Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hSFz6sxAdlZdW02sThKq8-OYGLQ.roa
File:                     hSFz6sxAdlZdW02sThKq8-OYGLQ.roa (raw, json)
Hash identifier:          TFSa0Yr+EQghaQ5rxer9C33K/XLPC0SAjGtPLkW/svg=
Subject key identifier:   85:21:73:EA:CC:40:76:56:5D:5B:4D:AC:4E:12:AA:F3:E3:98:18:B4
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A0DF511D151A81A60169E967EEE9D
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hSFz6sxAdlZdW02sThKq8-OYGLQ.roa
Signing time:             Mon 01 Jan 2024 18:29:51 +0000
ROA not before:           Mon 01 Jan 2024 18:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215809
IP address blocks:        2a12:bec0:5f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:0d:f5:11:d1:51:a8:1a:60:16:9e:96:7e:ee:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=852173eacc4076565d5b4dac4e12aaf3e39818b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c2:74:4a:86:64:6e:43:77:a7:51:bb:88:d0:
                    77:ef:6a:85:6c:ff:ea:04:7d:02:38:63:28:25:52:
                    4e:72:3c:6e:fe:e5:8b:95:e9:90:55:d8:0f:cf:67:
                    30:cf:fc:ae:58:48:b8:62:dd:07:36:82:6a:94:c2:
                    66:20:b4:6d:68:cb:ad:21:5d:a7:08:1e:9c:0f:bf:
                    5d:83:b2:55:be:91:54:13:bb:52:6c:ad:3d:4b:e6:
                    eb:b7:7c:2e:68:ba:dd:66:28:87:96:b2:4c:06:fb:
                    dc:26:1f:5b:8e:eb:e4:19:75:d0:64:c4:1f:13:ad:
                    7e:ea:41:86:73:91:98:3d:d1:ad:5e:60:e2:e8:48:
                    69:16:11:ec:31:7c:d6:12:ea:48:bd:81:19:01:69:
                    59:4a:d6:11:0e:97:6c:dd:a4:86:77:fb:1f:79:df:
                    02:32:99:9e:7b:c6:ca:53:e8:cc:1b:10:b7:eb:12:
                    25:f8:ae:f1:41:0c:e2:07:c5:56:f7:76:2d:77:35:
                    69:89:17:07:f4:e0:0e:35:d2:de:87:3f:59:cc:29:
                    7e:d9:81:de:b4:e6:aa:36:96:6c:51:72:84:dc:35:
                    9a:33:77:b5:28:e6:70:03:90:b4:46:4d:af:d5:ee:
                    28:8f:cb:96:41:56:d2:44:39:b5:6f:25:0f:46:75:
                    a6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:21:73:EA:CC:40:76:56:5D:5B:4D:AC:4E:12:AA:F3:E3:98:18:B4
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hSFz6sxAdlZdW02sThKq8-OYGLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:5f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9d:37:af:1d:f0:4a:bd:a2:cf:e2:19:12:c3:1c:d5:08:78:21:
         fd:60:b1:8a:d9:3c:7a:fd:b5:b5:b2:cd:32:84:ae:52:16:df:
         fb:a6:b6:e6:da:bc:27:9e:9b:d3:3a:7c:88:b3:76:e2:eb:b4:
         d4:c7:2e:8c:1b:98:fd:c2:0e:d7:5c:cf:c8:e9:61:91:62:11:
         cc:69:4e:09:85:94:5a:c1:ca:6b:a5:4c:47:ff:56:f3:92:d2:
         63:21:6c:e4:63:2d:88:61:1c:02:47:70:f8:11:f0:bb:e3:64:
         5f:73:04:2c:22:0a:4e:fa:7e:c4:90:c4:22:76:59:b2:aa:e6:
         0b:d7:27:8d:bd:69:30:20:dc:9d:2a:85:9f:23:45:5c:c2:c7:
         cd:03:70:4c:af:1f:13:2f:66:7c:4e:3e:a2:92:25:b6:27:28:
         e4:02:2a:75:45:51:f3:dd:31:69:42:d5:36:51:f0:f5:db:b0:
         29:eb:a0:73:ab:18:16:54:13:32:53:df:8d:6d:cd:f0:05:3b:
         dc:8c:b1:e9:b1:63:41:7a:1b:a1:58:de:f4:ee:54:af:13:fa:
         f0:89:3a:a3:4c:82:2a:60:1e:57:ed:d6:c7:f2:37:69:c6:64:
         51:64:4d:3e:3b:5e:dc:0a:bd:28:8d:21:5b:db:31:d6:e9:ae:
         05:62:8f:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSg31EdFRqBpgFp6Wfu6dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTIxNzNlYWNjNDA3NjU2NWQ1YjRkYWM0ZTEyYWFmM2UzOTgxOGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsJ0SoZkbkN3p1G7iNB372qFbP/q
BH0COGMoJVJOcjxu/uWLlemQVdgPz2cwz/yuWEi4Yt0HNoJqlMJmILRtaMutIV2n
CB6cD79dg7JVvpFUE7tSbK09S+brt3wuaLrdZiiHlrJMBvvcJh9bjuvkGXXQZMQf
E61+6kGGc5GYPdGtXmDi6EhpFhHsMXzWEupIvYEZAWlZStYRDpds3aSGd/sfed8C
Mpmee8bKU+jMGxC36xIl+K7xQQziB8VW93YtdzVpiRcH9OAONdLehz9ZzCl+2YHe
tOaqNpZsUXKE3DWaM3e1KOZwA5C0Rk2v1e4oj8uWQVbSRDm1byUPRnWmTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIUhc+rMQHZWXVtNrE4SqvPjmBi0MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvaFNGejZzeEFkbFpkVzAyc1RoS3E4LU9ZR0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAXw
MA0GCSqGSIb3DQEBCwUAA4IBAQCdN68d8Eq9os/iGRLDHNUIeCH9YLGK2Tx6/bW1
ss0yhK5SFt/7prbm2rwnnpvTOnyIs3bi67TUxy6MG5j9wg7XXM/I6WGRYhHMaU4J
hZRawcprpUxH/1bzktJjIWzkYy2IYRwCR3D4EfC742RfcwQsIgpO+n7EkMQidlmy
quYL1yeNvWkwINydKoWfI0VcwsfNA3BMrx8TL2Z8Tj6ikiW2JyjkAip1RVHz3TFp
QtU2UfD127Ap66BzqxgWVBMyU9+Nbc3wBTvcjLHpsWNBehuhWN707lSvE/rwiTqj
TIIqYB5X7dbH8jdpxmRRZE0+O17cCr0ojSFb2zHW6a4FYo/D
-----END CERTIFICATE-----