Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/vTbCJ9zvInELCuzLyD8TV5KA3iM.roa
File:                     vTbCJ9zvInELCuzLyD8TV5KA3iM.roa (raw, json)
Hash identifier:          6k9RE4H3vRV2GW6NHCx0tmkeLWMaZGb/bjEMeiJD9sU=
Subject key identifier:   BD:36:C2:27:DC:EF:22:71:0B:0A:EC:CB:C8:3F:13:57:92:80:DE:23
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019250A9A91483ED03C9DAA8C8EAA7AD1B96
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/vTbCJ9zvInELCuzLyD8TV5KA3iM.roa
Signing time:             Thu 03 Oct 2024 04:35:49 +0000
ROA not before:           Thu 03 Oct 2024 04:35:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        2a12:bec0:420::/44 maxlen: 48
                          2a12:bec4:13f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:50:a9:a9:14:83:ed:03:c9:da:a8:c8:ea:a7:ad:1b:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Oct  3 04:35:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd36c227dcef22710b0aeccbc83f13579280de23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:53:20:c8:a5:c7:85:98:ea:55:0c:73:7f:11:
                    55:15:95:9d:87:0b:e6:4c:5f:e7:68:34:53:e3:0b:
                    b3:98:d0:4e:01:64:32:e1:e5:ee:45:b4:28:48:20:
                    fd:9f:a5:d8:9c:f8:04:b2:6d:0f:12:87:4f:a9:7d:
                    c8:fa:59:12:48:d2:6f:98:1f:47:7c:a2:31:9b:65:
                    1d:2a:80:6f:0e:1c:ef:a3:60:d6:58:94:50:d2:2b:
                    27:22:d3:dd:db:2a:50:6c:11:4e:db:1f:79:38:7f:
                    a3:2e:96:79:c0:91:f0:04:f2:16:a3:19:1e:f4:70:
                    e7:aa:92:73:c2:65:8d:cc:dc:5f:25:10:86:98:fa:
                    3f:cc:78:ad:96:27:d1:5c:9e:c7:5b:75:8c:9b:89:
                    d3:46:a6:31:c6:a3:ad:aa:8e:1a:71:0d:68:80:8c:
                    aa:40:d9:fa:01:56:83:64:72:52:2f:c8:ad:d5:66:
                    40:76:9f:b0:47:94:61:74:0e:b0:2d:1b:d7:e9:9c:
                    3a:a9:b9:65:fd:7d:d7:84:6e:b3:97:03:2f:bd:41:
                    39:2a:a5:85:9e:d8:e6:9e:9e:66:25:73:3b:2b:09:
                    2c:70:a6:0c:e3:06:e2:bb:ef:f7:71:94:d5:22:60:
                    99:33:c3:3b:b8:ec:f7:f2:5c:2a:23:dd:76:89:37:
                    c2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:36:C2:27:DC:EF:22:71:0B:0A:EC:CB:C8:3F:13:57:92:80:DE:23
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/vTbCJ9zvInELCuzLyD8TV5KA3iM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:420::/44
                  2a12:bec4:13f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         c1:9b:5b:97:98:80:0f:4f:21:66:92:ea:fb:18:48:60:6d:1b:
         cf:3a:c9:6d:d7:5d:37:f5:9c:70:1f:5f:8b:d4:10:30:ad:12:
         c2:4b:f9:4e:d8:9b:fc:bd:9a:9c:2c:04:08:da:1b:a5:6e:61:
         b1:9a:84:2b:04:b5:25:36:bf:22:e6:f6:96:1f:57:45:70:af:
         cf:b4:b1:24:fd:e9:c4:8a:a9:1f:31:8a:0b:50:e2:36:2a:10:
         ec:e1:b7:4b:a5:ab:ad:78:5c:c3:b2:21:3a:74:8c:88:c1:95:
         14:d7:35:d4:6f:0d:08:fa:7e:1e:65:f6:67:63:16:16:11:b1:
         1b:29:dd:94:2f:1d:65:5d:36:67:92:a2:da:5c:a9:91:a3:22:
         c9:d7:c4:59:bd:dc:0b:75:d8:7e:d8:d5:3d:20:c3:9a:0d:47:
         4d:01:f0:9c:52:ce:2f:d5:5b:cc:7e:09:50:d1:dc:e2:9a:11:
         2e:32:1f:40:97:b1:25:b4:a7:49:45:ec:64:01:fa:ce:a6:98:
         50:1a:89:8c:b7:ff:a2:47:d2:e2:29:33:da:4c:26:de:ef:5a:
         ce:3d:b8:d2:53:fd:33:48:2c:d2:bd:1a:3e:fb:c1:24:96:a7:
         fd:15:cc:dc:9b:9a:a4:e3:16:e1:6a:e0:14:16:13:73:94:ee:
         75:0f:57:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZJQqakUg+0DydqoyOqnrRuWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQxMDAzMDQzNTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDM2YzIyN2RjZWYyMjcxMGIwYWVjY2JjODNmMTM1NzkyODBkZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lMgyKXHhZjqVQxzfxFVFZWdhwvm
TF/naDRT4wuzmNBOAWQy4eXuRbQoSCD9n6XYnPgEsm0PEodPqX3I+lkSSNJvmB9H
fKIxm2UdKoBvDhzvo2DWWJRQ0isnItPd2ypQbBFO2x95OH+jLpZ5wJHwBPIWoxke
9HDnqpJzwmWNzNxfJRCGmPo/zHitlifRXJ7HW3WMm4nTRqYxxqOtqo4acQ1ogIyq
QNn6AVaDZHJSL8it1WZAdp+wR5RhdA6wLRvX6Zw6qbll/X3XhG6zlwMvvUE5KqWF
ntjmnp5mJXM7KwkscKYM4wbiu+/3cZTVImCZM8M7uOz38lwqI912iTfC0wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL02wifc7yJxCwrsy8g/E1eSgN4jMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvdlRiQ0o5enZJbkVMQ3V6THlEOFRWNUtBM2lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+wAQg
AwcEKhK+xBPwMA0GCSqGSIb3DQEBCwUAA4IBAQDBm1uXmIAPTyFmkur7GEhgbRvP
Oslt11039ZxwH1+L1BAwrRLCS/lO2Jv8vZqcLAQI2hulbmGxmoQrBLUlNr8i5vaW
H1dFcK/PtLEk/enEiqkfMYoLUOI2KhDs4bdLpauteFzDsiE6dIyIwZUU1zXUbw0I
+n4eZfZnYxYWEbEbKd2ULx1lXTZnkqLaXKmRoyLJ18RZvdwLddh+2NU9IMOaDUdN
AfCcUs4v1VvMfglQ0dzimhEuMh9Al7EltKdJRexkAfrOpphQGomMt/+iR9LiKTPa
TCbe71rOPbjSU/0zSCzSvRo++8Eklqf9Fczcm5qk4xbhauAUFhNzlO51D1cc
-----END CERTIFICATE-----