Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QTc74zygrho2I8KVHpF7ZHga914.roa
File:                     QTc74zygrho2I8KVHpF7ZHga914.roa (raw, json)
Hash identifier:          B16rV4stncmaJU95ONdDX1KRXegZ9u/LnQeHmxxrZu8=
Subject key identifier:   41:37:3B:E3:3C:A0:AE:1A:36:23:C2:95:1E:91:7B:64:78:1A:F7:5E
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0191CDEE287957BAADBF3A24B0413AE264A8
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QTc74zygrho2I8KVHpF7ZHga914.roa
Signing time:             Sat 07 Sep 2024 19:20:22 +0000
ROA not before:           Sat 07 Sep 2024 19:20:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214417
IP address blocks:        2a12:bec4:1280::/44 maxlen: 44
                          2a12:bec4:1480::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:cd:ee:28:79:57:ba:ad:bf:3a:24:b0:41:3a:e2:64:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Sep  7 19:20:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41373be33ca0ae1a3623c2951e917b64781af75e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4c:63:cf:b4:f9:53:0b:8c:10:e3:2e:43:24:
                    8f:70:d5:45:c9:e0:47:ac:40:1e:87:6a:40:ff:13:
                    cd:a2:6f:ad:53:66:7b:d0:f7:21:85:ed:f3:04:5a:
                    6d:25:84:a2:c2:90:80:32:c4:13:1a:04:98:d3:9f:
                    28:65:e7:ec:5b:2c:be:50:bb:ca:5d:39:e5:0b:71:
                    50:86:1e:10:10:29:f3:6f:bc:42:24:38:49:85:b5:
                    b0:7b:f9:42:60:db:9a:18:22:4e:17:35:e8:da:86:
                    5d:30:5c:5c:93:e3:48:f2:e2:2e:8d:b1:11:1b:0a:
                    bd:22:b9:c8:1e:a5:9b:05:8a:b0:2c:2f:25:45:8c:
                    9b:f5:96:d3:da:fa:c5:60:81:5a:f3:64:47:dd:4f:
                    09:90:80:30:fd:f1:86:6c:71:c6:bd:dc:47:98:ba:
                    f8:98:b8:2f:69:6f:a0:61:86:ca:82:c6:52:f8:3f:
                    fb:e6:c7:ed:12:5e:ce:e5:a8:d3:7c:38:cc:ae:8d:
                    7b:b8:92:d7:9f:75:c7:8b:c1:8a:83:96:c4:aa:5f:
                    ef:7d:2a:d4:8c:f2:47:b0:4c:60:0a:03:a0:76:cb:
                    f7:5f:db:ab:5c:4f:12:6e:fa:65:1a:ec:51:fe:b7:
                    04:05:76:7d:b6:ad:9b:c5:06:9d:da:5b:48:ca:f2:
                    7f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:37:3B:E3:3C:A0:AE:1A:36:23:C2:95:1E:91:7B:64:78:1A:F7:5E
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QTc74zygrho2I8KVHpF7ZHga914.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1280::/44
                  2a12:bec4:1480::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:e7:ec:23:24:a1:a1:25:8d:99:f0:0d:3b:16:ed:89:db:cc:
         13:20:c8:1b:96:fe:76:f8:11:df:d3:e4:49:32:dd:d0:74:f8:
         d3:c9:5c:3c:9a:28:0f:dd:e6:ca:28:8c:07:fd:f5:a9:89:7c:
         8b:50:6d:33:07:db:9d:4f:ef:42:2b:99:31:1f:56:f7:f3:ff:
         a1:d2:11:c3:2f:01:85:ed:b6:bb:d0:2f:a9:15:99:88:8e:a4:
         8c:02:54:ab:9e:9c:ba:5d:89:c0:68:93:69:49:6d:f3:fa:df:
         4d:56:1c:17:c7:7c:1f:c9:c7:98:7b:ce:bc:aa:4a:fb:fe:65:
         23:29:e9:1f:11:44:e0:58:36:fe:4b:11:bb:37:d6:be:24:25:
         9a:9c:d1:a9:77:c8:b1:c0:e6:c9:2e:8a:33:3f:02:85:49:37:
         ec:e5:9a:0d:92:a6:fb:f0:db:54:11:62:31:2c:01:61:d9:f0:
         fa:a0:c1:5f:a8:b3:e0:03:9e:52:ba:df:86:04:36:f7:3d:2b:
         5d:a0:3f:b8:b0:81:bf:5c:00:da:53:8a:22:7b:01:2b:43:5b:
         8b:80:d1:4a:89:91:b3:ed:32:3b:6a:f7:81:1f:79:41:5b:dc:
         17:c0:8f:52:a4:e9:ca:d4:4e:fa:66:8c:18:28:54:95:58:03:
         1e:f9:8c:79
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZHN7ih5V7qtvzoksEE64mSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwOTA3MTkyMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTM3M2JlMzNjYTBhZTFhMzYyM2MyOTUxZTkxN2I2NDc4MWFmNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkxjz7T5UwuMEOMuQySPcNVFyeBH
rEAeh2pA/xPNom+tU2Z70Pchhe3zBFptJYSiwpCAMsQTGgSY058oZefsWyy+ULvK
XTnlC3FQhh4QECnzb7xCJDhJhbWwe/lCYNuaGCJOFzXo2oZdMFxck+NI8uIujbER
Gwq9IrnIHqWbBYqwLC8lRYyb9ZbT2vrFYIFa82RH3U8JkIAw/fGGbHHGvdxHmLr4
mLgvaW+gYYbKgsZS+D/75sftEl7O5ajTfDjMro17uJLXn3XHi8GKg5bEql/vfSrU
jPJHsExgCgOgdsv3X9urXE8SbvplGuxR/rcEBXZ9tq2bxQad2ltIyvJ/CQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEE3O+M8oK4aNiPClR6Re2R4GvdeMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvUVRjNzR6eWdyaG8ySThLVkhwRjdaSGdhOTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xBKA
AwcEKhK+xBSAMA0GCSqGSIb3DQEBCwUAA4IBAQBl5+wjJKGhJY2Z8A07Fu2J28wT
IMgblv52+BHf0+RJMt3QdPjTyVw8migP3ebKKIwH/fWpiXyLUG0zB9udT+9CK5kx
H1b38/+h0hHDLwGF7ba70C+pFZmIjqSMAlSrnpy6XYnAaJNpSW3z+t9NVhwXx3wf
yceYe868qkr7/mUjKekfEUTgWDb+SxG7N9a+JCWanNGpd8ixwObJLoozPwKFSTfs
5ZoNkqb78NtUEWIxLAFh2fD6oMFfqLPgA55Sut+GBDb3PStdoD+4sIG/XADaU4oi
ewErQ1uLgNFKiZGz7TI7aveBH3lBW9wXwI9SpOnK1E76ZowYKFSVWAMe+Yx5
-----END CERTIFICATE-----