Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hlcmGZHc7HdnGJcm_gje1Pzwv8w.roa
File:                     hlcmGZHc7HdnGJcm_gje1Pzwv8w.roa (raw, json)
Hash identifier:          ufBVym72BZw1riDpmBYvzXeUh092lf46zxwKYIEkhgs=
Subject key identifier:   86:57:26:19:91:DC:EC:77:67:18:97:26:FE:08:DE:D4:FC:F0:BF:CC
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0190DBA62C516FA0AB09F8C00D46996FA415
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hlcmGZHc7HdnGJcm_gje1Pzwv8w.roa
Signing time:             Mon 22 Jul 2024 18:13:38 +0000
ROA not before:           Mon 22 Jul 2024 18:13:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215472
IP address blocks:        2a12:bec4:1040::/48 maxlen: 48
                          2a12:bec4:1041::/48 maxlen: 48
                          2a12:bec4:1042::/48 maxlen: 48
                          2a12:bec4:1043::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:db:a6:2c:51:6f:a0:ab:09:f8:c0:0d:46:99:6f:a4:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jul 22 18:13:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8657261991dcec7767189726fe08ded4fcf0bfcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d4:f2:b6:31:0b:3f:de:65:19:37:ed:dc:5f:
                    db:85:86:65:32:a6:04:10:0a:4d:af:c0:12:d8:e1:
                    71:34:7e:f6:9d:0c:02:3b:aa:48:f6:ad:90:59:4b:
                    92:0f:0b:c5:7c:86:b5:25:4d:52:0d:25:7e:14:44:
                    cd:a6:56:d7:36:7f:6e:74:5a:4d:d1:06:7a:2d:65:
                    08:66:6d:85:b4:4e:c9:6c:d3:ab:dd:0c:1f:e4:af:
                    91:fa:52:e8:0b:80:17:78:1f:72:98:eb:c1:15:4b:
                    12:ba:cc:f1:f4:21:40:8e:e4:b2:65:d6:b2:a1:c1:
                    00:8c:ae:9c:1c:06:3c:47:fc:4c:26:a2:fd:92:ef:
                    50:61:fd:28:41:67:84:6a:2c:56:57:ce:76:1c:73:
                    76:84:6b:51:51:e8:2a:9d:f6:16:3a:39:9e:43:e2:
                    b1:44:6e:68:3f:cb:2b:60:fb:a8:eb:78:27:d3:58:
                    1c:b4:4c:8f:b3:f0:d2:5a:9c:6e:79:39:d5:65:22:
                    92:d1:b1:90:a8:9f:c8:66:59:ab:fb:e0:08:22:ec:
                    64:53:67:60:81:03:bb:d2:0e:36:f7:62:90:9a:00:
                    12:a8:c5:1c:0a:1c:5a:78:94:0e:74:c5:47:c8:6e:
                    9d:50:31:7f:d5:9b:83:60:c0:7b:eb:88:33:94:b8:
                    af:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:57:26:19:91:DC:EC:77:67:18:97:26:FE:08:DE:D4:FC:F0:BF:CC
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hlcmGZHc7HdnGJcm_gje1Pzwv8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1040::/46

    Signature Algorithm: sha256WithRSAEncryption
         46:ce:da:54:58:94:45:b2:60:b3:85:e8:25:8e:0c:50:2d:6e:
         36:fe:92:37:2d:70:b2:06:e1:56:de:c1:a6:a4:67:d9:ff:b3:
         20:7e:1a:ae:1c:b4:1c:9e:7e:15:b1:07:23:6a:be:05:12:07:
         51:73:82:91:6e:31:b2:43:3b:a5:42:f2:9e:e3:57:c4:9b:a9:
         54:25:03:5f:6f:ee:96:2a:ef:a1:6b:9a:72:3e:04:82:26:5e:
         fb:b6:9f:4e:14:ef:e5:c0:8e:18:2a:66:ed:59:79:67:4d:87:
         b2:b6:fb:6a:af:30:c6:4f:b3:9a:27:bd:5b:35:8f:fb:b8:ac:
         05:53:3d:61:83:66:3c:11:1d:d6:c5:2e:d4:a2:7b:f5:ba:91:
         f6:0c:03:5e:a3:59:e8:7b:c5:6c:cf:61:73:87:05:db:d0:29:
         d5:80:dd:cd:31:dc:41:0a:0b:6b:8f:99:d7:d3:35:8c:8f:4f:
         f2:b9:a2:6f:86:2c:c2:a8:c6:87:8b:cb:a0:45:fd:5a:9e:22:
         28:f0:73:0d:71:e4:09:77:a2:1f:aa:62:c3:41:8e:c3:c9:28:
         ba:6d:b6:8f:fa:e9:b6:83:8e:8c:82:33:b4:ed:81:54:d4:3b:
         29:9d:ec:3e:e4:cb:44:c8:32:62:67:25:ea:5f:30:87:0b:7b:
         00:ef:e4:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDbpixRb6CrCfjADUaZb6QVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwNzIyMTgxMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjU3MjYxOTkxZGNlYzc3NjcxODk3MjZmZTA4ZGVkNGZjZjBiZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstTytjELP95lGTft3F/bhYZlMqYE
EApNr8AS2OFxNH72nQwCO6pI9q2QWUuSDwvFfIa1JU1SDSV+FETNplbXNn9udFpN
0QZ6LWUIZm2FtE7JbNOr3Qwf5K+R+lLoC4AXeB9ymOvBFUsSuszx9CFAjuSyZday
ocEAjK6cHAY8R/xMJqL9ku9QYf0oQWeEaixWV852HHN2hGtRUegqnfYWOjmeQ+Kx
RG5oP8srYPuo63gn01gctEyPs/DSWpxueTnVZSKS0bGQqJ/IZlmr++AIIuxkU2dg
gQO70g4292KQmgASqMUcChxaeJQOdMVHyG6dUDF/1ZuDYMB764gzlLiv7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIZXJhmR3Ox3ZxiXJv4I3tT88L/MMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvaGxjbUdaSGM3SGRuR0pjbV9namUxUHp3djh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhK+xBBA
MA0GCSqGSIb3DQEBCwUAA4IBAQBGztpUWJRFsmCzhegljgxQLW42/pI3LXCyBuFW
3sGmpGfZ/7MgfhquHLQcnn4VsQcjar4FEgdRc4KRbjGyQzulQvKe41fEm6lUJQNf
b+6WKu+ha5pyPgSCJl77tp9OFO/lwI4YKmbtWXlnTYeytvtqrzDGT7OaJ71bNY/7
uKwFUz1hg2Y8ER3WxS7Uonv1upH2DANeo1noe8Vsz2FzhwXb0CnVgN3NMdxBCgtr
j5nX0zWMj0/yuaJvhizCqMaHi8ugRf1aniIo8HMNceQJd6IfqmLDQY7DySi6bbaP
+um2g46MgjO07YFU1Dspnew+5MtEyDJiZyXqXzCHC3sA7+Tc
-----END CERTIFICATE-----