Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/wMWN6YvTGleBmo_tFngbNeysyhA.roa
File:                     wMWN6YvTGleBmo_tFngbNeysyhA.roa (raw, json)
Hash identifier:          31J5gfgbWFAyul+BUqGyFiOKrYX7LXm/JtzykTu0njI=
Subject key identifier:   C0:C5:8D:E9:8B:D3:1A:57:81:9A:8F:ED:16:78:1B:35:EC:AC:CA:10
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0193253858ED5D9CE04CDF4B1C089810887D
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/wMWN6YvTGleBmo_tFngbNeysyhA.roa
Signing time:             Wed 13 Nov 2024 11:11:09 +0000
ROA not before:           Wed 13 Nov 2024 11:11:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214422
IP address blocks:        2a12:bec4:150::/44 maxlen: 44
                          2a12:bec4:1460::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:25:38:58:ed:5d:9c:e0:4c:df:4b:1c:08:98:10:88:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Nov 13 11:11:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0c58de98bd31a57819a8fed16781b35ecacca10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:03:8a:6a:c4:df:19:75:3f:9e:81:12:2c:09:
                    e5:30:46:2b:51:a8:49:75:6e:a0:3a:f9:df:92:f4:
                    93:ba:fc:bf:ca:25:6c:59:1f:74:f3:12:23:28:81:
                    38:c2:7a:ca:39:15:5d:0c:ed:05:7d:d2:e7:88:87:
                    8c:6a:6b:ee:c2:09:64:45:9d:1d:07:fb:7d:08:25:
                    90:b7:ed:4a:f7:1d:45:8b:a4:a1:cc:86:1f:e2:6e:
                    08:5f:d0:37:db:01:74:fd:3f:a5:f7:20:75:b7:65:
                    31:a1:27:cf:5a:16:3f:57:77:2d:bd:8d:7b:08:98:
                    28:b0:f7:3e:59:17:e7:61:45:81:a2:46:48:b0:80:
                    e2:b3:02:8f:80:c4:7a:7f:59:11:01:2e:5a:11:b9:
                    84:6c:d8:c3:db:c4:1d:6b:9a:8c:20:80:ca:80:82:
                    e4:5d:92:03:5b:09:33:f2:1e:fa:2f:5f:8a:1c:19:
                    19:4a:41:36:0c:2c:70:ae:4c:5d:a8:ca:7f:7c:e9:
                    fb:8b:c4:53:dd:3c:ff:bc:5e:2c:89:63:3b:86:a9:
                    5b:ec:b0:9f:0a:f5:b4:2f:81:c9:f7:74:88:58:2a:
                    92:8d:19:8e:7a:68:29:8a:76:37:a7:79:de:c5:7b:
                    f8:74:c5:f9:ba:92:2b:c7:5f:04:7d:10:fb:62:95:
                    0c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C5:8D:E9:8B:D3:1A:57:81:9A:8F:ED:16:78:1B:35:EC:AC:CA:10
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/wMWN6YvTGleBmo_tFngbNeysyhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:150::/44
                  2a12:bec4:1460::/44

    Signature Algorithm: sha256WithRSAEncryption
         38:3c:7f:dc:80:a6:25:07:9a:01:d6:fb:46:b1:4c:88:23:16:
         0f:09:cf:64:f5:72:8e:82:d2:e3:93:9f:d2:98:ab:9b:e6:92:
         55:23:5c:4e:ba:a8:3a:9a:b3:da:54:78:41:62:f6:6f:d3:4f:
         74:97:ea:e8:bc:6a:57:c9:72:d8:87:01:d4:a2:9e:ad:47:f4:
         a6:9b:89:43:c1:af:38:ff:ad:d3:6b:2d:b8:4e:39:40:60:96:
         3a:d9:a6:7b:fa:1e:2d:4f:09:73:62:91:99:fc:a4:c3:fb:97:
         a7:27:29:df:98:9c:f5:68:86:fd:8a:8f:86:18:75:68:43:d0:
         32:80:a7:b8:23:b8:df:e5:af:55:75:7c:2f:99:3b:db:ff:c1:
         2b:12:2f:d2:f8:d8:36:b6:eb:88:2b:c7:7c:c2:f5:97:fa:54:
         70:3d:7d:37:7f:fd:05:00:41:53:4f:c6:71:fe:e7:84:bb:c6:
         b2:37:7f:5e:a3:f7:e2:b8:aa:18:4e:85:3b:34:b9:76:9c:f4:
         3d:d5:53:77:78:3a:6b:9c:7a:b6:f2:f7:c7:b2:52:00:c6:05:
         a8:f3:3e:b0:be:21:24:62:18:00:bb:98:46:a0:c6:d5:97:cf:
         38:67:44:cc:70:0a:c5:e3:1e:9c:8c:27:ec:3b:2d:21:ea:e8:
         e0:ce:d0:80
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMlOFjtXZzgTN9LHAiYEIh9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQxMTEzMTExMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGM1OGRlOThiZDMxYTU3ODE5YThmZWQxNjc4MWIzNWVjYWNjYTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgOKasTfGXU/noESLAnlMEYrUahJ
dW6gOvnfkvSTuvy/yiVsWR908xIjKIE4wnrKORVdDO0FfdLniIeMamvuwglkRZ0d
B/t9CCWQt+1K9x1Fi6ShzIYf4m4IX9A32wF0/T+l9yB1t2UxoSfPWhY/V3ctvY17
CJgosPc+WRfnYUWBokZIsIDiswKPgMR6f1kRAS5aEbmEbNjD28Qda5qMIIDKgILk
XZIDWwkz8h76L1+KHBkZSkE2DCxwrkxdqMp/fOn7i8RT3Tz/vF4siWM7hqlb7LCf
CvW0L4HJ93SIWCqSjRmOemgpinY3p3nexXv4dMX5upIrx18EfRD7YpUM3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMDFjemL0xpXgZqP7RZ4GzXsrMoQMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvd01XTjZZdlRHbGVCbW9fdEZuZ2JOZXlzeWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xAFQ
AwcEKhK+xBRgMA0GCSqGSIb3DQEBCwUAA4IBAQA4PH/cgKYlB5oB1vtGsUyIIxYP
Cc9k9XKOgtLjk5/SmKub5pJVI1xOuqg6mrPaVHhBYvZv0090l+rovGpXyXLYhwHU
op6tR/Smm4lDwa84/63Tay24TjlAYJY62aZ7+h4tTwlzYpGZ/KTD+5enJynfmJz1
aIb9io+GGHVoQ9AygKe4I7jf5a9VdXwvmTvb/8ErEi/S+Ng2tuuIK8d8wvWX+lRw
PX03f/0FAEFTT8Zx/ueEu8ayN39eo/fiuKoYToU7NLl2nPQ91VN3eDprnHq28vfH
slIAxgWo8z6wviEkYhgAu5hGoMbVl884Z0TMcArF4x6cjCfsOy0h6ujgztCA
-----END CERTIFICATE-----