Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ktXET6YLDjba3vurnsNP-q6V6qM.roa
File:                     ktXET6YLDjba3vurnsNP-q6V6qM.roa (raw, json)
Hash identifier:          +wBPmK+1SkeYZS2+Oax32lk3pW2uoSIV2sDwDyNS3nw=
Subject key identifier:   92:D5:C4:4F:A6:0B:0E:36:DA:DE:FB:AB:9E:C3:4F:FA:AE:95:EA:A3
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A0FAEFB6AB3C978A563A0DDA9F52A
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ktXET6YLDjba3vurnsNP-q6V6qM.roa
Signing time:             Mon 01 Jan 2024 18:29:51 +0000
ROA not before:           Mon 01 Jan 2024 18:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216072
IP address blocks:        2a12:bec0:e30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:0f:ae:fb:6a:b3:c9:78:a5:63:a0:dd:a9:f5:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92d5c44fa60b0e36dadefbab9ec34ffaae95eaa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9b:fe:13:91:ff:b2:a6:9b:55:c3:2d:3a:f4:
                    0e:34:9a:d1:a6:3b:b0:eb:43:d4:42:2a:a0:be:f6:
                    57:e2:a2:2e:34:88:c4:e6:a4:2b:3f:5b:4b:1c:5b:
                    c5:b7:82:85:93:7a:0e:d2:87:06:b8:c3:57:ef:0e:
                    89:7e:06:08:c7:a9:9e:bb:e9:61:6b:c2:be:fb:ee:
                    97:bb:8f:92:5a:ba:d4:20:cd:0d:10:ed:2a:05:56:
                    47:c9:b7:5e:fd:a3:3b:6d:ac:39:7d:92:30:be:b7:
                    1d:2f:d1:50:0f:87:54:54:76:6e:34:3b:6d:50:e0:
                    4c:c9:7c:f0:cc:19:09:b0:32:78:f5:e4:42:82:76:
                    c5:fd:ec:53:45:85:a9:15:a8:7b:31:0b:92:70:08:
                    69:d2:7c:01:6f:f0:7b:41:57:0e:f3:47:58:8d:46:
                    d4:fc:c8:28:8c:26:11:83:60:93:24:24:57:27:e4:
                    86:d5:1a:45:de:14:47:c2:f0:83:f4:c6:9a:45:34:
                    a5:15:fa:1a:69:c1:b2:96:db:d3:13:b4:67:66:47:
                    6c:b4:1c:d1:0d:14:d9:8c:a1:6c:dd:ab:50:74:a1:
                    81:f9:05:7d:07:59:af:93:a0:39:da:27:49:5f:da:
                    4b:2a:41:d7:5b:1a:44:30:e9:72:34:bf:b6:a8:88:
                    5c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:D5:C4:4F:A6:0B:0E:36:DA:DE:FB:AB:9E:C3:4F:FA:AE:95:EA:A3
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ktXET6YLDjba3vurnsNP-q6V6qM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:e30::/44

    Signature Algorithm: sha256WithRSAEncryption
         97:e4:99:b2:10:82:f2:af:7b:8c:15:1a:8e:ac:96:64:44:2a:
         96:8e:70:68:fc:b0:c4:8c:d5:dd:2d:1d:16:23:1a:cd:6b:84:
         a2:54:cc:76:b8:0f:df:00:61:4b:7e:9d:da:aa:f6:5d:b5:cb:
         6a:6e:60:bd:2f:0c:fd:e8:d4:89:6c:95:29:c9:28:d5:b2:78:
         4a:4b:94:8c:1c:83:0f:5c:f9:44:a8:19:c6:ca:40:76:a9:5a:
         3e:8a:bc:93:3f:39:e5:14:dc:6c:a6:cd:65:35:f5:ed:21:14:
         11:9e:09:92:e0:a8:02:51:f9:41:ef:13:f8:ed:00:a9:8c:c4:
         2d:03:c4:e5:5f:d7:91:9a:37:ef:a7:0a:e7:0c:e3:35:36:ff:
         00:c1:85:61:cf:48:ba:03:4e:3e:f8:0f:6c:f3:a5:da:8d:5e:
         cb:05:fb:fd:57:b6:72:e3:de:4b:92:14:7b:43:58:f2:3a:54:
         b0:21:81:74:cf:80:bd:28:fd:0d:d2:bf:f4:01:9f:11:3a:37:
         85:ef:ec:c0:d8:21:59:46:d0:ed:6b:f8:d8:e1:19:76:88:38:
         4a:84:4b:b0:1f:47:bb:f7:7d:47:03:3e:9b:8b:64:22:22:b4:
         aa:52:a7:f1:5d:c7:7b:13:32:24:98:ca:4b:cd:61:e2:6a:d3:
         cb:ce:de:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSg+u+2qzyXilY6DdqfUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQ1YzQ0ZmE2MGIwZTM2ZGFkZWZiYWI5ZWMzNGZmYWFlOTVlYWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJv+E5H/sqabVcMtOvQONJrRpjuw
60PUQiqgvvZX4qIuNIjE5qQrP1tLHFvFt4KFk3oO0ocGuMNX7w6JfgYIx6meu+lh
a8K+++6Xu4+SWrrUIM0NEO0qBVZHybde/aM7baw5fZIwvrcdL9FQD4dUVHZuNDtt
UOBMyXzwzBkJsDJ49eRCgnbF/exTRYWpFah7MQuScAhp0nwBb/B7QVcO80dYjUbU
/MgojCYRg2CTJCRXJ+SG1RpF3hRHwvCD9MaaRTSlFfoaacGyltvTE7RnZkdstBzR
DRTZjKFs3atQdKGB+QV9B1mvk6A52idJX9pLKkHXWxpEMOlyNL+2qIhchwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJLVxE+mCw422t77q57DT/quleqjMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEva3RYRVQ2WUxEamJhM3Z1cm5zTlAtcTZWNnFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wA4w
MA0GCSqGSIb3DQEBCwUAA4IBAQCX5JmyEILyr3uMFRqOrJZkRCqWjnBo/LDEjNXd
LR0WIxrNa4SiVMx2uA/fAGFLfp3aqvZdtctqbmC9Lwz96NSJbJUpySjVsnhKS5SM
HIMPXPlEqBnGykB2qVo+iryTPznlFNxsps1lNfXtIRQRngmS4KgCUflB7xP47QCp
jMQtA8TlX9eRmjfvpwrnDOM1Nv8AwYVhz0i6A04++A9s86XajV7LBfv9V7Zy495L
khR7Q1jyOlSwIYF0z4C9KP0N0r/0AZ8ROjeF7+zA2CFZRtDta/jY4Rl2iDhKhEuw
H0e7931HAz6bi2QiIrSqUqfxXcd7EzIkmMpLzWHiatPLzt4C
-----END CERTIFICATE-----