Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hWqcTBQuKSFQgyRPxrlGcDobUcE.roa
File:                     hWqcTBQuKSFQgyRPxrlGcDobUcE.roa (raw, json)
Hash identifier:          REnLDEcWwZdcgSO/deQ9e438WzPyv/FCYhsK0PgpqWI=
Subject key identifier:   85:6A:9C:4C:14:2E:29:21:50:83:24:4F:C6:B9:46:70:3A:1B:51:C1
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A133F3AFCC05C7F0A9AE75821D5DB
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hWqcTBQuKSFQgyRPxrlGcDobUcE.roa
Signing time:             Mon 01 Jan 2024 18:29:52 +0000
ROA not before:           Mon 01 Jan 2024 18:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216330
IP address blocks:        2a12:bec0:df0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 03:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:13:3f:3a:fc:c0:5c:7f:0a:9a:e7:58:21:d5:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=856a9c4c142e29215083244fc6b946703a1b51c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4d:a3:33:20:65:8d:81:75:3c:70:97:42:ce:
                    8b:1b:d8:d0:d1:a7:f1:eb:25:67:52:cc:21:59:bb:
                    d0:e5:6a:07:33:83:94:29:0c:e3:3b:fa:35:58:21:
                    13:59:2e:2f:21:63:b2:91:0d:74:7c:a2:c3:46:c6:
                    32:69:5c:c0:ae:64:3f:e0:ea:61:39:05:f7:da:a4:
                    2e:d8:55:2c:a0:50:3e:97:5a:21:3e:32:c8:c3:1d:
                    9d:a0:ec:68:cb:9d:a0:89:64:a6:98:da:76:61:6d:
                    1a:81:ed:9a:9c:7b:4f:a7:85:6a:93:8a:75:36:32:
                    4f:41:f9:7f:40:83:71:4d:38:f6:bc:fb:b3:1d:74:
                    95:e8:0f:3f:65:42:40:eb:81:0e:e7:15:bd:07:b5:
                    84:ab:fd:9a:86:fe:3f:9b:66:78:fd:23:36:15:f0:
                    1b:17:84:a8:99:2a:33:bc:fe:34:11:ef:5f:80:2b:
                    40:39:e5:44:7c:a0:60:f0:35:9b:a9:09:8a:e8:53:
                    1c:55:a9:3e:aa:f8:31:08:72:c9:32:ca:13:7c:a9:
                    2c:81:f4:40:c1:f8:93:fc:cd:83:70:2f:61:d6:a6:
                    0e:17:7d:4d:42:eb:ac:84:fa:ac:33:2a:50:42:ee:
                    47:3f:96:ef:f3:78:47:c9:19:f2:e4:e7:4a:67:7c:
                    be:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:6A:9C:4C:14:2E:29:21:50:83:24:4F:C6:B9:46:70:3A:1B:51:C1
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hWqcTBQuKSFQgyRPxrlGcDobUcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:df0::/44

    Signature Algorithm: sha256WithRSAEncryption
         2b:92:a0:d0:42:58:9d:f6:4b:d1:d4:39:04:ae:50:15:08:a8:
         45:87:64:cc:60:9d:96:23:bf:fa:21:5e:a1:92:36:c7:45:c5:
         bc:f5:8c:80:df:95:c7:16:64:4c:08:95:69:6a:89:7d:39:7a:
         0d:68:a3:14:a0:11:33:ba:7d:3f:04:dc:ee:37:99:de:82:ae:
         85:50:43:40:4e:4d:18:82:84:c3:98:75:77:ef:aa:17:64:a5:
         20:7a:71:65:c6:ac:df:14:72:eb:f3:38:3c:83:e6:1c:e8:04:
         06:54:9d:f9:c4:46:93:8a:f1:be:93:72:a9:61:7d:63:51:17:
         0c:e7:5f:8c:cd:97:1e:a8:e3:7c:0c:b9:c0:70:a7:9e:a8:05:
         5f:e8:5b:e7:83:81:c5:b8:f6:76:98:ab:51:0a:77:c5:d4:a2:
         d7:a3:da:2d:40:7e:02:7c:2d:bc:8b:7e:5d:c5:7b:73:c0:26:
         1b:15:4c:23:72:0a:30:11:fd:cc:6c:1d:67:96:12:28:dc:17:
         58:9c:c9:8d:f8:bd:bd:9d:3c:85:e5:08:4b:15:72:27:cc:1f:
         57:46:2c:9e:3e:ae:11:87:aa:c0:e4:3e:1b:d6:4c:3e:a2:35:
         ba:56:07:17:da:ed:5c:94:05:af:9b:2d:e6:74:10:8e:f6:a0:
         75:db:65:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGShM/OvzAXH8KmudYIdXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTZhOWM0YzE0MmUyOTIxNTA4MzI0NGZjNmI5NDY3MDNhMWI1MWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkE2jMyBljYF1PHCXQs6LG9jQ0afx
6yVnUswhWbvQ5WoHM4OUKQzjO/o1WCETWS4vIWOykQ10fKLDRsYyaVzArmQ/4Oph
OQX32qQu2FUsoFA+l1ohPjLIwx2doOxoy52giWSmmNp2YW0age2anHtPp4Vqk4p1
NjJPQfl/QINxTTj2vPuzHXSV6A8/ZUJA64EO5xW9B7WEq/2ahv4/m2Z4/SM2FfAb
F4SomSozvP40Ee9fgCtAOeVEfKBg8DWbqQmK6FMcVak+qvgxCHLJMsoTfKksgfRA
wfiT/M2DcC9h1qYOF31NQuushPqsMypQQu5HP5bv83hHyRny5OdKZ3y+jwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIVqnEwULikhUIMkT8a5RnA6G1HBMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvaFdxY1RCUXVLU0ZRZ3lSUHhybEdjRG9iVWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wA3w
MA0GCSqGSIb3DQEBCwUAA4IBAQArkqDQQlid9kvR1DkErlAVCKhFh2TMYJ2WI7/6
IV6hkjbHRcW89YyA35XHFmRMCJVpaol9OXoNaKMUoBEzun0/BNzuN5negq6FUENA
Tk0YgoTDmHV376oXZKUgenFlxqzfFHLr8zg8g+Yc6AQGVJ35xEaTivG+k3KpYX1j
URcM51+MzZceqON8DLnAcKeeqAVf6Fvng4HFuPZ2mKtRCnfF1KLXo9otQH4CfC28
i35dxXtzwCYbFUwjcgowEf3MbB1nlhIo3BdYnMmN+L29nTyF5QhLFXInzB9XRiye
Pq4Rh6rA5D4b1kw+ojW6VgcX2u1clAWvmy3mdBCO9qB122XL
-----END CERTIFICATE-----