Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/u1aUbTyyZFBiY-sYqgk2w82uCp8.roa
File:                     u1aUbTyyZFBiY-sYqgk2w82uCp8.roa (raw, json)
Hash identifier:          u5klL9c3B9YIt8Vj6B0qp2EXgofeoe+8cCQBBlm+iS8=
Subject key identifier:   BB:56:94:6D:3C:B2:64:50:62:63:EB:18:AA:09:36:C3:CD:AE:0A:9F
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0192785E329073A53631EB43A579C846A279
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/u1aUbTyyZFBiY-sYqgk2w82uCp8.roa
Signing time:             Thu 10 Oct 2024 21:38:12 +0000
ROA not before:           Thu 10 Oct 2024 21:38:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214062
IP address blocks:        2a12:bec4:1580::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:78:5e:32:90:73:a5:36:31:eb:43:a5:79:c8:46:a2:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Oct 10 21:38:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb56946d3cb264506263eb18aa0936c3cdae0a9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:81:d0:49:1e:1c:6f:db:c9:e1:c2:e0:72:7d:
                    f3:9e:81:eb:b3:a4:83:55:f8:71:fb:6a:4b:fb:a9:
                    db:0e:cd:13:68:b0:8a:5e:ec:18:34:90:cb:8f:b2:
                    73:b2:f5:3c:e2:98:7a:46:68:47:77:6c:fb:f9:a2:
                    6c:84:4f:3f:b3:a2:17:29:50:85:db:df:7d:c9:fc:
                    1b:f0:d4:75:93:3a:c5:1f:35:2f:65:c8:36:2d:01:
                    b6:b2:5b:92:12:db:75:f5:d5:39:e6:c0:d4:f3:5a:
                    a8:10:3b:36:0f:9b:03:78:b5:38:e3:db:48:d1:a0:
                    81:32:c5:08:8d:9e:4d:b9:70:dd:8e:98:20:b8:d9:
                    c5:3c:d3:12:df:1f:71:69:56:a9:84:26:e9:e2:ca:
                    2e:f4:9e:37:df:25:a4:a9:e4:ef:08:b8:18:82:4e:
                    07:4d:ee:e4:41:db:07:10:01:a7:33:3f:5c:42:af:
                    09:64:40:3b:0c:f8:73:22:24:f9:11:a0:de:de:ca:
                    f2:48:ea:c5:eb:a9:83:95:54:2f:d5:f8:15:8c:4a:
                    08:c2:ba:55:48:37:f6:3c:e2:6a:59:6d:7b:c4:10:
                    50:1a:43:9f:82:9a:70:ab:8e:9f:8c:c9:21:83:e3:
                    16:21:6d:89:0d:ea:eb:12:0b:80:b0:5c:20:4d:e1:
                    3a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:56:94:6D:3C:B2:64:50:62:63:EB:18:AA:09:36:C3:CD:AE:0A:9F
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/u1aUbTyyZFBiY-sYqgk2w82uCp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1580::/44

    Signature Algorithm: sha256WithRSAEncryption
         ac:89:9d:fb:59:5b:fd:a1:e1:fd:d3:91:fd:b1:a7:e9:c7:06:
         07:b6:d5:ed:70:cc:86:f0:77:ee:e1:bc:9c:51:0c:14:5f:f5:
         36:e4:9c:ee:93:90:80:e0:33:13:16:1e:1a:a7:3e:87:12:a5:
         6d:d7:8e:10:9e:39:2f:e6:cd:76:55:61:02:10:91:f1:40:b1:
         51:e3:55:63:f1:a2:2e:a9:d2:26:87:2f:b4:40:b5:13:89:97:
         14:d3:a9:82:a1:fa:c4:5e:58:5b:1b:92:08:21:2d:e5:d1:a3:
         81:03:b3:f0:85:6c:e9:ea:88:1a:d8:c3:07:d9:3e:32:e0:ea:
         e4:a7:69:64:3b:15:ed:4a:d5:96:b5:65:20:dd:29:5c:03:27:
         61:be:52:d2:2d:eb:f4:e7:11:21:33:f1:3d:be:8d:1f:b0:c0:
         fc:7e:a2:3d:dc:7d:02:fa:ec:36:0d:37:18:57:f4:a8:87:61:
         62:0f:17:4b:16:90:3e:08:39:21:8f:ad:be:49:4c:06:cd:f5:
         f8:7a:5d:ec:19:01:64:89:31:8b:f1:ab:23:ae:0c:1f:71:69:
         57:2c:bb:38:9d:3a:9d:bb:77:76:44:0c:f4:a4:f3:0a:60:38:
         63:1b:6e:88:2f:70:dd:a7:42:4b:03:3d:64:54:d2:cb:98:b3:
         55:ae:e3:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJ4XjKQc6U2MetDpXnIRqJ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQxMDEwMjEzODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjU2OTQ2ZDNjYjI2NDUwNjI2M2ViMThhYTA5MzZjM2NkYWUwYTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oHQSR4cb9vJ4cLgcn3znoHrs6SD
Vfhx+2pL+6nbDs0TaLCKXuwYNJDLj7JzsvU84ph6RmhHd2z7+aJshE8/s6IXKVCF
2999yfwb8NR1kzrFHzUvZcg2LQG2sluSEtt19dU55sDU81qoEDs2D5sDeLU449tI
0aCBMsUIjZ5NuXDdjpgguNnFPNMS3x9xaVaphCbp4sou9J433yWkqeTvCLgYgk4H
Te7kQdsHEAGnMz9cQq8JZEA7DPhzIiT5EaDe3srySOrF66mDlVQv1fgVjEoIwrpV
SDf2POJqWW17xBBQGkOfgppwq46fjMkhg+MWIW2JDerrEguAsFwgTeE6WwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLtWlG08smRQYmPrGKoJNsPNrgqfMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvdTFhVWJUeXlaRkJpWS1zWXFnazJ3ODJ1Q3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBWA
MA0GCSqGSIb3DQEBCwUAA4IBAQCsiZ37WVv9oeH905H9safpxwYHttXtcMyG8Hfu
4bycUQwUX/U25Jzuk5CA4DMTFh4apz6HEqVt144Qnjkv5s12VWECEJHxQLFR41Vj
8aIuqdImhy+0QLUTiZcU06mCofrEXlhbG5IIIS3l0aOBA7PwhWzp6oga2MMH2T4y
4Orkp2lkOxXtStWWtWUg3SlcAydhvlLSLev05xEhM/E9vo0fsMD8fqI93H0C+uw2
DTcYV/Soh2FiDxdLFpA+CDkhj62+SUwGzfX4el3sGQFkiTGL8asjrgwfcWlXLLs4
nTqdu3d2RAz0pPMKYDhjG26IL3Ddp0JLAz1kVNLLmLNVruPx
-----END CERTIFICATE-----