Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/kknPgltyjChK9GL-iOaN71fRNMs.roa
File:                     kknPgltyjChK9GL-iOaN71fRNMs.roa (raw, json)
Hash identifier:          VXV79mY968MRMf4BCxIR/rjVa5fJWdP+daXN4wLIS2U=
Subject key identifier:   92:49:CF:82:5B:72:8C:28:4A:F4:62:FE:88:E6:8D:EF:57:D1:34:CB
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019161D3993B13ED3C0A5311007F999BCA6A
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/kknPgltyjChK9GL-iOaN71fRNMs.roa
Signing time:             Sat 17 Aug 2024 19:32:22 +0000
ROA not before:           Sat 17 Aug 2024 19:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215439
IP address blocks:        2a12:bec4:110::/44 maxlen: 44
                          2a12:bec4:10b0::/44 maxlen: 44
                          2a12:bec4:1180::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:61:d3:99:3b:13:ed:3c:0a:53:11:00:7f:99:9b:ca:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Aug 17 19:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9249cf825b728c284af462fe88e68def57d134cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b4:b3:43:79:49:a1:e9:e1:b0:e5:ca:a1:61:
                    fd:93:9e:fb:dd:12:f2:be:0b:46:c1:19:cb:6f:9c:
                    f9:02:38:97:e1:9d:69:10:92:46:5c:7f:fd:d8:60:
                    1b:b0:f2:44:33:ab:d4:b5:3b:32:87:dd:be:79:48:
                    49:e9:9d:29:74:a5:74:26:b5:a1:91:32:01:34:9e:
                    7c:42:0a:46:33:58:52:95:c3:b2:ee:80:a1:9a:4f:
                    23:3f:99:0e:df:d2:aa:4a:0a:af:f5:9c:50:75:f8:
                    cd:a0:21:2b:b9:60:b0:b3:e3:10:d4:33:86:34:b4:
                    c3:5e:31:29:c3:ca:80:4b:a8:b7:f5:85:9b:3f:57:
                    39:e7:e8:28:bc:a5:c4:20:e0:01:2f:76:6f:bf:2e:
                    21:23:43:5e:70:a9:73:a6:29:5a:8b:94:f0:40:bb:
                    01:24:67:1e:ba:88:f7:40:52:3d:bc:61:6b:8a:73:
                    d3:44:37:9c:74:4a:22:d5:e4:21:70:e4:3b:8d:b6:
                    e0:fa:74:a2:a7:ca:1c:ef:8b:7a:ec:c4:15:31:54:
                    3c:27:1d:7c:bf:c6:30:5b:1c:30:eb:d6:ef:19:ee:
                    30:b9:89:b4:13:a8:bd:d6:fc:7a:be:1e:ca:48:6a:
                    09:8e:68:af:72:fe:a8:73:8d:bd:c8:e7:c9:30:42:
                    8a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:49:CF:82:5B:72:8C:28:4A:F4:62:FE:88:E6:8D:EF:57:D1:34:CB
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/kknPgltyjChK9GL-iOaN71fRNMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:110::/44
                  2a12:bec4:10b0::/44
                  2a12:bec4:1180::/44

    Signature Algorithm: sha256WithRSAEncryption
         5d:74:19:c9:d4:20:b3:b6:10:ed:d1:32:de:28:3e:0f:3e:94:
         86:95:21:aa:9e:fa:8c:a7:ff:0e:d6:d5:85:bf:ea:ce:7e:62:
         1b:83:2b:28:cb:37:18:e5:80:07:f1:7d:2a:51:d2:b5:a5:b4:
         ab:a0:e2:cd:34:83:bd:93:70:a4:b3:8e:24:91:a2:64:a7:a9:
         9a:aa:c5:31:2a:ae:2a:54:44:78:2a:8a:0d:f6:37:cd:c7:a1:
         e7:2a:07:61:21:e7:7e:7b:30:d2:b1:12:d0:6b:35:a1:c0:70:
         33:15:ac:54:99:dc:af:7a:6d:54:32:b2:76:a8:de:1e:22:d7:
         82:0b:5f:5b:ff:ef:16:6b:c6:2d:35:ae:78:12:f8:fc:29:fc:
         78:3c:80:e8:9d:f1:a3:31:0e:ee:78:c1:ae:d0:09:a0:36:da:
         c6:32:ff:eb:e2:d6:0b:d9:3b:b2:5d:be:bb:6e:e9:59:8d:40:
         18:cf:27:7e:fd:72:bc:e3:75:46:7d:ad:90:82:a8:ea:de:f8:
         ed:11:f9:9b:36:a3:5d:82:a5:e2:5e:dd:e4:97:7a:24:be:3b:
         df:2b:d9:a1:b5:ac:39:e0:3f:6c:bd:cd:8f:7c:74:15:34:02:
         2e:1a:b5:93:7e:99:48:f6:40:5c:6e:ca:b9:d8:44:97:c4:77:
         cf:92:38:07
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZFh05k7E+08ClMRAH+Zm8pqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwODE3MTkzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjQ5Y2Y4MjViNzI4YzI4NGFmNDYyZmU4OGU2OGRlZjU3ZDEzNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrSzQ3lJoenhsOXKoWH9k5773RLy
vgtGwRnLb5z5AjiX4Z1pEJJGXH/92GAbsPJEM6vUtTsyh92+eUhJ6Z0pdKV0JrWh
kTIBNJ58QgpGM1hSlcOy7oChmk8jP5kO39KqSgqv9ZxQdfjNoCEruWCws+MQ1DOG
NLTDXjEpw8qAS6i39YWbP1c55+govKXEIOABL3Zvvy4hI0NecKlzpilai5TwQLsB
JGceuoj3QFI9vGFrinPTRDecdEoi1eQhcOQ7jbbg+nSip8oc74t67MQVMVQ8Jx18
v8YwWxww69bvGe4wuYm0E6i91vx6vh7KSGoJjmivcv6oc429yOfJMEKKRwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJJJz4JbcowoSvRi/ojmje9X0TTLMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEva2tuUGdsdHlqQ2hLOUdMLWlPYU43MWZSTk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKhK+xAEQ
AwcEKhK+xBCwAwcEKhK+xBGAMA0GCSqGSIb3DQEBCwUAA4IBAQBddBnJ1CCzthDt
0TLeKD4PPpSGlSGqnvqMp/8O1tWFv+rOfmIbgysoyzcY5YAH8X0qUdK1pbSroOLN
NIO9k3Cks44kkaJkp6maqsUxKq4qVER4KooN9jfNx6HnKgdhIed+ezDSsRLQazWh
wHAzFaxUmdyvem1UMrJ2qN4eIteCC19b/+8Wa8YtNa54Evj8Kfx4PIDonfGjMQ7u
eMGu0AmgNtrGMv/r4tYL2TuyXb67bulZjUAYzyd+/XK843VGfa2Qgqjq3vjtEfmb
NqNdgqXiXt3kl3okvjvfK9mhtaw54D9svc2PfHQVNAIuGrWTfplI9kBcbsq52ESX
xHfPkjgH
-----END CERTIFICATE-----