Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/qC4fPSwZdlIbD0WXmP-W-c5LHVs.roa
File:                     qC4fPSwZdlIbD0WXmP-W-c5LHVs.roa (raw, json)
Hash identifier:          iHVpkDAB9a1OP1FY0JWrGM28zFIGJdrv6E9uQGQSZIY=
Subject key identifier:   A8:2E:1F:3D:2C:19:76:52:1B:0F:45:97:98:FF:96:F9:CE:4B:1D:5B
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC649FA48C68CAA6E3A437ED26D0CEA03
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/qC4fPSwZdlIbD0WXmP-W-c5LHVs.roa
Signing time:             Mon 01 Jan 2024 18:29:46 +0000
ROA not before:           Mon 01 Jan 2024 18:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        2a12:bec0:df0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:fa:48:c6:8c:aa:6e:3a:43:7e:d2:6d:0c:ea:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a82e1f3d2c1976521b0f459798ff96f9ce4b1d5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3e:64:45:8f:bf:77:49:1d:25:1f:82:c2:09:
                    ef:40:c1:5f:e7:d5:65:8b:2d:e0:24:89:9d:b6:ec:
                    2a:dd:e8:c9:c3:bf:70:a4:2e:ee:96:e9:03:48:7d:
                    d3:00:d4:5c:02:dd:b4:83:dc:52:8f:e9:34:f7:8c:
                    c3:95:df:c2:b8:8b:40:1d:55:0b:cf:9b:c7:13:5a:
                    67:e2:1b:8a:8c:e3:54:74:3c:5c:c7:60:f4:08:79:
                    87:03:1b:6f:c8:7c:5a:7c:32:97:cc:6d:90:41:70:
                    37:37:5d:a3:9d:0f:50:be:92:42:fe:cb:6a:0b:bf:
                    40:55:1f:d5:9e:08:2b:50:f3:6f:4d:d3:27:75:a8:
                    34:07:0d:c0:c3:82:5b:44:97:ea:66:fe:a5:96:f1:
                    4a:ae:90:9e:c0:cc:34:a7:b9:a5:e3:f6:75:c9:26:
                    67:49:c5:06:05:c9:24:55:88:f1:91:28:9b:f5:dc:
                    f8:d9:75:83:47:33:e6:7e:21:95:58:b7:ca:85:b6:
                    57:11:ef:94:b7:37:ca:06:9e:3b:74:40:81:ae:68:
                    fb:ad:04:19:f9:01:d5:ad:ee:28:4e:fd:da:49:a7:
                    42:fd:1f:3d:9f:02:98:7e:3f:92:ff:7d:39:53:ba:
                    fd:90:10:69:c6:97:7a:c4:cb:c5:21:2d:db:af:38:
                    30:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:2E:1F:3D:2C:19:76:52:1B:0F:45:97:98:FF:96:F9:CE:4B:1D:5B
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/qC4fPSwZdlIbD0WXmP-W-c5LHVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:df0::/44

    Signature Algorithm: sha256WithRSAEncryption
         00:b8:1e:7e:d8:6a:59:c3:2a:52:44:ec:1a:91:92:ee:1a:27:
         6c:30:34:40:c2:ce:3f:01:06:a3:92:6c:2e:05:6a:6a:6c:1c:
         40:00:73:63:29:d6:64:e9:a6:a0:fb:24:1b:c6:57:5b:6b:e5:
         c4:13:e8:db:ae:f6:66:1f:c8:ff:ac:26:2d:8b:f5:14:d7:db:
         01:fb:68:2b:c0:97:61:f9:5f:6b:bc:49:d3:dd:15:ce:5b:f2:
         29:42:67:b9:7b:4f:5e:a1:73:f1:fc:69:a9:1d:e8:6c:b2:25:
         66:e6:40:1b:32:31:13:f8:85:e7:5b:f0:aa:d0:fd:06:0f:9e:
         d5:5e:8b:0e:2b:a1:40:6e:b8:34:c0:ba:94:90:cc:ed:73:76:
         d7:04:3c:82:59:1b:66:5f:b6:52:f2:96:87:9a:b2:0e:88:1b:
         53:3e:16:62:fb:e1:29:1c:17:34:04:43:d4:07:c9:9c:5a:f7:
         bf:b0:35:4e:34:3e:e6:c3:a9:5e:f8:ca:4f:e2:2e:14:a2:63:
         83:3f:d9:ee:e9:18:93:44:1e:aa:81:cf:0e:bf:6f:26:61:5c:
         b1:2f:0e:e1:ad:73:79:a2:81:fe:92:ae:b5:9c:ba:b4:8f:6f:
         9a:60:04:00:ff:db:5c:99:77:6a:f6:99:93:fd:5c:dc:57:88:
         0f:5a:2f:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSfpIxoyqbjpDftJtDOoDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODJlMWYzZDJjMTk3NjUyMWIwZjQ1OTc5OGZmOTZmOWNlNGIxZDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD5kRY+/d0kdJR+CwgnvQMFf59Vl
iy3gJImdtuwq3ejJw79wpC7ulukDSH3TANRcAt20g9xSj+k094zDld/CuItAHVUL
z5vHE1pn4huKjONUdDxcx2D0CHmHAxtvyHxafDKXzG2QQXA3N12jnQ9QvpJC/stq
C79AVR/VnggrUPNvTdMndag0Bw3Aw4JbRJfqZv6llvFKrpCewMw0p7ml4/Z1ySZn
ScUGBckkVYjxkSib9dz42XWDRzPmfiGVWLfKhbZXEe+UtzfKBp47dECBrmj7rQQZ
+QHVre4oTv3aSadC/R89nwKYfj+S/305U7r9kBBpxpd6xMvFIS3brzgweQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKguHz0sGXZSGw9Fl5j/lvnOSx1bMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvcUM0ZlBTd1pkbEliRDBXWG1QLVctYzVMSFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wA3w
MA0GCSqGSIb3DQEBCwUAA4IBAQAAuB5+2GpZwypSROwakZLuGidsMDRAws4/AQaj
kmwuBWpqbBxAAHNjKdZk6aag+yQbxldba+XEE+jbrvZmH8j/rCYti/UU19sB+2gr
wJdh+V9rvEnT3RXOW/IpQme5e09eoXPx/GmpHehssiVm5kAbMjET+IXnW/Cq0P0G
D57VXosOK6FAbrg0wLqUkMztc3bXBDyCWRtmX7ZS8paHmrIOiBtTPhZi++EpHBc0
BEPUB8mcWve/sDVOND7mw6le+MpP4i4UomODP9nu6RiTRB6qgc8Ov28mYVyxLw7h
rXN5ooH+kq61nLq0j2+aYAQA/9tcmXdq9pmT/VzcV4gPWi88
-----END CERTIFICATE-----