Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/xxUWMIYl58IWHYNHD_mxuiPIXKg.roa
File:                     xxUWMIYl58IWHYNHD_mxuiPIXKg.roa (raw, json)
Hash identifier:          OluDLTxho8AbwabWNI7YcFNJcszvo0Fh0aGwcvIQLl4=
Subject key identifier:   C7:15:16:30:86:25:E7:C2:16:1D:83:47:0F:F9:B1:BA:23:C8:5C:A8
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A0A4F7F5EAB142BDB69A534FD7369
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/xxUWMIYl58IWHYNHD_mxuiPIXKg.roa
Signing time:             Mon 01 Jan 2024 18:29:50 +0000
ROA not before:           Mon 01 Jan 2024 18:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209263
IP address blocks:        2a12:bec0:60::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:0a:4f:7f:5e:ab:14:2b:db:69:a5:34:fd:73:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c71516308625e7c2161d83470ff9b1ba23c85ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:26:93:90:c3:82:1f:43:45:cc:4e:28:2e:d3:
                    b7:48:44:e6:af:97:af:b0:04:a9:63:ca:e8:44:f8:
                    93:01:8d:71:40:55:40:c2:7a:8c:ff:7e:93:57:08:
                    6a:4c:c8:2a:76:f4:a4:3c:8e:d6:7b:aa:ed:9d:a4:
                    d2:fb:f3:8d:57:40:1a:3d:1a:44:c3:31:9b:0b:34:
                    d4:db:32:aa:24:6c:c1:75:9a:47:03:e9:4a:fe:75:
                    d3:b9:96:7c:97:a1:4d:f9:b1:eb:6e:90:26:77:0d:
                    ef:95:61:c2:10:8b:cb:4d:92:11:62:77:59:b7:09:
                    db:7e:e8:a9:76:ff:20:5d:57:00:34:39:d7:ea:7f:
                    39:00:31:37:11:7a:40:7c:f0:08:95:d2:f6:76:0c:
                    cc:8e:49:7d:c2:67:a3:1f:1d:dc:36:b9:cd:ad:e7:
                    3e:b3:96:89:90:3e:bc:df:86:89:d4:c2:5d:06:7b:
                    7c:cf:e1:a5:e5:c9:ee:bd:f3:86:91:65:73:24:f8:
                    87:5a:10:32:17:bb:5a:59:f9:a6:6b:88:22:a7:fc:
                    1c:cd:59:e0:5b:2b:29:04:38:03:17:e3:eb:fe:5d:
                    c9:99:00:0b:ca:92:19:73:1f:7a:38:88:46:7e:46:
                    41:03:4c:23:83:28:d6:b4:bd:f9:61:3c:7e:c9:73:
                    cd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:15:16:30:86:25:E7:C2:16:1D:83:47:0F:F9:B1:BA:23:C8:5C:A8
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/xxUWMIYl58IWHYNHD_mxuiPIXKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:60::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:79:c3:5e:b1:45:fe:c0:56:81:a4:94:ad:a9:2a:ae:51:17:
         ee:37:e6:76:34:c8:9c:40:9c:99:5e:cd:6e:73:53:d4:45:28:
         1e:6e:1b:ac:42:fb:3d:fe:1e:bf:b7:02:c8:89:92:fa:d4:b2:
         98:18:49:3f:78:9f:0e:e8:44:07:60:84:b6:7f:ce:e5:86:13:
         f8:3b:f8:b2:72:71:37:fc:0f:70:1d:7e:92:57:5d:63:f9:94:
         c5:b8:7b:3b:47:88:52:df:c6:7b:c1:05:25:4c:ec:50:00:27:
         91:7b:c8:d3:19:af:84:d5:e0:f5:c8:b2:a5:74:2d:35:cc:af:
         9f:90:aa:f0:0e:a0:35:cf:42:7d:58:de:28:fc:90:96:00:37:
         72:4b:3c:f2:fa:70:77:c7:4b:5f:ec:ab:0d:01:01:96:2e:6e:
         4a:51:17:06:06:fa:03:4b:f4:90:a8:55:d8:5d:27:33:9d:5f:
         d5:71:f6:8c:d4:04:79:04:be:bf:a4:98:75:e8:ab:b3:9b:6d:
         42:c7:66:57:08:d1:9f:63:44:e6:78:ed:2e:b1:b2:af:20:8b:
         dd:80:69:4c:0a:dc:80:41:9b:c4:a6:b6:b2:56:8e:e2:ed:be:
         33:b5:b7:e4:60:55:b8:c4:a6:28:b6:53:4b:72:45:b4:db:83:
         92:3d:7f:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSgpPf16rFCvbaaU0/XNpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzE1MTYzMDg2MjVlN2MyMTYxZDgzNDcwZmY5YjFiYTIzYzg1Y2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSaTkMOCH0NFzE4oLtO3SETmr5ev
sASpY8roRPiTAY1xQFVAwnqM/36TVwhqTMgqdvSkPI7We6rtnaTS+/ONV0AaPRpE
wzGbCzTU2zKqJGzBdZpHA+lK/nXTuZZ8l6FN+bHrbpAmdw3vlWHCEIvLTZIRYndZ
twnbfuipdv8gXVcANDnX6n85ADE3EXpAfPAIldL2dgzMjkl9wmejHx3cNrnNrec+
s5aJkD6834aJ1MJdBnt8z+Gl5cnuvfOGkWVzJPiHWhAyF7taWfmma4gip/wczVng
WyspBDgDF+Pr/l3JmQALypIZcx96OIhGfkZBA0wjgyjWtL35YTx+yXPNWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMcVFjCGJefCFh2DRw/5sbojyFyoMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEveHhVV01JWWw1OElXSFlOSERfbXh1aVBJWEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+wABg
MA0GCSqGSIb3DQEBCwUAA4IBAQA+ecNesUX+wFaBpJStqSquURfuN+Z2NMicQJyZ
Xs1uc1PURSgebhusQvs9/h6/twLIiZL61LKYGEk/eJ8O6EQHYIS2f87lhhP4O/iy
cnE3/A9wHX6SV11j+ZTFuHs7R4hS38Z7wQUlTOxQACeRe8jTGa+E1eD1yLKldC01
zK+fkKrwDqA1z0J9WN4o/JCWADdySzzy+nB3x0tf7KsNAQGWLm5KURcGBvoDS/SQ
qFXYXScznV/VcfaM1AR5BL6/pJh16Kuzm21Cx2ZXCNGfY0TmeO0usbKvIIvdgGlM
CtyAQZvEprayVo7i7b4ztbfkYFW4xKYotlNLckW024OSPX92
-----END CERTIFICATE-----