Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/SBHpT7BHygBKG_qrtfHtMkPQWf4.roa
File:                     SBHpT7BHygBKG_qrtfHtMkPQWf4.roa (raw, json)
Hash identifier:          E+VHap30JyrpPHz+E5tALkeOAzN5WJNEurCSr8O/Z+g=
Subject key identifier:   48:11:E9:4F:B0:47:CA:00:4A:1B:FA:AB:B5:F1:ED:32:43:D0:59:FE
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC649FF04198600E064719C43E1CA282E
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/SBHpT7BHygBKG_qrtfHtMkPQWf4.roa
Signing time:             Mon 01 Jan 2024 18:29:47 +0000
ROA not before:           Mon 01 Jan 2024 18:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198366
IP address blocks:        2a12:bec0:350::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ff:04:19:86:00:e0:64:71:9c:43:e1:ca:28:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4811e94fb047ca004a1bfaabb5f1ed3243d059fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3c:71:e9:18:bc:0a:20:a0:41:26:94:3d:58:
                    07:58:63:1b:07:7c:72:94:7e:d4:74:74:82:ca:f1:
                    34:c0:2c:7f:52:ed:68:35:c1:51:a2:80:66:fc:5a:
                    e2:10:c0:a3:06:67:02:46:5c:c0:10:24:e5:00:6a:
                    b5:35:87:f3:66:f3:e2:7f:a1:d0:20:f6:de:08:38:
                    46:df:2d:2e:19:ff:b4:1f:59:f7:32:73:ed:ab:1a:
                    14:b8:4b:a0:26:c8:35:be:03:a6:42:ac:14:92:8a:
                    52:c2:c2:90:ba:52:9a:10:66:5e:8b:fa:2f:10:fc:
                    36:7d:02:7f:c2:03:67:ae:f2:4c:89:bb:03:51:9e:
                    00:d0:fc:2f:42:77:48:08:a4:fe:05:83:55:87:3d:
                    0b:f5:74:05:d7:82:fc:d1:f2:93:7c:f4:35:e7:8f:
                    22:45:a1:9d:92:cf:d5:b8:f4:8a:41:0f:8d:83:e5:
                    fb:22:b8:df:03:98:ca:2d:c3:e9:36:06:7a:e8:46:
                    0e:65:dd:ab:32:f9:ac:b3:03:21:90:47:6d:a2:8b:
                    1a:86:57:8d:fb:b5:dc:77:b3:56:a7:aa:48:bc:9a:
                    c4:04:cb:b7:78:d4:c1:31:b6:c3:d6:a1:3f:d3:26:
                    5c:d7:6b:fb:18:0a:d9:f3:96:5c:98:69:38:92:94:
                    57:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:11:E9:4F:B0:47:CA:00:4A:1B:FA:AB:B5:F1:ED:32:43:D0:59:FE
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/SBHpT7BHygBKG_qrtfHtMkPQWf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:350::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:1e:f2:ad:63:2f:b6:c6:9f:c4:c7:95:82:c8:9e:a1:f7:d7:
         b2:29:39:a5:51:3b:5e:8d:14:ec:51:2c:11:b9:12:24:12:bf:
         9d:ff:79:bc:e3:0f:59:61:97:fa:2d:f4:90:d1:fa:23:dd:89:
         f4:0a:cc:11:4b:25:e7:d2:50:d2:c9:6b:46:69:1e:16:c0:04:
         87:1b:a3:5b:40:8f:82:24:26:a4:7a:f4:da:b9:d6:29:37:de:
         2c:50:ef:47:ba:e8:67:28:c0:67:c6:2d:ea:ca:ec:38:7d:60:
         99:27:aa:02:df:05:18:c0:49:a3:5b:83:62:81:f4:24:48:7c:
         32:53:d2:60:5f:76:55:43:0a:69:b5:d4:1d:1b:d0:4e:8b:c1:
         34:ed:c8:5e:4c:02:d0:3b:83:7b:33:61:6a:bc:c7:ef:c5:b5:
         14:0a:fc:fe:2e:4e:ad:3a:fd:78:37:4a:58:9e:b8:a6:b0:42:
         c3:7e:b1:c7:39:ee:2c:48:1f:f8:5c:d1:75:5f:d6:07:b4:e3:
         5d:48:e0:a5:3c:bf:6c:f0:8b:2a:fd:0a:c4:b3:72:2c:b9:b0:
         58:c2:86:3e:73:ab:6c:a4:b5:e9:c3:e3:02:3a:8c:12:3f:4c:
         7f:e6:96:1b:0a:64:fa:cf:11:14:65:fb:bd:53:82:a2:30:1d:
         51:49:19:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSf8EGYYA4GRxnEPhyiguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODExZTk0ZmIwNDdjYTAwNGExYmZhYWJiNWYxZWQzMjQzZDA1OWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDxx6Ri8CiCgQSaUPVgHWGMbB3xy
lH7UdHSCyvE0wCx/Uu1oNcFRooBm/FriEMCjBmcCRlzAECTlAGq1NYfzZvPif6HQ
IPbeCDhG3y0uGf+0H1n3MnPtqxoUuEugJsg1vgOmQqwUkopSwsKQulKaEGZei/ov
EPw2fQJ/wgNnrvJMibsDUZ4A0PwvQndICKT+BYNVhz0L9XQF14L80fKTfPQ1548i
RaGdks/VuPSKQQ+Ng+X7IrjfA5jKLcPpNgZ66EYOZd2rMvmsswMhkEdtoosahleN
+7Xcd7NWp6pIvJrEBMu3eNTBMbbD1qE/0yZc12v7GArZ85ZcmGk4kpRXqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEgR6U+wR8oAShv6q7Xx7TJD0Fn+MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvU0JIcFQ3Qkh5Z0JLR19xcnRmSHRNa1BRV2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wANQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAGHvKtYy+2xp/Ex5WCyJ6h99eyKTmlUTtejRTs
USwRuRIkEr+d/3m84w9ZYZf6LfSQ0foj3Yn0CswRSyXn0lDSyWtGaR4WwASHG6Nb
QI+CJCakevTaudYpN94sUO9HuuhnKMBnxi3qyuw4fWCZJ6oC3wUYwEmjW4NigfQk
SHwyU9JgX3ZVQwpptdQdG9BOi8E07cheTALQO4N7M2FqvMfvxbUUCvz+Lk6tOv14
N0pYnrimsELDfrHHOe4sSB/4XNF1X9YHtONdSOClPL9s8Isq/QrEs3IsubBYwoY+
c6tspLXpw+MCOowSP0x/5pYbCmT6zxEUZfu9U4KiMB1RSRne
-----END CERTIFICATE-----