Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/UA2Nkn6Rm0EXn2J9Bw2NAjYYkoY.roa
File:                     UA2Nkn6Rm0EXn2J9Bw2NAjYYkoY.roa (raw, json)
Hash identifier:          zguTcaBt224pG46b/oNlKAQnUenK6ZFKXt+ftoeVtNE=
Subject key identifier:   50:0D:8D:92:7E:91:9B:41:17:9F:62:7D:07:0D:8D:02:36:18:92:86
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A041511FFBF6DB35897C7AED96803
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/UA2Nkn6Rm0EXn2J9Bw2NAjYYkoY.roa
Signing time:             Mon 01 Jan 2024 18:29:48 +0000
ROA not before:           Mon 01 Jan 2024 18:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199689
IP address blocks:        2a12:bec0:de0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:04:15:11:ff:bf:6d:b3:58:97:c7:ae:d9:68:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=500d8d927e919b41179f627d070d8d0236189286
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f0:1f:11:be:f9:f1:68:39:ab:47:33:3e:88:
                    b7:e1:8b:2d:57:4a:d0:01:1a:99:64:da:c7:2c:7d:
                    6a:20:29:dd:91:1e:32:fe:82:1d:7a:81:9b:7a:be:
                    b0:e4:9a:74:d8:64:40:7f:6a:dd:33:00:10:3d:b7:
                    9f:1c:8f:96:5e:6b:1c:66:21:4d:ff:0d:81:c2:02:
                    07:07:54:59:55:c2:21:4a:98:5e:81:7c:df:e4:fb:
                    2b:d2:47:81:67:75:4b:13:10:1f:24:0b:67:fb:9c:
                    1f:7b:5c:76:2c:fc:39:79:1b:58:a1:9f:73:bb:bc:
                    81:1d:38:28:72:fb:60:ab:b0:73:81:c0:16:ec:5a:
                    dd:2a:3e:be:8e:5e:08:8e:e4:be:00:fb:9b:93:df:
                    72:e4:fb:1a:6f:45:ac:af:19:bb:5c:c0:2b:b0:72:
                    3a:3f:69:7b:b8:90:b0:51:6e:6c:92:88:c3:d7:04:
                    c8:48:fc:fb:41:09:16:96:df:ed:ef:2e:c1:d2:ae:
                    5f:fd:7d:31:20:a2:7f:28:49:3f:87:d5:47:53:81:
                    23:22:d4:ef:0e:b2:5c:33:a9:19:25:4c:4b:f5:5f:
                    28:42:36:93:54:81:4d:be:94:5b:09:59:3d:d5:2e:
                    c2:d3:e9:83:98:25:ba:5a:32:35:1f:cf:44:b3:96:
                    7b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:0D:8D:92:7E:91:9B:41:17:9F:62:7D:07:0D:8D:02:36:18:92:86
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/UA2Nkn6Rm0EXn2J9Bw2NAjYYkoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:de0::/44

    Signature Algorithm: sha256WithRSAEncryption
         71:b9:5f:c0:fd:fe:45:3d:ef:6a:5d:a4:1a:0b:02:e5:cb:4a:
         73:c3:0d:44:cb:50:e6:5b:e2:c9:a4:7f:32:ab:c0:46:a8:07:
         58:78:a2:ed:7e:1c:83:03:0f:d1:c5:99:39:18:62:29:1d:38:
         b5:40:f2:bd:fb:51:4e:80:87:ee:fe:7a:a9:c9:d9:92:e1:24:
         6d:a9:48:9e:39:ec:7d:8f:38:f0:db:02:13:06:38:71:87:53:
         f2:cf:61:ad:52:e4:79:cf:68:9b:39:f2:57:34:cd:43:6a:0b:
         76:4c:48:07:4e:5c:1f:55:18:39:41:5c:b3:c1:60:fd:f8:45:
         ae:82:3a:ba:45:b2:1d:22:ae:f6:c9:01:78:82:8c:c8:73:1a:
         08:b2:00:3a:51:17:13:8e:5f:42:15:95:9a:c6:91:73:d1:b8:
         23:2f:dd:48:be:56:c2:dd:31:67:9a:6c:7b:5d:39:d6:18:21:
         0a:ac:d7:ce:5a:d7:86:0f:24:b4:f3:64:70:99:8f:e9:b7:19:
         09:3f:de:3d:2b:06:fb:b7:fd:af:ee:d8:a3:93:5a:69:9d:ae:
         f8:68:e1:f3:38:f0:a4:0e:71:70:92:4e:dd:a6:f4:fa:86:14:
         3c:15:71:1d:81:34:fa:ae:58:61:1c:08:60:19:7d:b8:e5:b5:
         d9:f9:09:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgQVEf+/bbNYl8eu2WgDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDBkOGQ5MjdlOTE5YjQxMTc5ZjYyN2QwNzBkOGQwMjM2MTg5Mjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPAfEb758Wg5q0czPoi34YstV0rQ
ARqZZNrHLH1qICndkR4y/oIdeoGber6w5Jp02GRAf2rdMwAQPbefHI+WXmscZiFN
/w2BwgIHB1RZVcIhSphegXzf5Psr0keBZ3VLExAfJAtn+5wfe1x2LPw5eRtYoZ9z
u7yBHTgocvtgq7BzgcAW7FrdKj6+jl4IjuS+APubk99y5Psab0Wsrxm7XMArsHI6
P2l7uJCwUW5skojD1wTISPz7QQkWlt/t7y7B0q5f/X0xIKJ/KEk/h9VHU4EjItTv
DrJcM6kZJUxL9V8oQjaTVIFNvpRbCVk91S7C0+mDmCW6WjI1H89Es5Z7vwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFANjZJ+kZtBF59ifQcNjQI2GJKGMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVUEyTmtuNlJtMEVYbjJKOUJ3Mk5BallZa29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wA3g
MA0GCSqGSIb3DQEBCwUAA4IBAQBxuV/A/f5FPe9qXaQaCwLly0pzww1Ey1DmW+LJ
pH8yq8BGqAdYeKLtfhyDAw/RxZk5GGIpHTi1QPK9+1FOgIfu/nqpydmS4SRtqUie
Oex9jzjw2wITBjhxh1Pyz2GtUuR5z2ibOfJXNM1Dagt2TEgHTlwfVRg5QVyzwWD9
+EWugjq6RbIdIq72yQF4gozIcxoIsgA6URcTjl9CFZWaxpFz0bgjL91IvlbC3TFn
mmx7XTnWGCEKrNfOWteGDyS082RwmY/ptxkJP949Kwb7t/2v7tijk1ppna74aOHz
OPCkDnFwkk7dpvT6hhQ8FXEdgTT6rlhhHAhgGX245bXZ+Qks
-----END CERTIFICATE-----