Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/k155aeLRH9SWrFt-cMhs9_KaBdk.roa
File:                     k155aeLRH9SWrFt-cMhs9_KaBdk.roa (raw, json)
Hash identifier:          SiuKFkbV7XpeNtDGL4TPchcU95KI/d/R2/cNDVG8R9Q=
Subject key identifier:   93:5E:79:69:E2:D1:1F:D4:96:AC:5B:7E:70:C8:6C:F7:F2:9A:05:D9
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A05B373818D0B1807884A778F5F9C
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/k155aeLRH9SWrFt-cMhs9_KaBdk.roa
Signing time:             Mon 01 Jan 2024 18:29:49 +0000
ROA not before:           Mon 01 Jan 2024 18:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200351
IP address blocks:        2a12:bec0:c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:05:b3:73:81:8d:0b:18:07:88:4a:77:8f:5f:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=935e7969e2d11fd496ac5b7e70c86cf7f29a05d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4d:a4:e0:cd:24:29:8f:b5:e5:77:db:30:f9:
                    85:aa:d6:fc:43:33:1a:22:57:09:b5:3c:3c:1f:67:
                    df:cd:cd:bf:b0:5b:f3:45:98:98:7e:95:47:b2:70:
                    96:86:8d:74:32:ec:df:56:00:58:1d:d2:85:34:08:
                    b9:fa:bc:d6:73:d0:19:79:33:a6:92:3c:67:88:4f:
                    23:2e:8c:26:35:e0:3e:a3:33:79:a4:e9:3c:aa:00:
                    08:40:5e:2c:a8:c6:55:43:a6:e0:c6:e4:16:39:2b:
                    1c:cd:a5:fa:a7:46:31:95:98:bf:b5:49:55:df:03:
                    4c:27:99:a6:de:a9:b5:22:ed:99:d2:ac:bd:cc:ac:
                    d3:8f:f7:2b:ce:d2:c1:eb:0f:4c:4b:b4:ab:04:84:
                    98:0d:d8:94:fb:f3:43:e7:31:bb:75:98:54:8a:d2:
                    ab:e6:fe:8c:7f:04:96:2f:74:0c:8b:74:a8:6f:37:
                    c9:ca:eb:ac:d1:eb:94:94:f6:f2:01:54:d1:26:be:
                    d1:80:a0:71:69:13:a3:45:fb:aa:9f:41:0c:f7:23:
                    e5:8a:77:8c:2e:af:b9:37:3a:01:f7:ba:44:04:88:
                    7e:4a:64:d5:2a:ba:34:81:b3:fe:e2:56:5f:02:12:
                    97:1e:fc:29:78:5f:c3:b7:7d:ef:fc:a4:3b:e5:d6:
                    c8:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:5E:79:69:E2:D1:1F:D4:96:AC:5B:7E:70:C8:6C:F7:F2:9A:05:D9
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/k155aeLRH9SWrFt-cMhs9_KaBdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         54:b1:84:28:f7:d5:91:2b:18:f9:26:da:18:fb:f7:66:71:31:
         7d:04:57:10:74:e4:45:b8:2c:ac:45:ee:c8:da:8d:7c:84:85:
         4a:52:b6:37:90:22:cb:49:e2:c3:e7:a4:9b:c6:7a:f1:a5:eb:
         28:2f:09:2c:73:73:e0:b2:5f:19:b7:fe:9d:06:e7:c2:08:5f:
         43:c8:3d:d7:d2:5a:c7:7c:72:5b:c5:9d:b0:1d:a1:e0:c0:61:
         7c:b6:a6:4d:59:18:1d:37:b8:0a:13:8d:5b:f0:12:d4:bf:33:
         19:85:d1:70:6a:54:44:a0:bb:6b:a2:67:5b:65:3a:b6:cd:c6:
         e1:9a:ec:13:3a:6f:60:b0:2d:b1:51:a1:d7:1d:98:e5:54:05:
         12:71:0a:25:a7:3e:e4:77:ad:24:a5:4c:df:38:d2:5e:18:71:
         0d:0b:17:69:54:53:ed:1e:42:74:37:10:f7:dd:ce:c0:e6:cf:
         5f:be:88:ab:85:0b:4b:e6:15:49:47:c5:bc:b2:92:86:bf:68:
         e0:9d:ff:41:7e:3c:37:85:bf:49:4e:28:ed:cb:40:93:29:f1:
         c5:de:7c:30:50:eb:0e:45:c8:75:80:1f:4d:0c:4e:86:dc:a8:
         9b:d5:b6:59:44:d4:76:52:72:33:f2:56:3e:1a:70:7f:fa:80:
         01:25:05:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgWzc4GNCxgHiEp3j1+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzVlNzk2OWUyZDExZmQ0OTZhYzViN2U3MGM4NmNmN2YyOWEwNWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmU2k4M0kKY+15XfbMPmFqtb8QzMa
IlcJtTw8H2ffzc2/sFvzRZiYfpVHsnCWho10MuzfVgBYHdKFNAi5+rzWc9AZeTOm
kjxniE8jLowmNeA+ozN5pOk8qgAIQF4sqMZVQ6bgxuQWOSsczaX6p0YxlZi/tUlV
3wNMJ5mm3qm1Iu2Z0qy9zKzTj/crztLB6w9MS7SrBISYDdiU+/ND5zG7dZhUitKr
5v6MfwSWL3QMi3SobzfJyuus0euUlPbyAVTRJr7RgKBxaROjRfuqn0EM9yPlineM
Lq+5NzoB97pEBIh+SmTVKro0gbP+4lZfAhKXHvwpeF/Dt33v/KQ75dbIjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJNeeWni0R/UlqxbfnDIbPfymgXZMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvazE1NWFlTFJIOVNXckZ0LWNNaHM5X0thQmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wADA
MA0GCSqGSIb3DQEBCwUAA4IBAQBUsYQo99WRKxj5JtoY+/dmcTF9BFcQdORFuCys
Re7I2o18hIVKUrY3kCLLSeLD56SbxnrxpesoLwksc3Pgsl8Zt/6dBufCCF9DyD3X
0lrHfHJbxZ2wHaHgwGF8tqZNWRgdN7gKE41b8BLUvzMZhdFwalREoLtromdbZTq2
zcbhmuwTOm9gsC2xUaHXHZjlVAUScQolpz7kd60kpUzfONJeGHENCxdpVFPtHkJ0
NxD33c7A5s9fvoirhQtL5hVJR8W8spKGv2jgnf9Bfjw3hb9JTijty0CTKfHF3nww
UOsORch1gB9NDE6G3Kib1bZZRNR2UnIz8lY+GnB/+oABJQV4
-----END CERTIFICATE-----