Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/sca74r_rBQQA8XBSXl6z9IEJmRw.roa
File:                     sca74r_rBQQA8XBSXl6z9IEJmRw.roa (raw, json)
Hash identifier:          7rkHJ+vaoe0EmZ4em8HyO9atgBQNQjMvEcY/t6gh79Y=
Subject key identifier:   B1:C6:BB:E2:BF:EB:05:04:00:F1:70:52:5E:5E:B3:F4:81:09:99:1C
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018F0B691B0E4B3A59E8D80300615E718C4A
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/sca74r_rBQQA8XBSXl6z9IEJmRw.roa
Signing time:             Tue 23 Apr 2024 14:43:08 +0000
ROA not before:           Tue 23 Apr 2024 14:43:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215439
IP address blocks:        2a12:bec4:110::/44 maxlen: 44
                          2a12:bec4:10b0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0b:69:1b:0e:4b:3a:59:e8:d8:03:00:61:5e:71:8c:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Apr 23 14:43:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1c6bbe2bfeb050400f170525e5eb3f48109991c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fa:1d:f1:44:35:99:8f:80:46:7d:5e:0f:76:
                    df:25:be:79:81:86:b7:1b:0f:1f:5d:4e:67:84:30:
                    ef:c2:12:a0:68:0e:29:80:72:ae:6b:7f:66:40:71:
                    5a:4b:6f:99:da:fe:b3:a3:81:b0:ce:96:4c:52:c3:
                    55:ba:15:7d:77:6f:99:ec:d2:56:08:a3:50:b6:e9:
                    43:b9:92:fe:12:26:04:dc:74:8d:fb:94:5c:95:10:
                    b9:07:74:41:49:e3:66:2c:a2:62:25:f4:9b:74:03:
                    e7:62:fc:31:82:a9:9e:42:5a:ba:05:d9:80:34:8a:
                    87:a4:b1:e4:7c:05:b0:12:ed:5c:8a:4b:f3:fe:1f:
                    e1:3b:2f:aa:9f:96:c7:5e:26:f0:f4:2e:4b:e8:a4:
                    a4:b9:cc:b8:fe:0f:da:03:4e:10:40:dd:56:d6:a8:
                    39:ca:78:95:33:2f:f8:75:92:c1:e8:b2:a0:12:26:
                    38:76:00:72:d2:dd:ce:58:fc:10:34:cc:b9:40:c3:
                    d1:db:08:c8:fe:e0:dd:8e:4e:45:db:8e:37:d5:49:
                    db:89:bd:91:40:4b:22:77:a4:62:79:65:b3:3d:cf:
                    90:d9:2c:50:6b:3a:8a:4f:55:77:ee:97:71:fb:35:
                    06:85:0b:5f:b7:e9:1b:e2:60:eb:04:7f:61:50:46:
                    db:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C6:BB:E2:BF:EB:05:04:00:F1:70:52:5E:5E:B3:F4:81:09:99:1C
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/sca74r_rBQQA8XBSXl6z9IEJmRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:110::/44
                  2a12:bec4:10b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         41:2a:88:2d:06:33:a4:00:3b:14:cb:5e:64:e5:7a:8c:6d:97:
         2e:cf:42:c4:ce:fd:0c:50:3b:ca:10:8d:0c:ee:da:5b:d9:5e:
         5b:cd:40:c8:66:c9:f9:27:76:9b:e0:f3:17:9e:21:f7:09:44:
         b9:24:8e:73:f6:5a:bf:fc:bb:c7:8d:ff:5f:6c:55:cb:0b:5d:
         c9:f1:29:e8:fb:32:d0:f5:f1:85:ea:71:0e:9c:93:1b:fa:7e:
         ed:b2:a9:c8:4b:f0:b1:ce:fd:34:f4:7a:4e:1e:0d:d9:88:a0:
         38:11:5c:41:c2:30:2c:99:62:fc:9a:12:7a:48:a7:df:ff:2d:
         1b:47:28:5f:61:8e:71:af:c8:1c:04:34:ac:e4:97:dc:a4:29:
         d5:ff:2a:ea:c4:d2:cd:cf:f8:99:18:f3:e6:82:08:8e:a1:8c:
         37:c0:b4:60:7a:a5:ac:58:f7:41:79:ef:ae:93:7c:ab:f1:83:
         12:b2:26:a6:17:08:bb:b4:a0:1f:31:77:b7:65:59:e2:53:5c:
         2f:ff:d1:0c:c3:0d:30:aa:6e:43:86:56:68:4f:7a:f8:10:5b:
         cc:75:b0:cf:d3:55:cc:0c:e3:f1:b9:6b:2f:71:b5:b0:a8:20:
         bb:71:58:0e:7d:44:36:3e:b6:14:60:0d:af:61:5c:c1:ad:0b:
         93:bb:c0:da
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8LaRsOSzpZ6NgDAGFecYxKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwNDIzMTQ0MzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWM2YmJlMmJmZWIwNTA0MDBmMTcwNTI1ZTVlYjNmNDgxMDk5OTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/od8UQ1mY+ARn1eD3bfJb55gYa3
Gw8fXU5nhDDvwhKgaA4pgHKua39mQHFaS2+Z2v6zo4GwzpZMUsNVuhV9d2+Z7NJW
CKNQtulDuZL+EiYE3HSN+5RclRC5B3RBSeNmLKJiJfSbdAPnYvwxgqmeQlq6BdmA
NIqHpLHkfAWwEu1cikvz/h/hOy+qn5bHXibw9C5L6KSkucy4/g/aA04QQN1W1qg5
yniVMy/4dZLB6LKgEiY4dgBy0t3OWPwQNMy5QMPR2wjI/uDdjk5F24431Unbib2R
QEsid6RieWWzPc+Q2SxQazqKT1V37pdx+zUGhQtft+kb4mDrBH9hUEbbpQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLHGu+K/6wUEAPFwUl5es/SBCZkcMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvc2NhNzRyX3JCUVFBOFhCU1hsNno5SUVKbVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xAEQ
AwcEKhK+xBCwMA0GCSqGSIb3DQEBCwUAA4IBAQBBKogtBjOkADsUy15k5XqMbZcu
z0LEzv0MUDvKEI0M7tpb2V5bzUDIZsn5J3ab4PMXniH3CUS5JI5z9lq//LvHjf9f
bFXLC13J8Sno+zLQ9fGF6nEOnJMb+n7tsqnIS/Cxzv009HpOHg3ZiKA4EVxBwjAs
mWL8mhJ6SKff/y0bRyhfYY5xr8gcBDSs5JfcpCnV/yrqxNLNz/iZGPPmggiOoYw3
wLRgeqWsWPdBee+uk3yr8YMSsiamFwi7tKAfMXe3ZVniU1wv/9EMww0wqm5DhlZo
T3r4EFvMdbDP01XMDOPxuWsvcbWwqCC7cVgOfUQ2PrYUYA2vYVzBrQuTu8Da
-----END CERTIFICATE-----