Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/VqgeHld7mQJb40YB3tPca2LyOhU.roa
File:                     VqgeHld7mQJb40YB3tPca2LyOhU.roa (raw, json)
Hash identifier:          xF9VuTcBeAfHs0JGNFKvYE9eGKIg1X/YfvQbUB0+CkA=
Subject key identifier:   56:A8:1E:1E:57:7B:99:02:5B:E3:46:01:DE:D3:DC:6B:62:F2:3A:15
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0191F7CD8C9CCDD1715F6D3A0B4B051FEEAA
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/VqgeHld7mQJb40YB3tPca2LyOhU.roa
Signing time:             Sun 15 Sep 2024 22:28:48 +0000
ROA not before:           Sun 15 Sep 2024 22:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214212
IP address blocks:        2a12:bec4:14f1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f7:cd:8c:9c:cd:d1:71:5f:6d:3a:0b:4b:05:1f:ee:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Sep 15 22:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56a81e1e577b99025be34601ded3dc6b62f23a15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:10:f8:54:47:90:b5:28:a8:cd:ea:32:c6:31:
                    d7:c2:88:a7:04:c0:6e:97:c0:d2:16:a1:e0:c3:ae:
                    92:9f:fe:91:aa:0e:d0:62:18:31:c7:68:5b:a9:cb:
                    c4:74:fd:3e:cf:03:c2:df:ac:a5:66:5d:89:17:46:
                    d7:ff:cd:89:56:61:72:bb:1f:9f:31:cf:22:44:97:
                    fb:4a:b8:80:9e:74:87:a9:30:47:93:ea:00:b0:aa:
                    e7:47:12:64:02:43:e4:f8:b9:54:d8:60:08:0f:38:
                    af:f4:c2:2c:87:ed:a3:99:3d:4f:cc:3f:3f:5b:fe:
                    2c:f4:26:26:47:71:55:5c:67:91:c2:22:bf:67:93:
                    be:87:be:19:ed:12:57:10:c3:6b:a4:74:53:28:0d:
                    7c:19:7d:f6:d8:34:4f:b1:56:19:39:0d:72:5c:3f:
                    49:e9:4c:46:13:58:a7:2b:ab:3c:b4:a9:e7:c4:1e:
                    5f:11:4f:59:25:db:9b:f2:d1:54:70:9f:16:f9:a9:
                    bf:38:1f:6b:5a:d1:55:87:ef:d8:77:6c:a5:55:86:
                    5e:b5:0a:64:3f:64:4e:66:29:8a:66:b5:3d:d3:7f:
                    24:c0:a3:36:fe:b1:28:39:b0:57:98:50:15:e7:16:
                    42:f3:0a:a2:c8:4c:14:c8:d9:88:eb:7c:f1:7f:82:
                    bc:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A8:1E:1E:57:7B:99:02:5B:E3:46:01:DE:D3:DC:6B:62:F2:3A:15
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/VqgeHld7mQJb40YB3tPca2LyOhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:14f1::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:35:c6:37:c2:70:f6:62:d1:07:c9:3f:59:fc:25:03:83:63:
         01:f0:68:36:76:1f:2c:2c:6e:f2:2e:56:c4:b1:e6:92:b8:ce:
         68:ed:a6:19:41:39:b3:e4:7e:3f:7b:c2:4c:ad:f3:5e:c5:a3:
         ed:6b:6a:fc:90:fa:78:81:d2:e7:c4:bd:18:8a:e1:6c:82:e8:
         3c:82:5c:17:fc:d8:ff:e5:34:f0:62:d8:7b:e9:83:fb:9a:82:
         3f:a8:4d:ed:05:01:5d:60:05:39:59:6f:ed:1c:9a:60:42:84:
         40:68:74:14:fe:a1:a5:21:63:fa:68:bf:5b:7f:0e:ef:e5:58:
         0c:c8:8f:cd:5a:f5:3e:30:f4:ec:a3:cf:6d:29:c1:5a:74:ce:
         8a:45:4b:b0:ce:e4:c4:f2:52:f6:f7:dd:4f:57:03:41:06:61:
         0c:1e:ad:70:68:65:01:21:80:95:40:67:8b:83:07:b0:37:d2:
         10:4b:c1:1c:9e:b8:15:a2:5c:4a:35:46:fe:25:6f:d2:b3:c6:
         e9:36:87:45:9f:bc:db:d1:61:af:82:a9:1a:3d:f0:3b:62:83:
         9e:0e:d6:b0:7c:bb:65:70:f8:d2:44:bb:83:b4:33:6e:a0:79:
         24:1e:f1:b0:42:48:03:66:8d:ab:5b:df:ec:fa:45:0e:a2:43:
         b3:63:ae:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZH3zYyczdFxX206C0sFH+6qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwOTE1MjIyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmE4MWUxZTU3N2I5OTAyNWJlMzQ2MDFkZWQzZGM2YjYyZjIzYTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BD4VEeQtSiozeoyxjHXwoinBMBu
l8DSFqHgw66Sn/6Rqg7QYhgxx2hbqcvEdP0+zwPC36ylZl2JF0bX/82JVmFyux+f
Mc8iRJf7SriAnnSHqTBHk+oAsKrnRxJkAkPk+LlU2GAIDziv9MIsh+2jmT1PzD8/
W/4s9CYmR3FVXGeRwiK/Z5O+h74Z7RJXEMNrpHRTKA18GX322DRPsVYZOQ1yXD9J
6UxGE1inK6s8tKnnxB5fEU9ZJdub8tFUcJ8W+am/OB9rWtFVh+/Yd2ylVYZetQpk
P2ROZimKZrU9038kwKM2/rEoObBXmFAV5xZC8wqiyEwUyNmI63zxf4K89QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFaoHh5Xe5kCW+NGAd7T3Gti8joVMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVnFnZUhsZDdtUUpiNDBZQjN0UGNhMkx5T2hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+xBTx
MA0GCSqGSIb3DQEBCwUAA4IBAQA+NcY3wnD2YtEHyT9Z/CUDg2MB8Gg2dh8sLG7y
LlbEseaSuM5o7aYZQTmz5H4/e8JMrfNexaPta2r8kPp4gdLnxL0YiuFsgug8glwX
/Nj/5TTwYth76YP7moI/qE3tBQFdYAU5WW/tHJpgQoRAaHQU/qGlIWP6aL9bfw7v
5VgMyI/NWvU+MPTso89tKcFadM6KRUuwzuTE8lL2991PVwNBBmEMHq1waGUBIYCV
QGeLgwewN9IQS8EcnrgVolxKNUb+JW/Ss8bpNodFn7zb0WGvgqkaPfA7YoOeDtaw
fLtlcPjSRLuDtDNuoHkkHvGwQkgDZo2rW9/s+kUOokOzY64J
-----END CERTIFICATE-----