Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dEJjQlFpPGvmN7L7JTBt8LsT-bI.roa
File:                     dEJjQlFpPGvmN7L7JTBt8LsT-bI.roa (raw, json)
Hash identifier:          N5U8S2p2pQf1+qbKzvCtAmHud3Yg2EbL3IMyu4MiI14=
Subject key identifier:   74:42:63:42:51:69:3C:6B:E6:37:B2:FB:25:30:6D:F0:BB:13:F9:B2
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019324DBE1DC4576C33F2B4DF995AE40FD09
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dEJjQlFpPGvmN7L7JTBt8LsT-bI.roa
Signing time:             Wed 13 Nov 2024 09:30:10 +0000
ROA not before:           Wed 13 Nov 2024 09:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51847
IP address blocks:        2a12:bec4:13f0::/44 maxlen: 48
                          2a12:bec4:1440::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:24:db:e1:dc:45:76:c3:3f:2b:4d:f9:95:ae:40:fd:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Nov 13 09:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7442634251693c6be637b2fb25306df0bb13f9b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:60:b6:77:59:3b:c1:34:4c:fe:93:c6:56:d0:
                    98:6f:58:15:5e:a8:b2:22:38:ca:43:0e:89:73:bd:
                    60:ae:f1:d1:3c:c1:0c:da:31:12:97:81:8a:dd:55:
                    9a:31:ca:bd:3e:62:9f:8c:19:48:aa:15:a5:e5:d6:
                    0c:9d:16:1b:91:86:6d:a3:44:47:38:5a:6c:1b:25:
                    10:eb:da:4c:ee:dd:27:ce:f0:fa:69:98:48:25:61:
                    0e:c7:a4:52:b2:94:6b:7f:bb:15:96:02:2e:18:72:
                    21:c9:e4:2e:3c:81:77:f0:23:41:88:5a:4a:b3:ce:
                    b8:7c:ad:f9:14:8f:04:61:6c:0e:27:01:f4:62:57:
                    ae:4e:2a:81:4b:2d:d6:c2:21:d6:e5:91:f0:4e:00:
                    3a:e3:2f:a3:67:ff:10:ad:9d:04:20:7a:2b:74:24:
                    42:d3:20:67:16:80:45:da:5c:cb:15:b8:db:07:99:
                    71:b3:0d:e2:9b:14:00:a4:d6:4e:7b:4f:60:3f:7f:
                    b9:98:16:df:bf:10:24:63:dc:cc:1e:b3:cb:28:b0:
                    67:2c:77:f1:20:db:9c:11:48:d7:a3:13:43:98:f4:
                    c6:3a:a3:19:61:df:76:9a:4e:bb:ae:dc:e4:c2:60:
                    22:6a:bc:fd:43:a4:93:d6:76:e4:ab:44:7b:6c:2f:
                    ab:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:42:63:42:51:69:3C:6B:E6:37:B2:FB:25:30:6D:F0:BB:13:F9:B2
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dEJjQlFpPGvmN7L7JTBt8LsT-bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:13f0::/44
                  2a12:bec4:1440::/44

    Signature Algorithm: sha256WithRSAEncryption
         4a:8b:0a:f3:a2:47:60:2c:d4:18:06:93:c2:94:27:ff:10:cd:
         fb:9d:5d:50:b8:b1:6e:3b:6f:7e:4b:b2:80:10:6a:ba:4a:1c:
         13:ad:4f:69:02:2d:11:5f:04:17:5e:39:1e:93:a3:13:d5:3e:
         39:db:bd:f8:d3:cf:fe:08:5c:c1:06:64:56:3c:dd:d4:17:15:
         50:38:08:2e:54:d0:60:ef:cf:8f:25:34:d3:81:95:b1:f7:ca:
         32:79:06:84:15:da:45:b6:7e:c9:ec:09:b0:99:57:86:cf:22:
         06:e5:bc:de:b3:3f:50:e6:b5:56:99:fc:f2:42:fd:9a:13:a2:
         82:96:4a:f5:4e:8d:6e:45:a9:45:2f:14:6b:0c:fe:df:ef:2f:
         13:f4:38:a1:96:ce:01:1b:e1:4b:5d:f4:fe:2d:0e:00:42:46:
         7c:01:b0:50:ea:62:9a:a6:95:20:ad:aa:7a:6c:4e:05:ce:d1:
         b4:7d:a2:63:96:28:65:73:cc:ab:2c:2d:af:85:23:d8:9b:10:
         92:fd:00:e0:49:99:d8:01:56:e2:26:d6:1e:12:a5:0f:c0:4c:
         6e:b9:d8:af:5c:c8:51:98:05:e4:78:6a:0d:1a:1a:cb:7b:5c:
         0e:b5:81:03:38:d9:87:de:78:24:21:eb:02:99:d6:c5:f5:9b:
         91:e8:f4:1f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMk2+HcRXbDPytN+ZWuQP0JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQxMTEzMDkzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDQyNjM0MjUxNjkzYzZiZTYzN2IyZmIyNTMwNmRmMGJiMTNmOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2C2d1k7wTRM/pPGVtCYb1gVXqiy
IjjKQw6Jc71grvHRPMEM2jESl4GK3VWaMcq9PmKfjBlIqhWl5dYMnRYbkYZto0RH
OFpsGyUQ69pM7t0nzvD6aZhIJWEOx6RSspRrf7sVlgIuGHIhyeQuPIF38CNBiFpK
s864fK35FI8EYWwOJwH0YleuTiqBSy3WwiHW5ZHwTgA64y+jZ/8QrZ0EIHordCRC
0yBnFoBF2lzLFbjbB5lxsw3imxQApNZOe09gP3+5mBbfvxAkY9zMHrPLKLBnLHfx
INucEUjXoxNDmPTGOqMZYd92mk67rtzkwmAiarz9Q6ST1nbkq0R7bC+rqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHRCY0JRaTxr5jey+yUwbfC7E/myMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvZEVKalFsRnBQR3ZtTjdMN0pUQnQ4THNULWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xBPw
AwcEKhK+xBRAMA0GCSqGSIb3DQEBCwUAA4IBAQBKiwrzokdgLNQYBpPClCf/EM37
nV1QuLFuO29+S7KAEGq6ShwTrU9pAi0RXwQXXjkek6MT1T45273408/+CFzBBmRW
PN3UFxVQOAguVNBg78+PJTTTgZWx98oyeQaEFdpFtn7J7AmwmVeGzyIG5bzesz9Q
5rVWmfzyQv2aE6KClkr1To1uRalFLxRrDP7f7y8T9Dihls4BG+FLXfT+LQ4AQkZ8
AbBQ6mKappUgrap6bE4FztG0faJjlihlc8yrLC2vhSPYmxCS/QDgSZnYAVbiJtYe
EqUPwExuudivXMhRmAXkeGoNGhrLe1wOtYEDONmH3ngkIesCmdbF9ZuR6PQf
-----END CERTIFICATE-----