Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ZmoLGV82FzMkTWffbhz6_1PqhS4.roa
File:                     ZmoLGV82FzMkTWffbhz6_1PqhS4.roa (raw, json)
Hash identifier:          Et4mDcBbZtLC9GR8FzOzHBlUJUJ940ycm+JM2Z5QKD4=
Subject key identifier:   66:6A:0B:19:5F:36:17:33:24:4D:67:DF:6E:1C:FA:FF:53:EA:85:2E
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC649FD3C87A2C0182048FEED05D71A73
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ZmoLGV82FzMkTWffbhz6_1PqhS4.roa
Signing time:             Mon 01 Jan 2024 18:29:46 +0000
ROA not before:           Mon 01 Jan 2024 18:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60298
IP address blocks:        2a12:bec0:2a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:fd:3c:87:a2:c0:18:20:48:fe:ed:05:d7:1a:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=666a0b195f361733244d67df6e1cfaff53ea852e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:eb:c7:ba:a4:75:52:a6:5b:38:60:26:9b:e8:
                    c8:97:a8:3f:85:5b:eb:bc:8b:78:b0:b2:a1:6d:0a:
                    e2:bb:68:b5:84:20:26:47:b8:b1:6f:17:16:5d:cb:
                    2b:51:4c:18:33:29:81:8f:7d:62:10:e6:2f:a8:1f:
                    25:cd:18:5b:01:4b:fc:80:2e:9a:70:88:90:83:99:
                    ff:84:e7:a8:b3:48:2c:a8:0c:36:c5:5c:7b:0d:15:
                    37:b9:98:e3:d4:e3:18:62:18:9b:c4:46:e9:fe:85:
                    ae:4c:72:d4:78:3f:d7:13:fb:82:d2:de:1f:5e:e9:
                    bb:cb:f1:1b:c1:55:68:cd:68:a4:eb:1a:20:8d:33:
                    25:c9:96:4f:d9:05:4d:d0:23:21:3b:b0:db:2c:6a:
                    16:dc:0d:56:12:94:78:e4:13:28:38:20:76:a6:9e:
                    39:50:50:c0:5d:bd:05:ff:2c:ed:87:e7:df:9f:06:
                    70:dc:59:5e:fe:b0:e6:2d:46:48:64:6b:b1:db:ea:
                    ae:f9:a3:7b:23:1a:69:28:43:a4:68:28:d7:f7:72:
                    c6:5f:f5:39:ec:78:f9:00:8c:ac:30:0d:41:8c:68:
                    4f:8f:52:0e:09:fd:51:c9:b3:5e:2d:97:5c:93:11:
                    3a:ef:70:3b:45:84:19:f6:49:71:a1:97:1d:19:f7:
                    59:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:6A:0B:19:5F:36:17:33:24:4D:67:DF:6E:1C:FA:FF:53:EA:85:2E
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ZmoLGV82FzMkTWffbhz6_1PqhS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:2a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         59:79:bd:46:28:8b:a2:35:1a:cf:46:81:bb:42:f7:e6:96:7a:
         cd:ee:c8:3d:46:01:8c:2f:e8:6b:03:51:33:34:7d:75:7b:3a:
         94:5f:28:c7:ef:68:c8:22:f5:1b:45:8b:be:ff:9c:28:bd:d5:
         16:18:b0:4e:40:2e:fb:81:04:e5:14:c1:34:22:b5:e2:df:36:
         50:92:42:8e:69:85:e1:d0:0b:9b:91:80:a8:f2:93:3d:87:3b:
         52:65:b8:30:08:55:38:9a:7a:6e:1a:c1:42:47:14:75:53:b4:
         2f:b1:54:9d:f5:cd:d7:59:45:db:37:16:40:28:7b:9d:89:9b:
         dc:79:e2:2c:51:f7:b4:84:f1:06:3f:6a:93:a7:1e:81:3e:53:
         ae:b5:cf:01:c5:6b:2e:79:b5:a1:c5:00:aa:68:ee:c5:5a:67:
         89:b1:3f:8c:bd:3f:6a:55:cb:61:9a:d7:84:89:94:52:d0:d9:
         1e:94:a7:7e:2e:b7:36:08:57:5b:09:2d:eb:d0:8e:29:0d:31:
         04:1d:76:88:80:6f:3c:3d:95:b0:04:4f:7d:1b:18:89:8f:6b:
         65:53:f6:30:bc:1f:c7:41:74:04:36:fb:26:83:3a:30:5e:ae:
         10:92:f9:b1:76:27:a1:b9:d1:81:73:ba:33:31:c7:f7:46:ae:
         48:a2:22:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSf08h6LAGCBI/u0F1xpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjZhMGIxOTVmMzYxNzMzMjQ0ZDY3ZGY2ZTFjZmFmZjUzZWE4NTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+vHuqR1UqZbOGAmm+jIl6g/hVvr
vIt4sLKhbQriu2i1hCAmR7ixbxcWXcsrUUwYMymBj31iEOYvqB8lzRhbAUv8gC6a
cIiQg5n/hOeos0gsqAw2xVx7DRU3uZjj1OMYYhibxEbp/oWuTHLUeD/XE/uC0t4f
Xum7y/EbwVVozWik6xogjTMlyZZP2QVN0CMhO7DbLGoW3A1WEpR45BMoOCB2pp45
UFDAXb0F/yzth+ffnwZw3Fle/rDmLUZIZGux2+qu+aN7IxppKEOkaCjX93LGX/U5
7Hj5AIysMA1BjGhPj1IOCf1RybNeLZdckxE673A7RYQZ9klxoZcdGfdZBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGZqCxlfNhczJE1n324c+v9T6oUuMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvWm1vTEdWODJGek1rVFdmZmJoejZfMVBxaFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAKg
MA0GCSqGSIb3DQEBCwUAA4IBAQBZeb1GKIuiNRrPRoG7QvfmlnrN7sg9RgGML+hr
A1EzNH11ezqUXyjH72jIIvUbRYu+/5wovdUWGLBOQC77gQTlFME0IrXi3zZQkkKO
aYXh0AubkYCo8pM9hztSZbgwCFU4mnpuGsFCRxR1U7QvsVSd9c3XWUXbNxZAKHud
iZvceeIsUfe0hPEGP2qTpx6BPlOutc8BxWsuebWhxQCqaO7FWmeJsT+MvT9qVcth
mteEiZRS0NkelKd+Lrc2CFdbCS3r0I4pDTEEHXaIgG88PZWwBE99GxiJj2tlU/Yw
vB/HQXQENvsmgzowXq4QkvmxdiehudGBc7ozMcf3Rq5IoiIT
-----END CERTIFICATE-----