Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/U3k56iaI-MtFLsfxrvUPZLoRZzw.roa
File:                     U3k56iaI-MtFLsfxrvUPZLoRZzw.roa (raw, json)
Hash identifier:          TVa07s87cr44pia1Hqi1X1+Yg0pIzmIDGCoGVMB5HQY=
Subject key identifier:   53:79:39:EA:26:88:F8:CB:45:2E:C7:F1:AE:F5:0F:64:BA:11:67:3C
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018E8B9424395E05D5C84D0FDA020181CACE
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/U3k56iaI-MtFLsfxrvUPZLoRZzw.roa
Signing time:             Fri 29 Mar 2024 18:58:45 +0000
ROA not before:           Fri 29 Mar 2024 18:58:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216253
IP address blocks:        2a12:bec0:480::/44 maxlen: 48
                          2a12:bec4:1140::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8b:94:24:39:5e:05:d5:c8:4d:0f:da:02:01:81:ca:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Mar 29 18:58:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=537939ea2688f8cb452ec7f1aef50f64ba11673c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1a:e9:81:61:2b:1a:96:82:31:3a:89:c2:89:
                    4d:39:7f:81:31:3a:e0:8a:0e:5e:58:79:92:06:97:
                    37:87:64:2b:97:43:fc:97:fe:95:a8:73:a6:c5:69:
                    4d:d6:0a:24:cb:d8:97:4a:8e:74:d0:92:52:3f:d9:
                    3a:fb:a7:b7:ca:c3:1a:53:4c:4c:af:63:56:2b:9e:
                    f5:30:bb:c5:53:b5:70:6b:7d:2b:81:28:13:ed:fe:
                    82:a5:32:71:e9:23:d1:dc:ea:00:57:75:56:08:45:
                    75:b9:bd:48:ae:7f:67:03:71:ad:bc:8a:8b:b7:68:
                    f4:7e:4b:97:c0:ab:b6:e1:39:e4:ac:f3:65:be:88:
                    8f:47:12:c8:d3:e9:8b:80:f5:a0:39:e7:6b:d8:a8:
                    d6:27:74:55:28:6b:e6:78:5f:83:e5:d8:d2:27:ef:
                    06:0c:ef:d4:29:43:37:5a:ce:ef:47:b9:b9:2b:b6:
                    fa:d7:60:f3:49:7e:92:97:cc:ed:bf:5e:91:6c:27:
                    8c:a5:86:59:e9:7f:7b:15:7d:af:dc:6d:79:e2:47:
                    f9:af:9f:a9:32:fa:ae:a1:6a:1e:18:40:e5:3b:6a:
                    f4:0a:61:94:e9:ca:d6:7e:a2:6c:f1:6e:66:9b:71:
                    27:59:b0:21:b0:8c:f1:f3:a5:07:c9:95:c1:21:e9:
                    83:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:79:39:EA:26:88:F8:CB:45:2E:C7:F1:AE:F5:0F:64:BA:11:67:3C
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/U3k56iaI-MtFLsfxrvUPZLoRZzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:480::/44
                  2a12:bec4:1140::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:d1:21:f8:04:3c:73:95:cc:50:21:27:f8:26:66:7d:48:0f:
         fe:1b:8d:32:60:31:f7:ca:4f:0a:c5:9f:4c:76:5d:b8:50:29:
         11:40:ff:2b:32:37:1d:49:13:e2:50:ab:aa:0d:e1:d0:f2:8b:
         ce:35:7d:41:32:0e:e1:ca:4b:fa:fa:d8:9e:56:35:9e:4e:85:
         c5:f3:c4:59:c5:81:d6:ae:2e:02:9e:5b:ef:0c:74:a0:26:d2:
         ba:bf:db:ef:67:ad:c0:4b:bf:bb:00:52:7c:4e:fc:7e:8e:22:
         6f:0b:5f:2d:8c:d4:82:6e:1e:3b:38:17:87:4e:34:59:c6:50:
         2b:f8:dd:f8:85:1d:73:f9:1d:b7:59:75:f3:0f:59:f2:1c:29:
         20:c6:62:6c:17:3d:ce:25:63:cc:91:b5:02:01:4a:6e:dd:4b:
         c8:e9:f1:d6:9d:55:85:37:b9:59:80:71:db:ae:ed:f8:5f:23:
         bf:b8:be:fa:7f:af:73:ae:f8:1a:20:c0:19:f4:99:f3:b8:e5:
         e6:5d:05:19:70:26:48:ac:83:b6:d1:8c:ab:38:a2:96:db:49:
         4a:17:3f:c4:13:ab:76:55:42:4b:e2:9d:16:58:1f:ba:80:3a:
         3b:2b:83:ed:27:83:30:76:11:22:6a:02:fc:89:24:00:b2:eb:
         6d:44:6b:02
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY6LlCQ5XgXVyE0P2gIBgcrOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMzI5MTg1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzc5MzllYTI2ODhmOGNiNDUyZWM3ZjFhZWY1MGY2NGJhMTE2NzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhrpgWErGpaCMTqJwolNOX+BMTrg
ig5eWHmSBpc3h2Qrl0P8l/6VqHOmxWlN1goky9iXSo500JJSP9k6+6e3ysMaU0xM
r2NWK571MLvFU7Vwa30rgSgT7f6CpTJx6SPR3OoAV3VWCEV1ub1Irn9nA3GtvIqL
t2j0fkuXwKu24TnkrPNlvoiPRxLI0+mLgPWgOedr2KjWJ3RVKGvmeF+D5djSJ+8G
DO/UKUM3Ws7vR7m5K7b612DzSX6Sl8ztv16RbCeMpYZZ6X97FX2v3G154kf5r5+p
MvquoWoeGEDlO2r0CmGU6crWfqJs8W5mm3EnWbAhsIzx86UHyZXBIemDsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFN5OeomiPjLRS7H8a71D2S6EWc8MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVTNrNTZpYUktTXRGTHNmeHJ2VVBaTG9SWnp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+wASA
AwcEKhK+xBFAMA0GCSqGSIb3DQEBCwUAA4IBAQAl0SH4BDxzlcxQISf4JmZ9SA/+
G40yYDH3yk8KxZ9Mdl24UCkRQP8rMjcdSRPiUKuqDeHQ8ovONX1BMg7hykv6+tie
VjWeToXF88RZxYHWri4CnlvvDHSgJtK6v9vvZ63AS7+7AFJ8Tvx+jiJvC18tjNSC
bh47OBeHTjRZxlAr+N34hR1z+R23WXXzD1nyHCkgxmJsFz3OJWPMkbUCAUpu3UvI
6fHWnVWFN7lZgHHbru34XyO/uL76f69zrvgaIMAZ9JnzuOXmXQUZcCZIrIO20Yyr
OKKW20lKFz/EE6t2VUJL4p0WWB+6gDo7K4PtJ4MwdhEiagL8iSQAsuttRGsC
-----END CERTIFICATE-----