Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/qVYnutfZ1rnAEprZaZeUOjxarVQ.roa
File:                     qVYnutfZ1rnAEprZaZeUOjxarVQ.roa (raw, json)
Hash identifier:          FVTbUvrmGmkbsAwoLnOvl+skczk8pn3uASYtIToXC3c=
Subject key identifier:   A9:56:27:BA:D7:D9:D6:B9:C0:12:9A:D9:69:97:94:3A:3C:5A:AD:54
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018DF0A3E189D8BA03B81CDF1D5439452954
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/qVYnutfZ1rnAEprZaZeUOjxarVQ.roa
Signing time:             Wed 28 Feb 2024 16:54:48 +0000
ROA not before:           Wed 28 Feb 2024 16:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215842
IP address blocks:        2a12:bec0:5d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f0:a3:e1:89:d8:ba:03:b8:1c:df:1d:54:39:45:29:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Feb 28 16:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a95627bad7d9d6b9c0129ad96997943a3c5aad54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2a:93:a9:a8:61:33:14:34:2c:16:b4:90:be:
                    72:78:e2:53:fe:41:70:f9:e8:51:42:b9:76:34:9c:
                    c6:ac:87:07:f8:f9:cc:89:10:da:d8:fb:5b:80:21:
                    fa:02:b6:80:f0:64:03:19:3f:43:58:96:c8:cf:24:
                    06:5f:56:8c:b5:cc:35:f5:65:87:50:b4:6b:5e:06:
                    ba:7e:86:15:68:a3:23:af:c8:14:90:4f:16:d9:b3:
                    e1:bf:a4:eb:d9:3d:3b:15:92:86:bd:92:7e:c6:18:
                    0b:87:c9:7d:44:4a:8d:5b:02:a8:dc:d3:0a:d7:8c:
                    be:97:15:6a:a8:66:5b:31:4e:1a:54:cb:a4:b6:70:
                    28:2d:0f:ad:11:2a:1f:27:7f:1a:66:73:7b:e3:29:
                    ac:cc:69:71:88:d9:b4:95:b3:3b:2f:e6:9d:92:dc:
                    6e:76:53:3f:9f:7d:d6:df:4e:2e:94:e4:ef:58:8d:
                    5c:c0:8c:10:32:49:c3:e6:55:65:a6:87:3d:91:c8:
                    ea:83:7d:ad:ab:7d:da:0f:b8:51:36:b8:d4:3a:6c:
                    8e:31:39:54:2e:c6:77:2e:e3:56:8f:14:9a:02:af:
                    30:ff:15:fd:f2:f5:c1:e8:45:5c:1c:b3:bc:49:68:
                    11:f5:13:6b:a2:5b:64:84:b3:9a:4e:d6:1e:77:72:
                    ad:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:56:27:BA:D7:D9:D6:B9:C0:12:9A:D9:69:97:94:3A:3C:5A:AD:54
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/qVYnutfZ1rnAEprZaZeUOjxarVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:5d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         35:e4:61:83:96:da:b0:1e:f0:a2:0a:6f:de:0c:cb:3c:f9:41:
         4d:54:59:2a:9d:31:9a:b0:fc:ac:af:71:1d:16:1b:76:6b:1f:
         8b:b3:66:17:89:64:1e:45:5d:b5:7b:e2:6f:32:ca:dc:6c:da:
         09:9b:06:32:c6:b4:59:f9:96:f0:5e:39:10:42:76:6f:5f:43:
         3c:07:76:d6:c6:39:bc:54:11:86:4b:56:b1:d2:13:a1:eb:e2:
         d7:50:43:71:47:f6:5d:05:3c:d0:5c:a0:1e:99:26:2b:cf:78:
         1c:56:ea:0c:04:fe:0f:36:46:af:c6:fd:97:b1:2e:ee:7d:21:
         e1:c7:68:3d:a8:b4:e3:b0:d2:47:3f:d8:5a:5f:a2:14:fa:77:
         da:d5:9b:e1:4b:f1:72:00:61:ae:5c:8c:ce:41:3f:52:c7:87:
         72:2c:f2:44:42:85:c0:11:c9:93:19:cf:e9:42:11:b0:7c:ab:
         b8:04:57:0d:8f:79:95:4d:80:ad:36:3f:e9:d9:49:bb:13:45:
         68:8c:32:d6:57:d1:17:cc:b1:78:10:3f:82:93:51:f1:56:4e:
         0c:d3:42:4b:56:79:c2:c3:8d:6c:42:7b:bc:0d:65:ff:a4:50:
         39:a6:5e:17:f2:88:e8:22:c7:7c:b2:a0:1b:99:b2:f7:a4:7c:
         72:81:b6:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3wo+GJ2LoDuBzfHVQ5RSlUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMjI4MTY1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTU2MjdiYWQ3ZDlkNmI5YzAxMjlhZDk2OTk3OTQzYTNjNWFhZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiqTqahhMxQ0LBa0kL5yeOJT/kFw
+ehRQrl2NJzGrIcH+PnMiRDa2PtbgCH6AraA8GQDGT9DWJbIzyQGX1aMtcw19WWH
ULRrXga6foYVaKMjr8gUkE8W2bPhv6Tr2T07FZKGvZJ+xhgLh8l9REqNWwKo3NMK
14y+lxVqqGZbMU4aVMuktnAoLQ+tESofJ38aZnN74ymszGlxiNm0lbM7L+adktxu
dlM/n33W304ulOTvWI1cwIwQMknD5lVlpoc9kcjqg32tq33aD7hRNrjUOmyOMTlU
LsZ3LuNWjxSaAq8w/xX98vXB6EVcHLO8SWgR9RNroltkhLOaTtYed3KtFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKlWJ7rX2da5wBKa2WmXlDo8Wq1UMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvcVZZbnV0Zloxcm5BRXByWmFaZVVPanhhclZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAXQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA15GGDltqwHvCiCm/eDMs8+UFNVFkqnTGasPys
r3EdFht2ax+Ls2YXiWQeRV21e+JvMsrcbNoJmwYyxrRZ+ZbwXjkQQnZvX0M8B3bW
xjm8VBGGS1ax0hOh6+LXUENxR/ZdBTzQXKAemSYrz3gcVuoMBP4PNkavxv2XsS7u
fSHhx2g9qLTjsNJHP9haX6IU+nfa1ZvhS/FyAGGuXIzOQT9Sx4dyLPJEQoXAEcmT
Gc/pQhGwfKu4BFcNj3mVTYCtNj/p2Um7E0VojDLWV9EXzLF4ED+Ck1HxVk4M00JL
VnnCw41sQnu8DWX/pFA5pl4X8ojoIsd8sqAbmbL3pHxygbb3
-----END CERTIFICATE-----