Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/nhgiMRaNbANQONPCaegcD63agdg.roa
File:                     nhgiMRaNbANQONPCaegcD63agdg.roa (raw, json)
Hash identifier:          /DVhgulXCu5CglJl4Icq0d1MgLORRedE/F6er4Xx/RA=
Subject key identifier:   9E:18:22:31:16:8D:6C:03:50:38:D3:C2:69:E8:1C:0F:AD:DA:81:D8
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A0D4ED2A9C9AFB8C256A1C8F9B900
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/nhgiMRaNbANQONPCaegcD63agdg.roa
Signing time:             Mon 01 Jan 2024 18:29:50 +0000
ROA not before:           Mon 01 Jan 2024 18:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215799
IP address blocks:        2a12:bec0:620::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:0d:4e:d2:a9:c9:af:b8:c2:56:a1:c8:f9:b9:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e182231168d6c035038d3c269e81c0fadda81d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a0:64:5a:80:a9:20:96:57:3e:6f:7e:9d:43:
                    e1:e3:b3:31:4e:01:bf:0f:73:a7:1f:a0:c7:3f:44:
                    08:70:da:6d:7d:1d:1a:04:2c:a7:52:88:9b:ee:3b:
                    90:d4:5b:94:6d:d0:3f:32:7d:ea:f2:a7:b4:0e:d8:
                    6b:76:ed:de:53:48:10:8b:23:72:04:ac:d9:f9:cb:
                    34:59:e6:5c:7b:3c:fe:e7:98:be:3b:e7:e9:1b:c4:
                    f9:54:9a:e9:aa:e4:48:a0:e0:dd:b0:2d:20:72:bf:
                    fc:ef:75:d6:6f:4e:d2:38:11:62:16:d4:88:cd:81:
                    9f:ea:85:0e:1b:95:ef:1b:0a:6c:7a:5e:9b:5d:13:
                    8b:a6:1c:ac:75:e2:c5:64:fc:05:5a:18:99:78:ad:
                    3a:73:c4:23:b7:1e:50:84:4b:aa:ce:1b:f9:dd:dc:
                    4c:31:b2:e1:52:d2:2d:12:3f:75:3a:41:d3:d6:d5:
                    25:60:ee:e2:9b:78:e6:d6:c1:23:73:a0:9c:20:d5:
                    c8:c7:19:c1:95:a6:10:3a:e2:b0:e3:59:7d:22:71:
                    e9:e6:ad:19:f6:95:f7:9d:2b:d3:90:c4:c3:79:e3:
                    0f:1b:39:91:d5:75:96:9d:79:67:67:63:3c:82:7a:
                    44:8c:c9:0b:ba:07:e9:3f:72:57:f0:56:45:70:38:
                    c1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:18:22:31:16:8D:6C:03:50:38:D3:C2:69:E8:1C:0F:AD:DA:81:D8
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/nhgiMRaNbANQONPCaegcD63agdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:620::/44

    Signature Algorithm: sha256WithRSAEncryption
         b8:ee:c4:1f:63:95:61:de:d5:6e:01:26:9e:c0:15:7f:f0:19:
         b2:0b:9b:4e:17:50:37:cc:bd:fb:41:3b:c5:46:04:39:59:09:
         3c:74:08:f2:0f:55:e3:92:ea:ff:9d:0a:78:48:84:ea:62:dd:
         f7:ef:4d:4a:22:19:4d:c0:6c:6d:0e:92:6b:32:0b:f0:92:ee:
         c1:61:b4:63:13:11:85:12:98:c9:ae:b4:8f:c5:6b:35:0f:aa:
         cb:ab:d5:bb:8c:8c:45:32:00:7b:96:5f:39:51:bd:da:95:44:
         92:23:47:44:8d:21:66:1d:e6:cd:a0:7f:cf:e3:90:57:a2:a7:
         13:6e:7e:46:89:3d:23:25:85:69:5e:10:8c:30:6e:72:eb:77:
         53:f3:58:08:4d:f9:ff:4c:33:d2:7f:fc:05:bf:1e:ae:e2:8d:
         6f:68:1a:f7:62:42:6b:4c:ca:ed:03:de:f4:cb:ba:83:ff:63:
         d6:92:6d:58:80:42:bc:f6:1b:fb:d9:33:64:a3:6c:60:fd:1b:
         a4:e9:09:8a:52:2b:87:05:60:5d:dc:0d:9c:d8:5f:10:82:55:
         9a:31:d8:ca:f6:06:9b:34:47:65:9e:29:f7:83:cb:00:01:c6:
         31:eb:48:4c:ad:2c:2e:95:e5:f0:55:19:9f:64:5e:95:e0:cd:
         21:96:a1:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSg1O0qnJr7jCVqHI+bkAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTE4MjIzMTE2OGQ2YzAzNTAzOGQzYzI2OWU4MWMwZmFkZGE4MWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaBkWoCpIJZXPm9+nUPh47MxTgG/
D3OnH6DHP0QIcNptfR0aBCynUoib7juQ1FuUbdA/Mn3q8qe0Dthrdu3eU0gQiyNy
BKzZ+cs0WeZcezz+55i+O+fpG8T5VJrpquRIoODdsC0gcr/873XWb07SOBFiFtSI
zYGf6oUOG5XvGwpsel6bXROLphysdeLFZPwFWhiZeK06c8Qjtx5QhEuqzhv53dxM
MbLhUtItEj91OkHT1tUlYO7im3jm1sEjc6CcINXIxxnBlaYQOuKw41l9InHp5q0Z
9pX3nSvTkMTDeeMPGzmR1XWWnXlnZ2M8gnpEjMkLugfpP3JX8FZFcDjBbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ4YIjEWjWwDUDjTwmnoHA+t2oHYMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvbmhnaU1SYU5iQU5RT05QQ2FlZ2NENjNhZ2RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAYg
MA0GCSqGSIb3DQEBCwUAA4IBAQC47sQfY5Vh3tVuASaewBV/8BmyC5tOF1A3zL37
QTvFRgQ5WQk8dAjyD1Xjkur/nQp4SITqYt33701KIhlNwGxtDpJrMgvwku7BYbRj
ExGFEpjJrrSPxWs1D6rLq9W7jIxFMgB7ll85Ub3alUSSI0dEjSFmHebNoH/P45BX
oqcTbn5GiT0jJYVpXhCMMG5y63dT81gITfn/TDPSf/wFvx6u4o1vaBr3YkJrTMrt
A970y7qD/2PWkm1YgEK89hv72TNko2xg/Ruk6QmKUiuHBWBd3A2c2F8QglWaMdjK
9gabNEdlnin3g8sAAcYx60hMrSwuleXwVRmfZF6V4M0hlqFH
-----END CERTIFICATE-----