Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/PZ_-luWucPUNUyw5GFteneYuqGs.roa
File:                     PZ_-luWucPUNUyw5GFteneYuqGs.roa (raw, json)
Hash identifier:          jzsxdbBBrSvjzqG6NM1AhlJ833gAkvWYgLGeSehqXlI=
Subject key identifier:   3D:9F:FE:96:E5:AE:70:F5:0D:53:2C:39:18:5B:5E:9D:E6:2E:A8:6B
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A00E20EACD3F97EFF5B804039EA40
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/PZ_-luWucPUNUyw5GFteneYuqGs.roa
Signing time:             Mon 01 Jan 2024 18:29:47 +0000
ROA not before:           Mon 01 Jan 2024 18:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199406
IP address blocks:        2a12:bec0:1a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:00:e2:0e:ac:d3:f9:7e:ff:5b:80:40:39:ea:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d9ffe96e5ae70f50d532c39185b5e9de62ea86b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:32:54:ec:b9:4a:02:36:18:67:22:1b:4b:d0:
                    c5:ab:40:5c:a6:04:09:01:90:04:5f:2a:d5:dc:64:
                    14:c0:84:3e:5a:1d:90:52:0a:4d:1b:99:f5:99:7a:
                    bf:68:c8:ac:b8:ab:33:44:ae:e8:6a:f2:6a:fa:51:
                    de:90:3b:7a:f0:fa:a8:1d:bd:19:54:0c:a5:01:7d:
                    df:66:42:de:70:b9:a5:5a:37:04:2b:03:8f:cd:31:
                    28:a9:95:97:a3:05:3f:8c:94:aa:6e:b9:83:bd:8e:
                    c8:a8:25:3d:61:05:e5:81:68:dd:ff:9b:3a:ce:fe:
                    8e:f3:f1:26:9a:e0:aa:c7:b6:2f:6b:5f:61:0c:07:
                    4e:58:b4:c8:a4:e0:80:15:d2:8d:af:85:02:39:70:
                    ed:76:75:6a:b4:44:5d:a6:9b:cd:c6:9b:15:10:94:
                    6d:6a:78:d1:b4:b1:b6:43:45:f9:51:b2:c4:38:df:
                    1a:94:49:cf:3e:8a:3c:9d:dd:7f:ae:8c:09:e7:09:
                    e9:4e:b9:59:15:5d:b8:0c:09:92:67:50:e3:89:81:
                    24:2a:24:06:20:15:54:7b:9e:2e:4b:7d:ab:f3:82:
                    89:81:0b:20:2e:fe:26:66:59:f3:7c:61:15:34:8c:
                    33:49:b7:88:02:fb:5d:2c:9c:4d:c2:f6:fd:8e:39:
                    11:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:9F:FE:96:E5:AE:70:F5:0D:53:2C:39:18:5B:5E:9D:E6:2E:A8:6B
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/PZ_-luWucPUNUyw5GFteneYuqGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:1a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         09:23:21:48:04:53:34:38:8b:b8:b6:56:0e:37:12:27:c8:98:
         37:d7:31:95:31:c8:0f:84:51:0a:a5:aa:62:0c:74:e0:86:83:
         52:60:14:03:14:63:2e:5a:78:da:c8:30:c9:b3:2b:c3:57:6a:
         48:2e:ac:46:0c:d8:c3:cf:62:4a:5e:be:6f:ca:94:ce:4f:2b:
         c2:05:52:46:8d:84:31:cc:e8:7f:7f:b6:5d:c1:e1:05:47:fb:
         3b:db:ec:c9:b1:38:68:62:7e:1e:a1:83:ee:4e:85:7c:e8:63:
         d8:10:98:4b:15:c9:2d:b2:75:d6:5f:ab:09:1a:a7:9c:21:4b:
         31:8d:fd:24:6f:5e:19:6d:be:f4:0d:2f:bf:63:22:07:ad:6a:
         df:3c:0e:4c:89:f9:eb:43:65:8e:e1:66:ba:41:4c:f8:85:0b:
         98:0d:f6:0b:07:4b:42:cf:b8:6f:2a:60:51:65:ec:5d:1c:a4:
         41:16:d8:2e:3f:3f:7d:99:4b:48:a9:bc:49:bc:04:1e:26:0c:
         ed:80:3c:13:8a:d2:88:80:28:38:88:97:9b:cc:d7:33:e4:24:
         2c:92:67:8a:c7:fe:43:22:7a:99:7a:49:cc:02:1d:98:ea:f7:
         88:6f:5a:cf:6a:fe:f4:9c:ae:c0:31:02:b7:86:43:f1:d1:19:
         7d:f3:3c:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgDiDqzT+X7/W4BAOepAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDlmZmU5NmU1YWU3MGY1MGQ1MzJjMzkxODViNWU5ZGU2MmVhODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTJU7LlKAjYYZyIbS9DFq0BcpgQJ
AZAEXyrV3GQUwIQ+Wh2QUgpNG5n1mXq/aMisuKszRK7oavJq+lHekDt68PqoHb0Z
VAylAX3fZkLecLmlWjcEKwOPzTEoqZWXowU/jJSqbrmDvY7IqCU9YQXlgWjd/5s6
zv6O8/EmmuCqx7Yva19hDAdOWLTIpOCAFdKNr4UCOXDtdnVqtERdppvNxpsVEJRt
anjRtLG2Q0X5UbLEON8alEnPPoo8nd1/rowJ5wnpTrlZFV24DAmSZ1DjiYEkKiQG
IBVUe54uS32r84KJgQsgLv4mZlnzfGEVNIwzSbeIAvtdLJxNwvb9jjkRywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD2f/pblrnD1DVMsORhbXp3mLqhrMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvUFpfLWx1V3VjUFVOVXl3NUdGdGVuZVl1cUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAGg
MA0GCSqGSIb3DQEBCwUAA4IBAQAJIyFIBFM0OIu4tlYONxInyJg31zGVMcgPhFEK
papiDHTghoNSYBQDFGMuWnjayDDJsyvDV2pILqxGDNjDz2JKXr5vypTOTyvCBVJG
jYQxzOh/f7ZdweEFR/s72+zJsThoYn4eoYPuToV86GPYEJhLFcktsnXWX6sJGqec
IUsxjf0kb14Zbb70DS+/YyIHrWrfPA5MifnrQ2WO4Wa6QUz4hQuYDfYLB0tCz7hv
KmBRZexdHKRBFtguPz99mUtIqbxJvAQeJgztgDwTitKIgCg4iJebzNcz5CQskmeK
x/5DInqZeknMAh2Y6veIb1rPav70nK7AMQK3hkPx0Rl98zzH
-----END CERTIFICATE-----