Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dW3cYE0Jfn1LjgngtzNX6uQY78I.roa
File:                     dW3cYE0Jfn1LjgngtzNX6uQY78I.roa (raw, json)
Hash identifier:          ioOh5o/IBrRWhpucfAhPK2hO6Ynf3bizxRnYXGgJ5Bk=
Subject key identifier:   75:6D:DC:60:4D:09:7E:7D:4B:8E:09:E0:B7:33:57:EA:E4:18:EF:C2
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01917FA4594361CA5E9198A557B698244372
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dW3cYE0Jfn1LjgngtzNX6uQY78I.roa
Signing time:             Fri 23 Aug 2024 14:29:22 +0000
ROA not before:           Fri 23 Aug 2024 14:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214320
IP address blocks:        2a12:bec4:14c0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7f:a4:59:43:61:ca:5e:91:98:a5:57:b6:98:24:43:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Aug 23 14:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=756ddc604d097e7d4b8e09e0b73357eae418efc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f3:d7:05:8f:d2:8d:a7:f6:ac:3b:3b:6a:99:
                    05:a6:3f:a0:1b:14:25:cd:2b:29:79:c6:c7:89:46:
                    89:82:cd:08:36:cd:a7:b4:af:48:e5:63:90:ce:7c:
                    4d:21:d4:ff:d1:cd:97:f5:c0:6d:bd:05:ca:a9:ee:
                    41:57:d4:02:e2:14:32:54:68:3c:6a:c6:8e:eb:9a:
                    f8:fc:fd:76:81:09:d1:89:c7:2e:3a:51:5a:d2:e8:
                    bf:a9:94:bb:71:ae:10:d0:5b:91:6b:ad:4d:bb:9a:
                    0d:6e:34:94:ce:7a:1f:a4:90:cb:2b:42:0f:ec:88:
                    d4:21:f7:39:69:83:57:22:d6:3c:72:4d:51:4d:61:
                    6b:ac:52:8d:c3:0f:12:ae:fe:54:b4:cf:90:93:ee:
                    a7:91:a7:ad:95:53:1a:2d:73:e0:35:2e:7a:9f:1e:
                    9d:65:cc:f2:e1:99:50:1c:f1:4e:98:a3:50:d4:43:
                    30:62:23:ab:42:a3:32:3d:cb:f4:24:79:d7:e5:21:
                    cd:bd:2a:07:2c:97:1d:7d:e7:d2:a8:dc:bd:76:ad:
                    fa:1d:d5:00:b5:a8:82:b0:ad:b9:7b:cb:06:56:56:
                    ca:06:ae:0f:af:0a:eb:79:20:dc:f9:1c:20:e1:f4:
                    da:b7:03:0a:cb:28:92:f5:90:00:2e:fd:3a:ad:9b:
                    45:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:6D:DC:60:4D:09:7E:7D:4B:8E:09:E0:B7:33:57:EA:E4:18:EF:C2
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dW3cYE0Jfn1LjgngtzNX6uQY78I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:14c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         13:9b:5b:a2:a4:56:32:2e:71:e0:e2:c7:a8:2e:6e:69:af:0e:
         7b:77:ac:3e:ce:fe:d7:c1:19:38:2a:85:14:88:6d:64:cf:6a:
         fb:09:7e:a9:d4:28:0a:4f:13:9b:0a:ea:8e:31:e7:fe:3f:88:
         f5:6c:9b:46:c0:23:fb:ff:4b:72:18:37:c2:ed:7b:c3:e0:93:
         d4:c6:93:30:6f:78:5f:7d:ca:b9:a5:0d:8b:8c:43:41:4c:55:
         84:59:0b:79:2b:f5:9a:ab:b4:c6:98:9b:ef:d3:d7:75:0a:47:
         75:32:a3:1c:1d:5e:02:d6:ff:30:70:29:f8:47:84:42:2f:b2:
         36:71:95:49:6f:5a:93:bb:b4:41:c9:4c:9c:a3:4e:f1:14:e4:
         b8:a8:fa:28:ac:6f:a7:16:69:a4:05:1e:e4:cd:18:41:7b:07:
         43:92:4e:b8:ba:31:9e:1c:e3:03:19:33:46:16:85:f9:e7:8f:
         90:12:2b:80:7e:42:78:4f:6e:b7:06:25:7c:52:8c:aa:bf:b1:
         5f:73:2d:21:34:24:d3:07:2d:02:2a:85:e3:43:ea:d3:da:a2:
         42:1d:ee:53:a9:fd:6b:ce:4a:a6:db:38:c6:83:24:81:8d:e3:
         36:82:bb:59:f1:99:9a:4b:fb:23:96:17:63:97:a6:4b:ac:d6:
         31:11:36:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZF/pFlDYcpekZilV7aYJENyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwODIzMTQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTZkZGM2MDRkMDk3ZTdkNGI4ZTA5ZTBiNzMzNTdlYWU0MThlZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/PXBY/Sjaf2rDs7apkFpj+gGxQl
zSspecbHiUaJgs0INs2ntK9I5WOQznxNIdT/0c2X9cBtvQXKqe5BV9QC4hQyVGg8
asaO65r4/P12gQnRiccuOlFa0ui/qZS7ca4Q0FuRa61Nu5oNbjSUznofpJDLK0IP
7IjUIfc5aYNXItY8ck1RTWFrrFKNww8Srv5UtM+Qk+6nkaetlVMaLXPgNS56nx6d
Zczy4ZlQHPFOmKNQ1EMwYiOrQqMyPcv0JHnX5SHNvSoHLJcdfefSqNy9dq36HdUA
taiCsK25e8sGVlbKBq4PrwrreSDc+Rwg4fTatwMKyyiS9ZAALv06rZtFtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHVt3GBNCX59S44J4LczV+rkGO/CMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvZFczY1lFMEpmbjFMamduZ3R6Tlg2dVFZNzhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBTA
MA0GCSqGSIb3DQEBCwUAA4IBAQATm1uipFYyLnHg4seoLm5prw57d6w+zv7XwRk4
KoUUiG1kz2r7CX6p1CgKTxObCuqOMef+P4j1bJtGwCP7/0tyGDfC7XvD4JPUxpMw
b3hffcq5pQ2LjENBTFWEWQt5K/Waq7TGmJvv09d1Ckd1MqMcHV4C1v8wcCn4R4RC
L7I2cZVJb1qTu7RByUyco07xFOS4qPoorG+nFmmkBR7kzRhBewdDkk64ujGeHOMD
GTNGFoX554+QEiuAfkJ4T263BiV8Uoyqv7Ffcy0hNCTTBy0CKoXjQ+rT2qJCHe5T
qf1rzkqm2zjGgySBjeM2grtZ8ZmaS/sjlhdjl6ZLrNYxETYu
-----END CERTIFICATE-----