Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/gLsTWzQcyxfrPh0l5yt6OAkZGAQ.roa
File:                     gLsTWzQcyxfrPh0l5yt6OAkZGAQ.roa (raw, json)
Hash identifier:          nIoSzgm7gCjvfuAwjl1g7zFMTrZ36zyDwa8n1uK7cwY=
Subject key identifier:   80:BB:13:5B:34:1C:CB:17:EB:3E:1D:25:E7:2B:7A:38:09:19:18:04
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC649FDA15E62DE0A8B1A6EDF8A1A8675
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/gLsTWzQcyxfrPh0l5yt6OAkZGAQ.roa
Signing time:             Mon 01 Jan 2024 18:29:46 +0000
ROA not before:           Mon 01 Jan 2024 18:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61298
IP address blocks:        2a12:bec0:180::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:fd:a1:5e:62:de:0a:8b:1a:6e:df:8a:1a:86:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80bb135b341ccb17eb3e1d25e72b7a3809191804
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:aa:b7:8e:30:de:49:5f:0b:4f:4c:f0:7e:ad:
                    4f:20:dd:b5:e2:25:8b:43:68:a9:95:d3:eb:db:08:
                    75:7b:38:d7:7a:e9:06:ab:a0:d8:1a:d5:a5:3c:a7:
                    b8:c2:5e:ba:07:0f:6e:dd:f7:50:76:f5:75:87:b5:
                    ac:7e:6f:91:86:2a:9c:0c:27:cc:e2:d1:3d:ed:d8:
                    69:7f:81:43:d2:f9:6e:a0:38:92:13:a1:6d:a0:6d:
                    81:fc:ce:62:f9:88:9f:09:64:e7:75:b0:49:76:c0:
                    2f:8d:1b:77:19:f5:0f:6f:0f:92:cd:98:ed:8e:33:
                    43:bc:ab:82:2c:42:43:9b:9a:f9:e7:20:37:d7:29:
                    df:10:1e:6f:af:c4:f0:ed:1b:9f:0f:55:9d:93:7c:
                    8f:18:2f:97:67:50:21:b8:79:8a:77:26:a6:d6:19:
                    3c:8c:f3:99:04:ec:44:1c:87:42:55:be:f0:b3:4e:
                    81:39:fa:4d:34:04:85:57:72:4f:4f:de:2e:5c:cf:
                    a5:b0:76:bb:8e:b8:c2:06:a1:6b:1f:22:d7:22:75:
                    29:0e:84:b7:ed:0b:88:53:93:7d:a1:f5:f5:9c:d1:
                    cd:35:2e:a1:c2:3e:65:20:8b:ec:da:c1:9b:bd:54:
                    91:69:cb:57:3e:5f:cf:0e:11:70:68:ab:25:b7:0b:
                    1b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:BB:13:5B:34:1C:CB:17:EB:3E:1D:25:E7:2B:7A:38:09:19:18:04
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/gLsTWzQcyxfrPh0l5yt6OAkZGAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:180::/44

    Signature Algorithm: sha256WithRSAEncryption
         be:c1:5c:37:13:ca:8a:c4:5d:6b:87:11:86:00:e5:26:b0:12:
         a3:29:b2:6b:a7:1b:e3:46:77:d4:00:c1:16:3a:25:84:0d:83:
         7f:7b:b5:29:8d:2e:cc:bc:99:07:30:e1:3b:cf:f5:f1:f0:17:
         f3:89:02:51:50:71:5b:e0:e2:8b:a7:58:1d:3b:9b:2e:87:f0:
         57:37:ae:62:32:b8:c3:84:54:de:01:82:c3:ca:b3:58:89:b5:
         43:d6:8a:00:77:0b:e5:fa:65:12:9d:c8:65:3a:57:89:84:33:
         c0:ee:c0:53:f7:d7:5e:f8:9c:f1:0d:0d:c0:5f:3c:6f:5b:80:
         d1:45:35:56:07:57:7d:0e:51:b6:5c:09:a0:ff:90:c3:b1:90:
         6e:94:8b:0a:b4:43:fb:a6:c5:3c:52:23:41:e0:61:9b:48:59:
         b4:87:7a:7f:35:8d:43:8d:83:4d:66:6c:e8:c7:34:cd:46:81:
         e6:c6:a7:95:f1:d3:4e:fd:c0:a2:5e:40:5c:c1:2e:73:d9:73:
         6b:b2:02:0e:f7:10:89:81:ae:26:af:77:ca:42:a2:a0:54:cd:
         e8:95:2c:32:bd:20:5d:2d:0f:e7:39:40:d5:2c:c1:01:fb:de:
         64:59:c4:5e:e6:84:03:86:38:3a:75:6f:bc:cb:4c:ff:2f:98:
         3f:18:5f:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSf2hXmLeCosabt+KGoZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGJiMTM1YjM0MWNjYjE3ZWIzZTFkMjVlNzJiN2EzODA5MTkxODA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraq3jjDeSV8LT0zwfq1PIN214iWL
Q2ipldPr2wh1ezjXeukGq6DYGtWlPKe4wl66Bw9u3fdQdvV1h7Wsfm+RhiqcDCfM
4tE97dhpf4FD0vluoDiSE6FtoG2B/M5i+YifCWTndbBJdsAvjRt3GfUPbw+SzZjt
jjNDvKuCLEJDm5r55yA31ynfEB5vr8Tw7RufD1Wdk3yPGC+XZ1AhuHmKdyam1hk8
jPOZBOxEHIdCVb7ws06BOfpNNASFV3JPT94uXM+lsHa7jrjCBqFrHyLXInUpDoS3
7QuIU5N9ofX1nNHNNS6hwj5lIIvs2sGbvVSRactXPl/PDhFwaKsltwsbVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIC7E1s0HMsX6z4dJecrejgJGRgEMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvZ0xzVFd6UWN5eGZyUGgwbDV5dDZPQWtaR0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAGA
MA0GCSqGSIb3DQEBCwUAA4IBAQC+wVw3E8qKxF1rhxGGAOUmsBKjKbJrpxvjRnfU
AMEWOiWEDYN/e7UpjS7MvJkHMOE7z/Xx8BfziQJRUHFb4OKLp1gdO5suh/BXN65i
MrjDhFTeAYLDyrNYibVD1ooAdwvl+mUSnchlOleJhDPA7sBT99de+JzxDQ3AXzxv
W4DRRTVWB1d9DlG2XAmg/5DDsZBulIsKtEP7psU8UiNB4GGbSFm0h3p/NY1DjYNN
ZmzoxzTNRoHmxqeV8dNO/cCiXkBcwS5z2XNrsgIO9xCJga4mr3fKQqKgVM3olSwy
vSBdLQ/nOUDVLMEB+95kWcRe5oQDhjg6dW+8y0z/L5g/GF9q
-----END CERTIFICATE-----