Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/_qT6TuzbAwQVN81AFdEiuZs03QI.roa
File:                     _qT6TuzbAwQVN81AFdEiuZs03QI.roa (raw, json)
Hash identifier:          8l73Weh7fs4MPNCtHjbztW4TQci2SPFCUadPZeLQq5c=
Subject key identifier:   FE:A4:FA:4E:EC:DB:03:04:15:37:CD:40:15:D1:22:B9:9B:34:DD:02
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A0F4C0BF870E1D2CDC1620B1428CC
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/_qT6TuzbAwQVN81AFdEiuZs03QI.roa
Signing time:             Mon 01 Jan 2024 18:29:51 +0000
ROA not before:           Mon 01 Jan 2024 18:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216061
IP address blocks:        2a12:bec0:580::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:0f:4c:0b:f8:70:e1:d2:cd:c1:62:0b:14:28:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fea4fa4eecdb03041537cd4015d122b99b34dd02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:13:eb:35:0a:26:bc:ca:91:df:80:5b:9f:03:
                    77:df:75:e9:d3:cf:bf:03:93:c3:a9:63:27:14:2f:
                    95:36:82:1c:4b:f6:3c:96:a6:48:0b:df:ac:ac:55:
                    f2:69:b9:07:3e:2b:9a:7c:34:a0:4a:28:2a:2c:f5:
                    7a:f2:c7:7a:fa:a6:ea:4e:00:62:02:d9:bc:96:7e:
                    33:da:b9:42:c1:26:83:8a:bd:99:61:ec:96:1f:15:
                    b2:21:17:6d:69:65:d9:e5:ce:be:ee:a4:a7:e1:08:
                    ee:32:a1:35:52:fb:ae:6e:d2:72:85:bb:f0:b9:90:
                    81:ef:34:72:6a:df:a9:bc:65:7b:df:68:e3:40:e8:
                    eb:f7:f6:65:a1:cf:ce:4c:0a:58:a1:34:fa:77:f2:
                    2f:2e:b1:e5:df:fc:e8:9c:4a:80:3a:aa:06:10:ea:
                    7d:6b:fe:04:fa:50:f1:0e:e8:15:e2:49:cd:f9:d2:
                    75:e7:34:42:85:c6:cf:d1:d7:6e:3d:3c:bb:64:2b:
                    05:14:f1:15:88:75:23:b5:15:c8:48:b9:a0:51:12:
                    ff:1d:3a:58:ee:e1:78:f3:c9:da:4c:d5:73:1c:d6:
                    8a:9c:a3:d9:93:7b:a5:d7:78:05:87:31:62:7e:f0:
                    83:db:8e:29:a2:f1:b5:41:da:e9:07:dd:8a:07:60:
                    bf:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A4:FA:4E:EC:DB:03:04:15:37:CD:40:15:D1:22:B9:9B:34:DD:02
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/_qT6TuzbAwQVN81AFdEiuZs03QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:580::/44

    Signature Algorithm: sha256WithRSAEncryption
         92:da:2d:26:ca:66:ad:61:3e:54:b8:bf:2d:a8:02:f2:b7:e8:
         00:84:19:6a:42:25:cd:e4:db:d6:4f:67:f9:2e:52:9f:de:8c:
         b7:d0:c8:32:8a:48:e6:6c:17:6c:d8:2b:5d:fd:9f:d6:d0:e4:
         8f:d9:0a:fa:0e:d7:b3:1d:76:76:a1:e0:15:c9:10:fd:ff:a5:
         14:1b:ea:0c:03:86:cd:a5:fb:d5:a7:5c:f0:0a:e8:e1:f9:31:
         c9:ad:f5:60:cb:73:bb:1c:84:f7:bb:8b:68:ad:69:26:2f:11:
         62:82:60:72:d3:72:0b:95:24:69:21:21:c3:f3:f7:44:c2:3a:
         de:bf:dc:a9:4e:7f:fe:c5:f5:4d:98:16:af:7c:9e:af:55:92:
         54:8c:5b:7c:f5:90:5b:52:53:57:99:17:41:16:51:fe:f3:1f:
         a3:85:ed:a9:b7:0c:64:89:18:fa:df:98:4f:68:d8:70:7e:c7:
         6d:86:44:e3:0a:22:8c:9b:1b:2f:77:fb:8e:45:19:25:bf:ad:
         8b:02:8e:67:39:f5:b1:3d:a7:6b:3a:8a:ff:b5:46:d5:fe:89:
         ea:d7:cc:2b:42:8a:43:9f:43:67:aa:4d:d2:ee:43:b0:0c:e0:
         dd:2a:ec:95:c0:21:00:ae:3f:b4:d8:0d:24:29:f5:43:a5:d0:
         c1:d5:b3:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSg9MC/hw4dLNwWILFCjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWE0ZmE0ZWVjZGIwMzA0MTUzN2NkNDAxNWQxMjJiOTliMzRkZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBPrNQomvMqR34BbnwN333Xp08+/
A5PDqWMnFC+VNoIcS/Y8lqZIC9+srFXyabkHPiuafDSgSigqLPV68sd6+qbqTgBi
Atm8ln4z2rlCwSaDir2ZYeyWHxWyIRdtaWXZ5c6+7qSn4QjuMqE1UvuubtJyhbvw
uZCB7zRyat+pvGV732jjQOjr9/Zloc/OTApYoTT6d/IvLrHl3/zonEqAOqoGEOp9
a/4E+lDxDugV4knN+dJ15zRChcbP0dduPTy7ZCsFFPEViHUjtRXISLmgURL/HTpY
7uF488naTNVzHNaKnKPZk3ul13gFhzFifvCD244povG1QdrpB92KB2C/OQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP6k+k7s2wMEFTfNQBXRIrmbNN0CMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvX3FUNlR1emJBd1FWTjgxQUZkRWl1WnMwM1FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAWA
MA0GCSqGSIb3DQEBCwUAA4IBAQCS2i0mymatYT5UuL8tqALyt+gAhBlqQiXN5NvW
T2f5LlKf3oy30MgyikjmbBds2Ctd/Z/W0OSP2Qr6DtezHXZ2oeAVyRD9/6UUG+oM
A4bNpfvVp1zwCujh+THJrfVgy3O7HIT3u4torWkmLxFigmBy03ILlSRpISHD8/dE
wjrev9ypTn/+xfVNmBavfJ6vVZJUjFt89ZBbUlNXmRdBFlH+8x+jhe2ptwxkiRj6
35hPaNhwfsdthkTjCiKMmxsvd/uORRklv62LAo5nOfWxPadrOor/tUbV/onq18wr
QopDn0Nnqk3S7kOwDODdKuyVwCEArj+02A0kKfVDpdDB1bMV
-----END CERTIFICATE-----