Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/rGQqB4VgHhAa9-oqgVP7pSgyxSc.roa
File:                     rGQqB4VgHhAa9-oqgVP7pSgyxSc.roa (raw, json)
Hash identifier:          daaTiGbK5OTshXiW3BEkQAew8FAXvkIKcHY+CSoiCLA=
Subject key identifier:   AC:64:2A:07:85:60:1E:10:1A:F7:EA:2A:81:53:FB:A5:28:32:C5:27
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A070391F12763843CED1648FD96D5
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/rGQqB4VgHhAa9-oqgVP7pSgyxSc.roa
Signing time:             Mon 01 Jan 2024 18:29:49 +0000
ROA not before:           Mon 01 Jan 2024 18:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205421
IP address blocks:        2a12:bec0:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:07:03:91:f1:27:63:84:3c:ed:16:48:fd:96:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac642a0785601e101af7ea2a8153fba52832c527
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3e:c0:e0:72:d1:cb:3a:2f:f8:41:a2:88:7d:
                    d2:92:a9:3c:45:58:68:63:04:76:e0:9d:f9:78:d4:
                    cf:c4:4f:25:0f:72:1c:93:36:54:fe:97:2e:e0:cf:
                    ba:30:96:63:25:96:22:73:d7:0a:fd:fa:df:75:4b:
                    65:68:4f:4c:e7:3b:af:2f:c3:bc:6d:05:64:45:a1:
                    af:24:1d:d9:2d:f7:08:fb:bf:1f:d7:4a:a3:3e:01:
                    0a:7d:5e:1a:29:58:36:4e:4b:38:44:9d:da:46:20:
                    d3:e7:92:80:9c:78:9a:aa:ac:d2:e5:c3:ed:e3:95:
                    a8:ad:66:a8:6c:71:4a:c4:6b:08:8b:4a:09:3d:49:
                    2e:b6:e8:63:ac:3e:d2:34:99:d3:c0:56:5d:29:b8:
                    3a:a1:4c:80:1e:89:dc:2b:d3:6e:7c:d6:71:ac:ad:
                    9c:3b:90:d9:78:49:c0:71:d8:36:e5:00:5c:b9:f7:
                    fc:11:71:d8:9d:2a:ab:36:75:7f:8f:12:ce:f8:40:
                    5e:bf:b6:eb:30:2c:04:b4:0c:52:1b:38:22:d1:39:
                    7c:d8:1c:b1:f8:07:d2:1f:01:88:b8:39:58:20:28:
                    7e:d0:b7:ca:67:69:0a:d6:47:3a:a1:45:1c:4a:88:
                    e2:db:ad:e4:36:e2:72:0c:11:c7:ce:08:f0:c0:16:
                    78:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:64:2A:07:85:60:1E:10:1A:F7:EA:2A:81:53:FB:A5:28:32:C5:27
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/rGQqB4VgHhAa9-oqgVP7pSgyxSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:fe:37:f8:d9:c4:0a:d3:c1:d0:f0:d0:86:fe:29:dc:78:62:
         ea:99:52:74:e8:0c:54:aa:5d:17:fa:92:14:5d:c4:31:ef:cc:
         35:46:a6:86:5b:d2:9e:68:0b:41:de:7b:cc:db:f1:a9:9b:06:
         e5:ab:b6:86:18:0b:e0:ab:1e:d0:e2:03:b4:a0:84:c0:ea:f2:
         58:38:95:11:d9:be:0c:5a:dd:6f:8f:19:b2:d2:ca:10:af:50:
         cd:c9:e9:3d:64:e2:ec:41:0a:5f:7f:5a:89:f5:59:58:e9:4f:
         fb:53:27:c4:63:9b:e3:31:46:50:e7:36:c2:51:7a:e6:60:15:
         d8:57:2e:9e:3d:d4:ee:38:ba:77:ab:c9:fc:a0:47:d6:a9:42:
         69:37:20:0b:60:7d:cd:76:f1:d9:15:a2:3d:34:54:4c:74:29:
         54:8d:d3:19:87:4f:0b:34:eb:a2:51:15:3d:c1:75:fa:10:6c:
         55:d7:78:0e:d3:dd:3d:ee:20:0b:e6:9d:fc:0e:56:93:a6:8a:
         97:4c:a4:8a:87:b1:cf:1c:94:70:0a:64:ce:0c:96:f3:b2:b5:
         d5:e0:79:2d:35:c2:4a:7e:21:2e:1c:13:da:3f:c6:6a:bd:45:
         9f:31:aa:88:60:7c:a3:0f:e7:a6:f4:74:2e:c2:7c:72:d1:0b:
         2e:1b:70:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgcDkfEnY4Q87RZI/ZbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzY0MmEwNzg1NjAxZTEwMWFmN2VhMmE4MTUzZmJhNTI4MzJjNTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArz7A4HLRyzov+EGiiH3Skqk8RVho
YwR24J35eNTPxE8lD3IckzZU/pcu4M+6MJZjJZYic9cK/frfdUtlaE9M5zuvL8O8
bQVkRaGvJB3ZLfcI+78f10qjPgEKfV4aKVg2Tks4RJ3aRiDT55KAnHiaqqzS5cPt
45WorWaobHFKxGsIi0oJPUkutuhjrD7SNJnTwFZdKbg6oUyAHoncK9NufNZxrK2c
O5DZeEnAcdg25QBcuff8EXHYnSqrNnV/jxLO+EBev7brMCwEtAxSGzgi0Tl82Byx
+AfSHwGIuDlYICh+0LfKZ2kK1kc6oUUcSoji263kNuJyDBHHzgjwwBZ4FwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKxkKgeFYB4QGvfqKoFT+6UoMsUnMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvckdRcUI0VmdIaEFhOS1vcWdWUDdwU2d5eFNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+wAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAi/jf42cQK08HQ8NCG/inceGLqmVJ06AxUql0X
+pIUXcQx78w1RqaGW9KeaAtB3nvM2/Gpmwblq7aGGAvgqx7Q4gO0oITA6vJYOJUR
2b4MWt1vjxmy0soQr1DNyek9ZOLsQQpff1qJ9VlY6U/7UyfEY5vjMUZQ5zbCUXrm
YBXYVy6ePdTuOLp3q8n8oEfWqUJpNyALYH3NdvHZFaI9NFRMdClUjdMZh08LNOui
URU9wXX6EGxV13gO09097iAL5p38DlaTpoqXTKSKh7HPHJRwCmTODJbzsrXV4Hkt
NcJKfiEuHBPaP8ZqvUWfMaqIYHyjD+em9HQuwnxy0QsuG3AL
-----END CERTIFICATE-----