Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/tFJNiYEkWLwB7Nv_-mCLClCB5Ho.roa
File:                     tFJNiYEkWLwB7Nv_-mCLClCB5Ho.roa (raw, json)
Hash identifier:          vv7LOFn2iqpkV74/aQCN8qykOSjdCsqNIieMz4eRfsk=
Subject key identifier:   B4:52:4D:89:81:24:58:BC:01:EC:DB:FF:FA:60:8B:0A:50:81:E4:7A
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A013C7A9E3556D67587A499AA5068
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/tFJNiYEkWLwB7Nv_-mCLClCB5Ho.roa
Signing time:             Mon 01 Jan 2024 18:29:47 +0000
ROA not before:           Mon 01 Jan 2024 18:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199414
IP address blocks:        2a12:bec0:2f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:01:3c:7a:9e:35:56:d6:75:87:a4:99:aa:50:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4524d89812458bc01ecdbfffa608b0a5081e47a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d6:aa:02:82:6c:ea:0f:14:5c:84:9c:df:de:
                    f9:25:64:5f:fe:e3:1c:53:93:40:c5:24:1c:f8:f1:
                    d6:c4:e9:06:83:04:66:0a:2a:0e:5f:12:b5:36:99:
                    58:6a:8c:bd:0b:7f:7e:c6:3f:df:54:af:06:7c:a1:
                    88:b2:7d:6c:80:f6:24:cc:38:4f:e8:97:7b:69:09:
                    cb:24:82:cb:1e:e9:8b:c7:b3:d1:87:cf:47:bd:0d:
                    5f:0d:49:cf:57:74:fe:2c:e6:61:22:f3:19:6c:3f:
                    2d:6d:d9:3b:86:18:2d:a4:92:b7:0e:49:0a:e3:23:
                    62:ee:de:af:ae:ff:da:99:f7:ef:7a:2d:95:55:dc:
                    da:15:85:14:a9:53:51:ac:06:72:75:b6:13:2b:91:
                    a5:19:6d:46:94:08:47:9d:af:ce:75:ef:4c:b5:43:
                    60:a5:e6:e2:eb:9b:ea:43:d5:b4:11:df:7d:f5:bf:
                    1f:e5:95:b2:d0:f0:9a:0d:9b:20:8b:d8:bf:ff:c1:
                    f9:ce:49:37:f6:20:83:cf:af:03:b7:af:68:2a:86:
                    24:fc:09:66:e8:1f:32:24:e5:ac:ad:f4:09:0a:78:
                    1d:bc:e1:18:de:b1:c7:42:0e:47:79:b3:cf:de:01:
                    67:76:5a:44:5b:04:f7:64:26:3d:36:25:58:c7:0f:
                    93:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:52:4D:89:81:24:58:BC:01:EC:DB:FF:FA:60:8B:0A:50:81:E4:7A
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/tFJNiYEkWLwB7Nv_-mCLClCB5Ho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:2f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5f:c4:c8:29:c3:66:07:4b:1e:2b:52:21:ac:11:20:95:74:90:
         19:9f:19:69:be:0d:6b:ad:f9:29:d6:93:f8:1c:94:38:49:73:
         25:f5:74:f8:51:f6:e7:d3:86:bc:e1:e8:84:b6:f0:f7:31:61:
         8d:b6:b8:57:87:73:80:19:b6:c3:96:d3:e6:80:c8:17:c9:b1:
         d2:be:bb:4d:5b:d2:f2:cf:25:b1:39:c5:ca:60:ef:6b:5b:33:
         08:5e:c0:f0:2b:1d:26:a9:9c:16:b1:e2:05:12:55:d8:14:c7:
         ee:04:f0:8c:12:e9:1d:1c:22:7e:94:88:97:4f:f2:a5:41:6b:
         a1:cd:0f:37:24:15:63:38:a2:f8:52:dc:d3:e3:20:6b:34:63:
         fd:dc:92:d4:0b:4d:e3:3c:34:b5:84:f0:2e:c4:9f:c6:0a:1b:
         9b:09:c9:d4:91:e5:58:1f:2c:43:b0:51:52:96:47:6b:79:17:
         41:3c:39:f0:20:c5:54:7e:88:eb:38:ee:78:9b:20:c6:69:d5:
         05:08:84:50:af:19:6a:be:2c:e4:a5:e6:4c:43:16:7d:98:8e:
         90:c1:c4:14:72:c0:88:0b:48:05:bc:47:d0:33:97:51:48:51:
         ab:37:3c:a2:ad:e4:b7:79:12:e6:71:53:3b:e8:20:ad:ff:25:
         42:53:a8:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgE8ep41VtZ1h6SZqlBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDUyNGQ4OTgxMjQ1OGJjMDFlY2RiZmZmYTYwOGIwYTUwODFlNDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNaqAoJs6g8UXISc3975JWRf/uMc
U5NAxSQc+PHWxOkGgwRmCioOXxK1NplYaoy9C39+xj/fVK8GfKGIsn1sgPYkzDhP
6Jd7aQnLJILLHumLx7PRh89HvQ1fDUnPV3T+LOZhIvMZbD8tbdk7hhgtpJK3DkkK
4yNi7t6vrv/amffvei2VVdzaFYUUqVNRrAZydbYTK5GlGW1GlAhHna/Ode9MtUNg
pebi65vqQ9W0Ed999b8f5ZWy0PCaDZsgi9i//8H5zkk39iCDz68Dt69oKoYk/Alm
6B8yJOWsrfQJCngdvOEY3rHHQg5HebPP3gFndlpEWwT3ZCY9NiVYxw+TQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLRSTYmBJFi8Aezb//pgiwpQgeR6MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvdEZKTmlZRWtXTHdCN052Xy1tQ0xDbENCNUhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wALw
MA0GCSqGSIb3DQEBCwUAA4IBAQBfxMgpw2YHSx4rUiGsESCVdJAZnxlpvg1rrfkp
1pP4HJQ4SXMl9XT4Ufbn04a84eiEtvD3MWGNtrhXh3OAGbbDltPmgMgXybHSvrtN
W9LyzyWxOcXKYO9rWzMIXsDwKx0mqZwWseIFElXYFMfuBPCMEukdHCJ+lIiXT/Kl
QWuhzQ83JBVjOKL4UtzT4yBrNGP93JLUC03jPDS1hPAuxJ/GChubCcnUkeVYHyxD
sFFSlkdreRdBPDnwIMVUfojrOO54myDGadUFCIRQrxlqvizkpeZMQxZ9mI6QwcQU
csCIC0gFvEfQM5dRSFGrNzyireS3eRLmcVM76CCt/yVCU6gf
-----END CERTIFICATE-----