Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/RaSIQYcNpcJ-cidKvumLTD3X2YE.roa
File:                     RaSIQYcNpcJ-cidKvumLTD3X2YE.roa (raw, json)
Hash identifier:          he8uXIOua/A37yVrtC2s9uOtaPu7TiUL8L0Zf1TWuuU=
Subject key identifier:   45:A4:88:41:87:0D:A5:C2:7E:72:27:4A:BE:E9:8B:4C:3D:D7:D9:81
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01917F3EB986E6A4731A9B3D581323145C68
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/RaSIQYcNpcJ-cidKvumLTD3X2YE.roa
Signing time:             Fri 23 Aug 2024 12:38:22 +0000
ROA not before:           Fri 23 Aug 2024 12:38:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214309
IP address blocks:        2a12:bec4:14d0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7f:3e:b9:86:e6:a4:73:1a:9b:3d:58:13:23:14:5c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Aug 23 12:38:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45a48841870da5c27e72274abee98b4c3dd7d981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:1e:97:f4:a6:92:17:1f:79:8f:44:39:49:8f:
                    37:b3:49:9e:9f:35:7b:37:3b:43:db:ed:94:d7:1c:
                    8c:ef:c0:06:a4:73:16:a7:9f:a0:37:40:16:c2:57:
                    55:34:2d:16:68:af:86:82:cf:19:ba:ae:02:6e:d8:
                    52:6f:28:6e:2a:f6:2f:28:c0:a6:40:c3:da:08:a4:
                    aa:ad:90:5e:f2:78:86:3c:12:24:43:48:91:7b:62:
                    22:00:10:eb:a5:ac:c8:46:48:5a:6f:55:84:94:ca:
                    a4:6d:a5:aa:23:98:60:e7:b7:9e:d6:e4:80:52:91:
                    57:a0:48:40:ea:0a:2c:1f:a0:3c:26:1a:02:77:7d:
                    e5:a0:20:9c:f6:b4:b8:ab:76:b5:e3:3a:0c:91:ce:
                    ed:be:1d:e2:e6:61:1f:e6:75:e0:fb:d3:d2:52:5c:
                    3e:33:bf:f8:06:b8:33:20:e7:63:9b:bd:de:ee:03:
                    da:a1:75:48:9b:5c:4a:a5:16:2c:e3:01:10:f8:18:
                    60:22:06:6d:48:13:b3:3a:0a:82:4a:b8:c7:c2:38:
                    f7:49:e0:e6:28:73:97:2a:09:a9:7d:94:a3:ee:07:
                    fa:cf:98:92:65:a5:9c:9d:af:f1:9c:fa:b7:28:35:
                    57:e3:20:e5:f3:90:ed:6f:3d:cd:ce:a3:7a:30:22:
                    89:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:A4:88:41:87:0D:A5:C2:7E:72:27:4A:BE:E9:8B:4C:3D:D7:D9:81
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/RaSIQYcNpcJ-cidKvumLTD3X2YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:14d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         75:cb:35:07:0a:79:60:cd:29:80:48:bb:79:f4:50:83:eb:ac:
         8c:50:66:c4:f3:c2:ec:2f:d6:38:88:29:94:5b:0b:e6:9c:77:
         82:3f:29:b2:82:f7:41:9b:5e:7f:a0:06:2c:a9:1a:dc:e3:cf:
         aa:68:ca:1f:34:1e:f8:00:97:c6:de:53:82:bd:6e:95:20:42:
         75:87:93:f4:6f:e4:24:74:7a:33:c6:71:b6:9f:6e:61:91:73:
         79:2e:91:18:c1:9e:97:79:aa:6e:86:f1:c6:33:e2:a3:50:93:
         50:24:5a:b1:e1:45:57:79:47:09:29:ff:c8:a9:67:2c:48:8c:
         90:a9:5f:0f:d8:34:11:75:19:48:3e:db:3f:ad:06:19:b8:4b:
         42:39:ca:d6:4c:99:6f:ed:62:34:64:72:39:c3:ce:a1:b6:16:
         9f:01:42:ea:c6:a5:44:5d:57:5a:52:ab:7e:08:a7:d0:cf:7a:
         95:f4:74:55:b1:68:7f:5b:9b:24:18:57:52:59:62:51:35:22:
         b6:17:d7:fa:7e:ee:c3:70:f3:3e:d8:58:c6:69:34:73:9c:68:
         d9:24:4b:2d:34:d2:7b:89:61:ec:7d:86:51:ba:4d:57:d1:15:
         0a:1d:a8:89:33:49:65:8d:7f:44:1a:89:eb:26:a7:3d:ec:52:
         38:2a:d0:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZF/PrmG5qRzGps9WBMjFFxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwODIzMTIzODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWE0ODg0MTg3MGRhNWMyN2U3MjI3NGFiZWU5OGI0YzNkZDdkOTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjB6X9KaSFx95j0Q5SY83s0menzV7
NztD2+2U1xyM78AGpHMWp5+gN0AWwldVNC0WaK+Ggs8Zuq4CbthSbyhuKvYvKMCm
QMPaCKSqrZBe8niGPBIkQ0iRe2IiABDrpazIRkhab1WElMqkbaWqI5hg57ee1uSA
UpFXoEhA6gosH6A8JhoCd33loCCc9rS4q3a14zoMkc7tvh3i5mEf5nXg+9PSUlw+
M7/4BrgzIOdjm73e7gPaoXVIm1xKpRYs4wEQ+BhgIgZtSBOzOgqCSrjHwjj3SeDm
KHOXKgmpfZSj7gf6z5iSZaWcna/xnPq3KDVX4yDl85Dtbz3NzqN6MCKJcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEWkiEGHDaXCfnInSr7pi0w919mBMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvUmFTSVFZY05wY0otY2lkS3Z1bUxURDNYMllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBTQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB1yzUHCnlgzSmASLt59FCD66yMUGbE88LsL9Y4
iCmUWwvmnHeCPymygvdBm15/oAYsqRrc48+qaMofNB74AJfG3lOCvW6VIEJ1h5P0
b+QkdHozxnG2n25hkXN5LpEYwZ6XeapuhvHGM+KjUJNQJFqx4UVXeUcJKf/IqWcs
SIyQqV8P2DQRdRlIPts/rQYZuEtCOcrWTJlv7WI0ZHI5w86hthafAULqxqVEXVda
Uqt+CKfQz3qV9HRVsWh/W5skGFdSWWJRNSK2F9f6fu7DcPM+2FjGaTRznGjZJEst
NNJ7iWHsfYZRuk1X0RUKHaiJM0lljX9EGonrJqc97FI4KtB7
-----END CERTIFICATE-----