Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/W9CHzCUF6L08sjLA0XEQrKfEVKw.roa
File:                     W9CHzCUF6L08sjLA0XEQrKfEVKw.roa (raw, json)
Hash identifier:          cobc9Lf03tyEPg1YiGmOKkbD7wqQQ7msCyV/T8kAlWg=
Subject key identifier:   5B:D0:87:CC:25:05:E8:BD:3C:B2:32:C0:D1:71:10:AC:A7:C4:54:AC
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A13DE93880439B75C3A5C2258686B
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/W9CHzCUF6L08sjLA0XEQrKfEVKw.roa
Signing time:             Mon 01 Jan 2024 18:29:52 +0000
ROA not before:           Mon 01 Jan 2024 18:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216409
IP address blocks:        2a12:bec0:440::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 03:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:13:de:93:88:04:39:b7:5c:3a:5c:22:58:68:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bd087cc2505e8bd3cb232c0d17110aca7c454ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1b:72:4f:ac:40:03:48:f8:9c:10:98:57:c4:
                    d8:a2:a6:8e:8a:f6:ce:2b:92:95:0a:58:52:ae:9f:
                    a4:13:db:da:19:c5:b1:c1:e1:91:b5:78:d0:99:07:
                    de:5d:2d:90:2f:05:cf:88:16:cb:48:c9:be:35:e1:
                    aa:23:92:ef:09:eb:4c:e8:f0:ed:8c:43:02:ca:25:
                    53:da:39:c9:5b:04:1d:f5:e3:cd:05:1f:2c:5b:b2:
                    54:09:bc:a9:b0:fb:1d:75:9c:0d:3e:5b:6d:00:6d:
                    04:f7:19:83:46:40:8d:0b:66:24:65:41:62:fa:38:
                    4a:3f:e4:5f:9c:e2:47:0f:16:13:d2:c5:23:5d:c1:
                    b9:c4:81:b5:4f:87:7d:ff:4c:30:79:73:e4:0a:85:
                    e9:04:88:70:aa:1b:4e:03:bd:7f:be:3c:11:29:41:
                    58:ce:b4:b8:04:8e:e0:cd:bf:e6:e4:e7:7c:5e:1e:
                    8b:81:fb:ef:58:20:1d:2b:da:c5:da:09:a6:5d:e1:
                    da:89:c6:65:e3:13:37:f4:8c:0a:07:8f:fa:4d:f5:
                    dc:e9:b2:32:1f:6f:c2:53:51:91:d4:df:b5:d5:87:
                    68:b4:5b:f4:84:fc:38:b7:85:4e:99:ba:16:e9:3b:
                    80:f4:60:36:55:2a:0a:6d:c3:0e:dc:a1:bc:06:3c:
                    56:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D0:87:CC:25:05:E8:BD:3C:B2:32:C0:D1:71:10:AC:A7:C4:54:AC
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/W9CHzCUF6L08sjLA0XEQrKfEVKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:440::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:d8:d6:5a:62:10:ef:e2:2e:48:f6:6c:7f:5a:f3:dd:fb:ed:
         76:72:aa:d7:1a:ec:6e:04:69:4b:83:a2:c0:1d:26:31:a6:4c:
         b4:c7:31:13:f3:8f:94:b9:7e:6e:46:3e:12:e6:2c:a6:bd:9f:
         6c:f1:02:2e:8c:a9:ee:3c:71:2c:19:59:30:b1:40:01:ab:29:
         26:5e:e4:20:95:e8:f1:5b:ee:f7:10:61:a4:60:5a:45:04:81:
         b1:9d:d4:e3:ba:de:88:50:0f:f3:12:80:94:d1:66:f9:65:0f:
         cc:83:26:02:88:56:3a:a9:9e:77:3c:23:c5:b5:e2:92:27:05:
         f7:b5:16:49:b9:ee:f3:63:14:0b:eb:3f:0e:73:07:ec:e7:f5:
         2e:e2:a3:90:13:f6:e9:a9:e8:f3:89:a9:0f:ce:ac:89:1c:3f:
         89:c7:57:f1:8f:04:0a:b0:d5:19:99:ad:b5:02:4e:95:9b:05:
         8b:18:21:73:5e:30:0d:08:b7:a3:8d:86:fc:85:eb:bc:75:76:
         93:36:6a:06:09:5e:6b:83:7d:0d:8f:c2:5e:4d:aa:2e:84:49:
         7d:17:28:50:1e:73:be:fa:f3:19:58:de:ac:0f:2a:63:d5:59:
         d5:23:e7:8a:24:53:58:4e:52:47:93:93:69:8b:02:2d:67:34:
         84:77:94:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGShPek4gEObdcOlwiWGhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmQwODdjYzI1MDVlOGJkM2NiMjMyYzBkMTcxMTBhY2E3YzQ1NGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhtyT6xAA0j4nBCYV8TYoqaOivbO
K5KVClhSrp+kE9vaGcWxweGRtXjQmQfeXS2QLwXPiBbLSMm+NeGqI5LvCetM6PDt
jEMCyiVT2jnJWwQd9ePNBR8sW7JUCbypsPsddZwNPlttAG0E9xmDRkCNC2YkZUFi
+jhKP+RfnOJHDxYT0sUjXcG5xIG1T4d9/0wweXPkCoXpBIhwqhtOA71/vjwRKUFY
zrS4BI7gzb/m5Od8Xh6LgfvvWCAdK9rF2gmmXeHaicZl4xM39IwKB4/6TfXc6bIy
H2/CU1GR1N+11YdotFv0hPw4t4VOmboW6TuA9GA2VSoKbcMO3KG8BjxWMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFvQh8wlBei9PLIywNFxEKynxFSsMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVzlDSHpDVUY2TDA4c2pMQTBYRVFyS2ZFVkt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wARA
MA0GCSqGSIb3DQEBCwUAA4IBAQBM2NZaYhDv4i5I9mx/WvPd++12cqrXGuxuBGlL
g6LAHSYxpky0xzET84+UuX5uRj4S5iymvZ9s8QIujKnuPHEsGVkwsUABqykmXuQg
lejxW+73EGGkYFpFBIGxndTjut6IUA/zEoCU0Wb5ZQ/MgyYCiFY6qZ53PCPFteKS
JwX3tRZJue7zYxQL6z8Ocwfs5/Uu4qOQE/bpqejziakPzqyJHD+Jx1fxjwQKsNUZ
ma21Ak6VmwWLGCFzXjANCLejjYb8heu8dXaTNmoGCV5rg30Nj8JeTaouhEl9FyhQ
HnO++vMZWN6sDypj1VnVI+eKJFNYTlJHk5NpiwItZzSEd5RZ
-----END CERTIFICATE-----