Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/lwalqr3NpUeKK0S2C1EKRAQEPjE.roa
File:                     lwalqr3NpUeKK0S2C1EKRAQEPjE.roa (raw, json)
Hash identifier:          IBR86pMW5fRFasftGuEGSf84zxPchEY0JipM2uatuCk=
Subject key identifier:   97:06:A5:AA:BD:CD:A5:47:8A:2B:44:B6:0B:51:0A:44:04:04:3E:31
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0190CAD0C93B13764D3D2EF5F319E91D2263
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/lwalqr3NpUeKK0S2C1EKRAQEPjE.roa
Signing time:             Fri 19 Jul 2024 11:46:38 +0000
ROA not before:           Fri 19 Jul 2024 11:46:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214506
IP address blocks:        2a12:bec4:1410::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ca:d0:c9:3b:13:76:4d:3d:2e:f5:f3:19:e9:1d:22:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jul 19 11:46:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9706a5aabdcda5478a2b44b60b510a4404043e31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:57:95:e7:a9:be:db:24:11:a2:20:e7:ec:e2:
                    ce:ca:68:b6:80:9f:4a:e3:5a:4e:8d:c5:a8:22:61:
                    5b:08:6d:2e:db:c7:31:09:8c:24:a7:0f:5c:91:12:
                    93:88:65:af:bf:62:41:57:4d:66:48:df:11:48:ff:
                    c3:9f:a1:49:79:c5:4d:b3:ad:5e:41:bf:61:77:35:
                    89:b7:c8:8e:dd:4c:22:8f:87:3b:a8:4b:c6:c3:ba:
                    56:77:dc:f9:0d:4f:29:0a:43:21:b0:39:4f:ba:e9:
                    98:fc:f4:35:50:65:8d:f5:d8:0e:32:d3:91:4a:67:
                    fa:a6:34:ad:86:2f:72:16:60:d2:c4:07:b8:97:b8:
                    e2:d5:40:c9:27:3e:07:b0:a1:19:cf:cc:83:27:4b:
                    a2:d2:ce:fc:1e:8d:68:65:9f:d6:81:1b:b3:5c:bb:
                    96:7c:48:8e:4c:ec:bf:ee:ab:05:2f:65:e6:6e:e7:
                    46:2d:52:22:82:11:e6:d7:f0:38:27:10:7c:4a:9c:
                    ae:07:a4:ed:81:c5:2b:70:97:19:83:a8:dd:08:3f:
                    7b:da:b7:ec:31:f8:69:94:83:cf:80:1a:0f:ac:fe:
                    06:b9:e0:d4:f6:34:8e:a3:27:9c:8e:5b:ba:80:36:
                    b2:fa:1e:99:47:82:cc:14:d2:cb:dc:fe:de:a1:0c:
                    21:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:06:A5:AA:BD:CD:A5:47:8A:2B:44:B6:0B:51:0A:44:04:04:3E:31
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/lwalqr3NpUeKK0S2C1EKRAQEPjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1410::/44

    Signature Algorithm: sha256WithRSAEncryption
         8e:3a:b0:3a:92:81:5d:3d:75:fd:26:24:9a:ee:b8:b0:eb:e9:
         d2:29:b2:4f:4b:7a:ba:13:38:e8:19:b8:30:fc:7a:f1:a9:50:
         a9:1f:ca:c6:b0:f4:42:5d:21:f6:26:5d:59:d7:58:08:73:73:
         65:ac:66:22:99:89:fa:18:f8:c4:02:e1:02:a7:db:1b:a4:6a:
         d0:a5:0a:6d:05:e2:0d:75:6e:cd:bb:a9:72:82:b7:a6:93:b1:
         7a:34:8f:17:f5:7f:ba:4c:f4:ee:0b:21:f8:3f:c6:aa:93:73:
         28:b9:2a:35:f2:bb:57:d4:33:3d:1c:cc:ab:8a:00:3a:1c:af:
         25:ce:14:c7:9f:6b:bc:0d:1c:fa:ab:3a:c1:10:35:1f:1d:99:
         cd:2b:39:bf:3b:a1:43:08:b1:c6:67:6b:c4:f4:7e:3e:09:f2:
         9a:b8:5d:33:cb:65:7a:dd:56:6a:a1:fb:10:29:5c:32:7d:d7:
         72:12:b5:b3:86:c7:c2:03:5d:ef:bb:e6:26:66:ab:43:8b:a2:
         c3:89:f4:4b:a7:f6:29:96:92:95:48:3d:1a:62:61:c3:88:1f:
         f8:cd:d1:d8:bb:c1:24:a5:57:e4:fe:d6:3a:fb:fe:16:da:e2:
         8d:13:6e:f5:45:bf:a4:65:a1:7f:d6:89:fb:d3:fe:72:ea:29:
         bd:f7:bd:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDK0Mk7E3ZNPS718xnpHSJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwNzE5MTE0NjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzA2YTVhYWJkY2RhNTQ3OGEyYjQ0YjYwYjUxMGE0NDA0MDQzZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFeV56m+2yQRoiDn7OLOymi2gJ9K
41pOjcWoImFbCG0u28cxCYwkpw9ckRKTiGWvv2JBV01mSN8RSP/Dn6FJecVNs61e
Qb9hdzWJt8iO3Uwij4c7qEvGw7pWd9z5DU8pCkMhsDlPuumY/PQ1UGWN9dgOMtOR
Smf6pjSthi9yFmDSxAe4l7ji1UDJJz4HsKEZz8yDJ0ui0s78Ho1oZZ/WgRuzXLuW
fEiOTOy/7qsFL2XmbudGLVIighHm1/A4JxB8SpyuB6TtgcUrcJcZg6jdCD972rfs
MfhplIPPgBoPrP4GueDU9jSOoyecjlu6gDay+h6ZR4LMFNLL3P7eoQwhqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJcGpaq9zaVHiitEtgtRCkQEBD4xMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvbHdhbHFyM05wVWVLSzBTMkMxRUtSQVFFUGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBQQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCOOrA6koFdPXX9JiSa7riw6+nSKbJPS3q6Ezjo
Gbgw/HrxqVCpH8rGsPRCXSH2Jl1Z11gIc3NlrGYimYn6GPjEAuECp9sbpGrQpQpt
BeINdW7Nu6lygremk7F6NI8X9X+6TPTuCyH4P8aqk3MouSo18rtX1DM9HMyrigA6
HK8lzhTHn2u8DRz6qzrBEDUfHZnNKzm/O6FDCLHGZ2vE9H4+CfKauF0zy2V63VZq
ofsQKVwyfddyErWzhsfCA13vu+YmZqtDi6LDifRLp/YplpKVSD0aYmHDiB/4zdHY
u8EkpVfk/tY6+/4W2uKNE271Rb+kZaF/1on70/5y6im9971y
-----END CERTIFICATE-----