Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ua6J-Kj1ANgjvk4Edh16nmvdn5s.roa
File:                     ua6J-Kj1ANgjvk4Edh16nmvdn5s.roa (raw, json)
Hash identifier:          AbNgCWJ5p+7RGqoO7GOe0vVXNUAaW44vGOlaciePuwg=
Subject key identifier:   B9:AE:89:F8:A8:F5:00:D8:23:BE:4E:04:76:1D:7A:9E:6B:DD:9F:9B
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018E894F1CE5459B5CD136B8ABB5099E8659
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ua6J-Kj1ANgjvk4Edh16nmvdn5s.roa
Signing time:             Fri 29 Mar 2024 08:24:07 +0000
ROA not before:           Fri 29 Mar 2024 08:24:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215290
IP address blocks:        2a12:bec4:10e0::/44 maxlen: 48
                          2a12:bec4:1130::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:89:4f:1c:e5:45:9b:5c:d1:36:b8:ab:b5:09:9e:86:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Mar 29 08:24:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9ae89f8a8f500d823be4e04761d7a9e6bdd9f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9c:d6:c1:a4:71:ee:39:f4:34:8a:01:ca:bf:
                    06:66:9d:c1:1a:99:b5:33:dc:4d:90:1f:56:99:23:
                    3c:27:44:b6:ef:f7:8a:d7:95:38:85:a6:e8:11:0e:
                    ca:b8:b0:9a:d0:ca:e5:5e:05:67:33:25:e5:ce:b5:
                    06:e1:af:10:91:be:4b:29:74:84:54:c7:17:81:9d:
                    f3:08:47:ca:26:08:fd:1d:81:c6:94:6a:e2:38:6a:
                    bc:0d:6a:ba:6b:c7:a2:c7:54:8c:16:21:c3:25:fd:
                    98:4b:11:9e:96:bc:b3:e9:f8:40:c4:69:47:66:7e:
                    5d:99:74:d1:be:e1:f6:a1:d1:aa:70:f3:5e:4c:10:
                    d6:e6:6a:f5:29:0b:6f:df:0c:db:c4:25:e8:00:da:
                    4a:fe:b7:bb:66:f7:d2:65:4b:c4:cd:47:c7:1b:94:
                    af:cd:40:cd:72:8c:64:dc:be:4c:37:9b:26:88:cc:
                    db:27:6e:ea:38:2a:5a:92:4f:29:eb:ed:c8:6c:8f:
                    a7:e0:be:18:49:b7:fc:77:90:24:c3:ca:00:e4:05:
                    9c:11:e6:8f:bf:dd:7c:51:28:22:52:21:52:25:8a:
                    d2:56:cb:11:79:d4:a0:20:a1:d2:ad:c6:23:69:0a:
                    bb:67:dd:ca:f3:f8:3e:06:be:e5:f1:07:15:c2:0f:
                    50:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:AE:89:F8:A8:F5:00:D8:23:BE:4E:04:76:1D:7A:9E:6B:DD:9F:9B
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ua6J-Kj1ANgjvk4Edh16nmvdn5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:10e0::/44
                  2a12:bec4:1130::/44

    Signature Algorithm: sha256WithRSAEncryption
         b6:fa:87:57:24:b8:82:b5:42:ed:18:ff:63:13:92:35:79:3d:
         c0:16:a7:15:b0:5c:74:70:83:cd:2e:d1:9d:6b:71:c8:7d:57:
         7f:35:43:0c:39:4a:8f:e5:d2:c3:cd:2d:0b:a5:02:72:a8:0d:
         56:f9:66:2f:b0:9f:9d:bf:e7:68:da:24:80:ec:48:32:84:ff:
         0b:ef:d7:58:f0:f1:e1:22:70:bb:46:fb:63:01:63:34:17:f4:
         a2:18:63:1c:77:8f:9f:15:b9:22:c3:a3:b8:69:2f:7b:77:1b:
         f5:70:84:68:6f:82:ee:57:cd:84:a1:76:4d:5c:5f:82:5a:90:
         04:de:52:9b:74:b8:6d:bd:1f:3e:18:87:cf:97:e9:a6:24:08:
         10:b8:29:b0:e5:86:28:20:37:4d:d4:f3:08:eb:98:79:77:7d:
         75:ef:b1:1c:47:f8:ce:bd:5c:e7:96:42:49:95:46:62:d4:19:
         5b:c4:65:92:69:bd:79:89:c5:a8:7f:83:c3:c0:7f:d7:be:f0:
         bb:1e:1a:46:74:4b:d5:51:db:1e:47:6c:68:72:c4:cb:5d:5e:
         e3:d4:31:75:e5:9b:3c:79:c1:d0:c5:23:aa:bd:bf:9f:2d:0b:
         ba:7d:21:a7:f6:ed:7a:f6:86:8c:19:c8:e2:ac:a4:0e:dd:02:
         85:b5:c0:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY6JTxzlRZtc0Ta4q7UJnoZZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMzI5MDgyNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWFlODlmOGE4ZjUwMGQ4MjNiZTRlMDQ3NjFkN2E5ZTZiZGQ5ZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZzWwaRx7jn0NIoByr8GZp3BGpm1
M9xNkB9WmSM8J0S27/eK15U4haboEQ7KuLCa0MrlXgVnMyXlzrUG4a8Qkb5LKXSE
VMcXgZ3zCEfKJgj9HYHGlGriOGq8DWq6a8eix1SMFiHDJf2YSxGelryz6fhAxGlH
Zn5dmXTRvuH2odGqcPNeTBDW5mr1KQtv3wzbxCXoANpK/re7ZvfSZUvEzUfHG5Sv
zUDNcoxk3L5MN5smiMzbJ27qOCpakk8p6+3IbI+n4L4YSbf8d5Akw8oA5AWcEeaP
v918USgiUiFSJYrSVssRedSgIKHSrcYjaQq7Z93K8/g+Br7l8QcVwg9QjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLmuifio9QDYI75OBHYdep5r3Z+bMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvdWE2Si1LajFBTmdqdms0RWRoMTZubXZkbjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xBDg
AwcEKhK+xBEwMA0GCSqGSIb3DQEBCwUAA4IBAQC2+odXJLiCtULtGP9jE5I1eT3A
FqcVsFx0cIPNLtGda3HIfVd/NUMMOUqP5dLDzS0LpQJyqA1W+WYvsJ+dv+do2iSA
7EgyhP8L79dY8PHhInC7RvtjAWM0F/SiGGMcd4+fFbkiw6O4aS97dxv1cIRob4Lu
V82EoXZNXF+CWpAE3lKbdLhtvR8+GIfPl+mmJAgQuCmw5YYoIDdN1PMI65h5d311
77EcR/jOvVznlkJJlUZi1BlbxGWSab15icWof4PDwH/XvvC7HhpGdEvVUdseR2xo
csTLXV7j1DF15Zs8ecHQxSOqvb+fLQu6fSGn9u169oaMGcjirKQO3QKFtcBD
-----END CERTIFICATE-----