Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/c5sIGcXhT0f3R1OKuOgkenj8qNQ.roa
File:                     c5sIGcXhT0f3R1OKuOgkenj8qNQ.roa (raw, json)
Hash identifier:          cFXm3kS1Rsv4zbRFGbQKGrpPvYtUYru8Us62rJ3Jb2g=
Subject key identifier:   73:9B:08:19:C5:E1:4F:47:F7:47:53:8A:B8:E8:24:7A:78:FC:A8:D4
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A10F5104D21E021DEDFF8E0689DF7
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/c5sIGcXhT0f3R1OKuOgkenj8qNQ.roa
Signing time:             Mon 01 Jan 2024 18:29:51 +0000
ROA not before:           Mon 01 Jan 2024 18:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216220
IP address blocks:        2a12:bec0:520::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:10:f5:10:4d:21:e0:21:de:df:f8:e0:68:9d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=739b0819c5e14f47f747538ab8e8247a78fca8d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:44:66:a9:b2:8f:1f:5d:15:3f:cb:44:93:15:
                    63:8f:a2:19:43:29:05:31:54:f3:6c:1b:44:6f:b3:
                    c4:e0:cf:47:91:ab:90:21:db:36:9a:76:fc:8e:0f:
                    83:a8:c0:91:ee:07:05:48:0a:e7:ca:37:a4:8b:98:
                    0f:1e:11:45:15:b7:e1:13:91:5d:df:d3:35:cf:87:
                    04:91:d3:62:2b:a2:43:b8:84:6b:f7:31:0b:3f:fa:
                    8f:76:cf:15:6b:34:c5:e7:42:b0:7c:61:46:fb:0a:
                    09:c2:18:b7:c1:9d:38:27:7f:17:af:57:44:93:24:
                    9f:b2:3b:77:c6:98:4b:58:de:48:0e:dd:2f:3e:69:
                    26:b4:12:a5:3f:ff:da:28:2c:f1:77:9e:c4:c4:09:
                    1a:43:4c:64:be:2d:ed:06:92:d2:c1:6f:b3:c4:80:
                    0f:59:9b:db:15:96:ab:a1:d9:93:08:40:51:39:ae:
                    2e:e5:9f:96:ae:cf:df:40:d1:4f:2b:9a:7c:e1:e1:
                    7b:ff:cb:95:2d:73:8f:1f:29:bf:35:40:1a:9b:fc:
                    92:73:7c:0b:1e:6e:1f:45:d0:54:0e:44:73:90:e7:
                    26:e3:e9:62:97:47:57:af:93:f5:e5:f0:f8:5c:10:
                    61:b4:20:34:c3:9d:17:48:27:08:78:ba:a4:0c:2d:
                    cb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:9B:08:19:C5:E1:4F:47:F7:47:53:8A:B8:E8:24:7A:78:FC:A8:D4
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/c5sIGcXhT0f3R1OKuOgkenj8qNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:520::/44

    Signature Algorithm: sha256WithRSAEncryption
         a3:42:d6:b8:d9:f6:13:0f:a6:c5:c9:3f:34:45:2c:43:dd:44:
         b8:ce:5c:85:f7:63:7e:90:7e:0d:7e:75:07:ad:ae:78:f7:d8:
         d5:45:4f:cc:c0:cc:06:aa:e3:20:85:bb:bd:00:db:e2:13:b8:
         b1:92:ba:0a:b5:3b:ba:00:f0:89:66:37:ac:9e:03:03:e1:61:
         66:b0:11:b9:68:7c:0b:cc:aa:b8:cd:73:c1:f3:fa:ef:a5:35:
         b2:38:fd:41:a5:fc:44:2f:23:51:3b:c7:63:7c:15:f6:e5:9c:
         08:37:f1:cb:8a:6b:10:b8:6c:a8:fe:2a:8c:8b:f2:33:19:c3:
         e3:68:b5:59:81:35:6e:aa:ee:f9:22:69:6e:cd:bd:a1:49:1d:
         7e:59:71:db:4d:75:00:0e:cc:61:33:a8:b5:1e:a9:f2:4c:9a:
         a2:f2:2f:7b:47:44:02:61:89:a3:eb:a2:39:1a:11:1c:eb:f8:
         dd:5b:99:96:af:61:55:14:8f:19:db:ab:88:44:eb:65:3f:af:
         1a:61:e8:0f:39:e6:cc:67:c0:80:5e:bd:b5:c4:b6:18:e2:4e:
         12:d2:68:67:89:26:3a:ca:f6:f4:55:e2:85:dc:4e:02:74:8d:
         c0:91:a9:f9:d7:78:d1:c9:80:12:1a:f0:45:27:25:21:1b:fe:
         6b:79:2a:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGShD1EE0h4CHe3/jgaJ33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzliMDgxOWM1ZTE0ZjQ3Zjc0NzUzOGFiOGU4MjQ3YTc4ZmNhOGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiURmqbKPH10VP8tEkxVjj6IZQykF
MVTzbBtEb7PE4M9HkauQIds2mnb8jg+DqMCR7gcFSArnyjeki5gPHhFFFbfhE5Fd
39M1z4cEkdNiK6JDuIRr9zELP/qPds8VazTF50KwfGFG+woJwhi3wZ04J38Xr1dE
kySfsjt3xphLWN5IDt0vPmkmtBKlP//aKCzxd57ExAkaQ0xkvi3tBpLSwW+zxIAP
WZvbFZarodmTCEBROa4u5Z+Wrs/fQNFPK5p84eF7/8uVLXOPHym/NUAam/ySc3wL
Hm4fRdBUDkRzkOcm4+lil0dXr5P15fD4XBBhtCA0w50XSCcIeLqkDC3LOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHObCBnF4U9H90dTirjoJHp4/KjUMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvYzVzSUdjWGhUMGYzUjFPS3VPZ2tlbmo4cU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAUg
MA0GCSqGSIb3DQEBCwUAA4IBAQCjQta42fYTD6bFyT80RSxD3US4zlyF92N+kH4N
fnUHra5499jVRU/MwMwGquMghbu9ANviE7ixkroKtTu6APCJZjesngMD4WFmsBG5
aHwLzKq4zXPB8/rvpTWyOP1BpfxELyNRO8djfBX25ZwIN/HLimsQuGyo/iqMi/Iz
GcPjaLVZgTVuqu75Imluzb2hSR1+WXHbTXUADsxhM6i1HqnyTJqi8i97R0QCYYmj
66I5GhEc6/jdW5mWr2FVFI8Z26uIROtlP68aYegPOebMZ8CAXr21xLYY4k4S0mhn
iSY6yvb0VeKF3E4CdI3Akan513jRyYASGvBFJyUhG/5reSp4
-----END CERTIFICATE-----