Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ot0OVqWaN_Sr-tNMdlaLCiRQqdU.roa
File:                     ot0OVqWaN_Sr-tNMdlaLCiRQqdU.roa (raw, json)
Hash identifier:          57P56M40rEtHov22g8zYtEFGymMmLQidUQ0rI05FO3Y=
Subject key identifier:   A2:DD:0E:56:A5:9A:37:F4:AB:FA:D3:4C:76:56:8B:0A:24:50:A9:D5
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018E84EB6DEFCFB99AC914EB86503B2F38A5
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ot0OVqWaN_Sr-tNMdlaLCiRQqdU.roa
Signing time:             Thu 28 Mar 2024 11:56:45 +0000
ROA not before:           Thu 28 Mar 2024 11:56:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215228
IP address blocks:        2a12:bec4:1110::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:84:eb:6d:ef:cf:b9:9a:c9:14:eb:86:50:3b:2f:38:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Mar 28 11:56:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2dd0e56a59a37f4abfad34c76568b0a2450a9d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fa:42:4c:8b:64:64:61:8c:1c:ce:ae:2f:aa:
                    92:5f:2d:6b:1b:70:24:50:0b:f2:b7:35:e4:16:19:
                    81:cd:cf:eb:0f:e2:46:50:6c:81:01:46:f6:ee:f7:
                    2a:cc:2d:2c:92:ce:32:11:88:2a:b0:14:45:00:38:
                    b3:ea:00:43:b6:1e:d5:b4:a1:ca:89:46:0f:fd:a3:
                    a3:ba:bf:eb:13:02:a9:34:c3:3d:34:4e:1c:6e:27:
                    c0:6e:a5:03:dd:fd:eb:eb:6f:00:bd:d4:8c:22:09:
                    4b:b9:22:0a:89:ac:52:d4:4f:4c:ea:19:a9:64:f9:
                    d2:fd:24:c7:d3:df:e7:27:cd:5d:aa:f9:96:a8:86:
                    48:b1:88:54:3c:e1:88:30:48:56:00:7d:ef:39:40:
                    3c:fb:43:ab:61:6d:84:99:bb:28:b9:c7:b6:7b:b1:
                    11:6a:d9:b3:6b:26:08:c0:68:39:5b:6b:23:73:98:
                    1d:b8:b6:f8:89:45:eb:35:e0:d1:ef:2d:96:69:1a:
                    86:78:15:1e:16:ab:1f:fd:97:97:b2:92:21:49:a6:
                    54:ad:cb:2c:e5:71:2c:9e:bc:6e:69:b0:57:07:f3:
                    9a:2d:4a:67:a8:79:3f:2c:3d:5a:d2:4d:7f:91:1a:
                    cb:d6:40:f1:1f:b0:c6:58:5c:04:7a:49:0d:d2:df:
                    e9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:DD:0E:56:A5:9A:37:F4:AB:FA:D3:4C:76:56:8B:0A:24:50:A9:D5
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ot0OVqWaN_Sr-tNMdlaLCiRQqdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1110::/44

    Signature Algorithm: sha256WithRSAEncryption
         bf:be:d1:95:19:68:e8:f6:61:03:1e:8f:6f:31:07:45:c1:01:
         42:57:72:09:89:35:f3:28:b6:3e:ab:81:87:b9:17:12:48:48:
         db:2a:da:b1:34:4e:61:df:c4:1e:9b:4c:fd:cd:93:cf:5d:b9:
         90:e1:62:61:28:81:b9:b1:7a:31:94:c2:e7:77:91:ca:68:6e:
         23:7f:ff:35:cb:a5:85:67:3f:60:80:c3:19:a0:72:23:05:26:
         15:75:ff:a7:5a:e8:d9:40:44:da:09:ba:3e:17:4c:40:9e:26:
         7e:90:47:4a:a9:69:1e:11:c6:95:1b:47:64:7c:48:e8:3c:67:
         9f:52:db:75:7e:ce:58:3d:ea:08:11:e3:2f:e7:b3:57:70:73:
         fa:f9:a0:bd:83:08:a0:3c:97:bc:41:a2:92:b0:7a:7f:a0:e2:
         96:69:92:1d:e7:cd:26:f6:06:3f:b9:20:8c:7d:a1:56:70:8f:
         54:d5:aa:e5:c2:03:97:51:27:e5:f7:f6:d8:74:9f:3e:39:4b:
         df:4b:26:9a:7d:d0:00:ff:c9:67:8d:c7:2a:38:f8:94:ee:d2:
         70:ce:6b:f8:68:df:a6:2f:01:9b:8d:bd:30:43:9d:9d:d7:8d:
         c2:37:ac:c1:b1:fb:48:54:56:fc:27:2d:b4:d0:0e:39:22:29:
         b9:57:64:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6E623vz7mayRTrhlA7LzilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMzI4MTE1NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmRkMGU1NmE1OWEzN2Y0YWJmYWQzNGM3NjU2OGIwYTI0NTBhOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPpCTItkZGGMHM6uL6qSXy1rG3Ak
UAvytzXkFhmBzc/rD+JGUGyBAUb27vcqzC0sks4yEYgqsBRFADiz6gBDth7VtKHK
iUYP/aOjur/rEwKpNMM9NE4cbifAbqUD3f3r628AvdSMIglLuSIKiaxS1E9M6hmp
ZPnS/STH09/nJ81dqvmWqIZIsYhUPOGIMEhWAH3vOUA8+0OrYW2Embsouce2e7ER
atmzayYIwGg5W2sjc5gduLb4iUXrNeDR7y2WaRqGeBUeFqsf/ZeXspIhSaZUrcss
5XEsnrxuabBXB/OaLUpnqHk/LD1a0k1/kRrL1kDxH7DGWFwEekkN0t/pwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKLdDlalmjf0q/rTTHZWiwokUKnVMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvb3QwT1ZxV2FOX1NyLXROTWRsYUxDaVJRcWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC/vtGVGWjo9mEDHo9vMQdFwQFCV3IJiTXzKLY+
q4GHuRcSSEjbKtqxNE5h38Qem0z9zZPPXbmQ4WJhKIG5sXoxlMLnd5HKaG4jf/81
y6WFZz9ggMMZoHIjBSYVdf+nWujZQETaCbo+F0xAniZ+kEdKqWkeEcaVG0dkfEjo
PGefUtt1fs5YPeoIEeMv57NXcHP6+aC9gwigPJe8QaKSsHp/oOKWaZId580m9gY/
uSCMfaFWcI9U1arlwgOXUSfl9/bYdJ8+OUvfSyaafdAA/8lnjccqOPiU7tJwzmv4
aN+mLwGbjb0wQ52d143CN6zBsftIVFb8Jy200A45Iim5V2TN
-----END CERTIFICATE-----