Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/avkCc06nIjWGfsfx572Tx76424g.roa
File:                     avkCc06nIjWGfsfx572Tx76424g.roa (raw, json)
Hash identifier:          44bDeZAIe0hCAcVP+4SFP8vgc1GH7bVY8VoJfWobslg=
Subject key identifier:   6A:F9:02:73:4E:A7:22:35:86:7E:C7:F1:E7:BD:93:C7:BE:B8:DB:88
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018E807C2C56D0705F1BD7B6FF053DAA9253
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/avkCc06nIjWGfsfx572Tx76424g.roa
Signing time:             Wed 27 Mar 2024 15:16:45 +0000
ROA not before:           Wed 27 Mar 2024 15:16:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215225
IP address blocks:        2a12:bec4:1120::/48 maxlen: 48
                          2a12:bec4:1121::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:7c:2c:56:d0:70:5f:1b:d7:b6:ff:05:3d:aa:92:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Mar 27 15:16:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6af902734ea72235867ec7f1e7bd93c7beb8db88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:16:e4:fa:41:7f:40:65:11:61:fb:b0:26:3d:
                    f4:23:f8:e2:85:47:48:ef:af:df:c4:8e:a8:2c:50:
                    65:88:78:12:45:7f:da:4e:d2:13:5a:cb:be:d0:d8:
                    e0:02:06:19:b4:4c:5b:44:29:29:c5:82:49:12:ec:
                    aa:bd:ea:15:fc:5e:e3:4c:4b:4e:b7:bd:88:bd:06:
                    9c:a3:b5:6c:81:cb:45:6c:2a:9c:3c:e4:78:a8:f4:
                    de:5d:bb:fd:eb:cd:69:63:4a:f6:9f:16:29:7c:78:
                    80:ae:39:9d:21:d2:38:65:74:53:6e:6a:06:65:2c:
                    7a:a2:16:89:51:20:38:6b:f6:d9:7e:7c:38:87:e4:
                    06:e7:22:76:5f:b1:a9:ef:f5:19:99:80:ad:13:74:
                    15:5f:f2:7b:b8:dd:54:33:b1:ff:47:15:8e:05:88:
                    47:b0:8e:e5:b3:68:d8:14:cc:9b:a5:90:20:83:2d:
                    16:a4:3d:86:20:0b:66:e1:89:01:bd:2f:b8:99:8d:
                    ed:5f:b7:9c:6c:fa:33:6a:fa:e9:8c:50:e2:51:87:
                    c4:3e:6b:f3:dd:82:52:3c:59:f8:42:31:70:22:9a:
                    b5:8e:8c:e9:f6:72:87:16:88:ff:4d:db:20:9f:d2:
                    fd:a6:f0:15:1b:89:5c:16:01:0b:db:6d:d1:6b:da:
                    b9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:F9:02:73:4E:A7:22:35:86:7E:C7:F1:E7:BD:93:C7:BE:B8:DB:88
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/avkCc06nIjWGfsfx572Tx76424g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1120::/47

    Signature Algorithm: sha256WithRSAEncryption
         82:02:d4:c8:eb:0e:69:1c:74:7f:42:19:95:09:30:de:85:0d:
         ac:98:60:5a:86:9a:0c:6e:cd:d4:70:5c:c1:f6:34:9f:54:d7:
         09:ee:8d:90:ed:86:30:88:86:d7:52:48:4a:6f:54:2b:41:b7:
         26:ea:22:3e:f8:bb:78:a8:c3:6a:15:02:44:e0:69:48:83:37:
         d3:f8:b3:06:61:bd:99:39:16:95:c8:80:45:9c:36:16:ea:56:
         51:5e:3e:4f:68:c4:a1:80:d3:f6:c3:0a:c6:16:94:d7:df:d9:
         ea:32:e8:b0:d8:ff:9b:ef:09:20:04:50:cf:eb:ae:8c:04:98:
         a6:3b:43:51:61:26:e1:c7:cf:7f:35:56:2e:4e:85:da:cd:f6:
         60:df:ba:52:d0:8c:7e:53:32:ba:71:ca:f3:ef:07:10:ae:23:
         fb:4c:96:93:60:7e:7c:f6:c8:b6:a1:07:3a:ac:cf:48:84:cb:
         ab:be:07:ff:d7:bc:6c:91:7a:0c:22:ba:b3:f1:1c:b5:18:10:
         36:1a:b3:e2:b1:78:64:37:3d:08:59:86:7e:fc:15:8b:87:4a:
         ad:dd:57:19:dd:c8:40:f2:72:c3:8f:f3:84:a5:38:25:7a:7f:
         1b:f4:12:44:ae:31:01:f4:7c:53:a2:91:d5:84:46:0c:1a:c0:
         40:20:04:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6AfCxW0HBfG9e2/wU9qpJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMzI3MTUxNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWY5MDI3MzRlYTcyMjM1ODY3ZWM3ZjFlN2JkOTNjN2JlYjhkYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxbk+kF/QGURYfuwJj30I/jihUdI
76/fxI6oLFBliHgSRX/aTtITWsu+0NjgAgYZtExbRCkpxYJJEuyqveoV/F7jTEtO
t72IvQaco7VsgctFbCqcPOR4qPTeXbv9681pY0r2nxYpfHiArjmdIdI4ZXRTbmoG
ZSx6ohaJUSA4a/bZfnw4h+QG5yJ2X7Gp7/UZmYCtE3QVX/J7uN1UM7H/RxWOBYhH
sI7ls2jYFMybpZAggy0WpD2GIAtm4YkBvS+4mY3tX7ecbPozavrpjFDiUYfEPmvz
3YJSPFn4QjFwIpq1jozp9nKHFoj/Tdsgn9L9pvAVG4lcFgEL223Ra9q5+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGr5AnNOpyI1hn7H8ee9k8e+uNuIMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvYXZrQ2MwNm5JaldHZnNmeDU3MlR4NzY0MjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhK+xBEg
MA0GCSqGSIb3DQEBCwUAA4IBAQCCAtTI6w5pHHR/QhmVCTDehQ2smGBahpoMbs3U
cFzB9jSfVNcJ7o2Q7YYwiIbXUkhKb1QrQbcm6iI++Lt4qMNqFQJE4GlIgzfT+LMG
Yb2ZORaVyIBFnDYW6lZRXj5PaMShgNP2wwrGFpTX39nqMuiw2P+b7wkgBFDP666M
BJimO0NRYSbhx89/NVYuToXazfZg37pS0Ix+UzK6ccrz7wcQriP7TJaTYH589si2
oQc6rM9IhMurvgf/17xskXoMIrqz8Ry1GBA2GrPisXhkNz0IWYZ+/BWLh0qt3VcZ
3chA8nLDj/OEpTglen8b9BJErjEB9HxTopHVhEYMGsBAIAQK
-----END CERTIFICATE-----