a:
                    61:be:61:c1:3f:95:a0:ca:5c:3b:7f:df:4b:e4:97:
                    11:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:CA:14:B3:CE:4B:1F:F2:E4:7C:CC:71:9B:76:1C:AC:05:C2:EF:91
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/PMoUs85LH_LkfMxxm3YcrAXC75E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:5e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4e:d8:fa:14:11:ec:81:7d:42:7d:18:44:f4:da:4a:2a:7f:4c:
         40:9c:be:bb:6b:82:ff:b0:bf:bf:be:41:37:58:bf:29:a9:b5:
         bb:ed:e7:86:61:e2:29:43:0f:ff:72:33:c0:36:42:5b:e2:0b:
         78:2f:9a:d1:39:a3:e0:54:4a:2d:9c:ae:68:74:d7:91:71:1a:
         b5:88:95:81:7e:24:2a:86:1c:4b:6c:23:43:d7:4f:01:da:55:
         21:78:09:55:70:c0:90:31:71:49:21:2a:35:d8:62:6a:3c:6b:
         0b:f6:69:af:54:04:c6:38:ba:27:1e:3a:14:2c:fd:cf:e9:d1:
         bd:be:9e:66:2c:4f:6b:bf:87:a0:9b:0b:08:85:66:ba:6f:1d:
         4b:9a:45:58:9e:28:2b:fc:7a:56:7a:ba:d1:1f:a4:2b:2e:59:
         59:55:c5:7c:79:f5:c2:d4:52:c0:ee:c6:2a:3a:da:5c:26:98:
         61:6b:51:37:68:0d:8f:1e:8e:d8:f0:b4:b3:22:5d:14:37:09:
         de:65:69:5a:4d:de:8c:7f:f8:61:44:9f:63:b0:43:39:a8:d3:
         43:31:6b:b7:69:73:5e:08:93:1c:08:66:71:90:4f:a8:84:71:
         1c:9c:4b:f2:18:8f:80:25:c0:9a:30:8b:64:90:97:18:4b:2d:
         f2:f6:a6:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgbSZvdJYF9YUGcBRZTRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2NhMTRiM2NlNGIxZmYyZTQ3Y2NjNzE5Yjc2MWNhYzA1YzJlZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryGbLWIFzlP3vMwsLwPA4i5FacQE
QItnDKU2kmkh1Ly8lLHENjt+v79863ZW/Rqmhg5GVvpWgFmluNo56Spv/x0oObg5
o4OZb8F4zGIiZ/XuYKPMogM1bDI3hTU1DdB6fB3NfdFaSvaglp8CiA2H1gAIk8iQ
HLb2xZsHd0z1BFlqbLdSNqTsn++ja1L97JmUycX3SWvMC7YxFFkXO1PK0extEk6t
Zou1rn2te/qBTyHiM6AzK128rERFAKCHi2j2/udkv2vfW1pPpc8MvtyVqpVAIBOy
js4VCJNnrYoIl4cWupIjJHLn7tB7SlPi5xphvmHBP5Wgylw7f99L5JcRFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDzKFLPOSx/y5HzMcZt2HKwFwu+RMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvUE1vVXM4NUxIX0xrZk14eG0zWWNyQVhDNzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAXg
MA0GCSqGSIb3DQEBCwUAA4IBAQBO2PoUEeyBfUJ9GET02koqf0xAnL67a4L/sL+/
vkE3WL8pqbW77eeGYeIpQw//cjPANkJb4gt4L5rROaPgVEotnK5odNeRcRq1iJWB
fiQqhhxLbCND108B2lUheAlVcMCQMXFJISo12GJqPGsL9mmvVATGOLonHjoULP3P
6dG9vp5mLE9rv4egmwsIhWa6bx1LmkVYnigr/HpWerrRH6QrLllZVcV8efXC1FLA
7sYqOtpcJphha1E3aA2PHo7Y8LSzIl0UNwneZWlaTd6Mf/hhRJ9jsEM5qNNDMWu3
aXNeCJMcCGZxkE+ohHEcnEvyGI+AJcCaMItkkJcYSy3y9qaw
-----END CERTIFICATE-----