Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/zCdf8sd03ub4hCbzfG7AQ3oVVq0.roa
File:                     zCdf8sd03ub4hCbzfG7AQ3oVVq0.roa (raw, json)
Hash identifier:          dEC7Hee2xcKMb8slaVUpcyohYBYDoDkLqkwhM8+k6gA=
Subject key identifier:   CC:27:5F:F2:C7:74:DE:E6:F8:84:26:F3:7C:6E:C0:43:7A:15:56:AD
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC64A10AB7EB6465B408FD51212204D67
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/zCdf8sd03ub4hCbzfG7AQ3oVVq0.roa
Signing time:             Mon 01 Jan 2024 18:29:51 +0000
ROA not before:           Mon 01 Jan 2024 18:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216201
IP address blocks:        2a12:bec0:530::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:10:ab:7e:b6:46:5b:40:8f:d5:12:12:20:4d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc275ff2c774dee6f88426f37c6ec0437a1556ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e7:6d:ba:75:e2:af:d1:16:bf:d8:dc:87:79:
                    d6:0b:37:db:7b:5c:6f:a4:9f:17:d7:67:49:51:3a:
                    08:4c:18:90:68:31:b6:cc:db:7e:12:5f:7f:96:cc:
                    05:c9:3d:75:52:41:d9:c3:0c:ec:97:e2:ae:41:3c:
                    5f:ba:5b:74:27:6b:8b:bf:3c:9a:d5:7d:d3:71:4d:
                    c5:b7:1f:78:b5:f1:b7:af:78:23:11:49:09:bc:29:
                    e1:bc:24:b1:73:f5:b4:c0:c8:fc:7f:0a:fa:ac:ec:
                    16:62:54:87:55:30:9f:30:87:c7:ca:95:f6:31:22:
                    a9:56:ce:35:4d:9d:76:98:75:04:d7:c0:b8:cd:f8:
                    10:f9:c7:91:0a:b4:dd:c3:94:16:a7:bf:c7:97:18:
                    96:6c:0a:9d:80:8b:3b:f1:9e:47:12:6c:6a:b7:a0:
                    a3:42:d7:9d:c4:c1:37:8d:47:18:cc:aa:d1:3c:85:
                    dc:45:8c:9a:83:8d:d8:c2:13:e3:4c:69:37:54:7c:
                    05:ab:73:1d:1b:7d:36:47:fa:eb:55:96:16:7e:a0:
                    47:44:ce:0e:c6:01:62:4a:7e:2a:fd:e9:ca:82:ae:
                    2d:b1:5c:73:31:98:d6:a1:e5:5c:d1:01:a1:b5:e9:
                    50:38:86:21:1d:67:d0:9d:cd:6a:89:f3:45:2b:67:
                    38:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:27:5F:F2:C7:74:DE:E6:F8:84:26:F3:7C:6E:C0:43:7A:15:56:AD
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/zCdf8sd03ub4hCbzfG7AQ3oVVq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:530::/44

    Signature Algorithm: sha256WithRSAEncryption
         1e:32:2e:42:e0:bd:1f:39:79:02:4e:36:7f:ea:e7:ef:2e:cc:
         9b:00:29:7e:36:99:eb:e3:7e:00:a5:24:d8:fa:32:2d:a2:44:
         9e:c1:fc:44:f8:91:94:44:30:14:9e:d5:c4:f8:6e:e2:f4:99:
         6e:b0:4f:49:cb:17:fc:35:bf:15:1d:7a:34:7c:3e:2f:92:7c:
         2d:47:c7:1e:d9:07:9a:a1:5f:1d:c0:3d:01:c2:0e:1d:9a:2b:
         b6:1e:1d:c9:da:5d:52:3a:fc:71:75:59:b8:56:1c:2b:ff:e5:
         f3:c4:e8:83:40:c1:63:16:94:40:48:7a:06:be:b5:ff:16:a5:
         49:4c:16:44:c4:df:7f:41:24:00:2c:00:37:98:01:4c:5d:98:
         dd:f1:da:31:18:d9:57:b5:9d:6d:99:49:ce:32:65:e1:19:a0:
         2e:b8:d7:ab:65:71:cd:cd:63:ee:3b:d6:09:13:d9:07:e0:2f:
         73:14:09:cb:09:76:ff:36:be:0e:d9:5f:d8:00:e6:78:cf:a2:
         c3:3d:97:dc:af:cb:d0:34:c3:76:84:fc:b4:7b:42:c6:9f:91:
         0f:57:2c:cb:5f:d3:0f:1a:7c:f8:d3:26:3b:f8:bd:d1:e7:85:
         1e:76:66:57:65:71:68:1e:c0:22:65:54:b9:53:24:57:6c:6b:
         ac:69:d1:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGShCrfrZGW0CP1RISIE1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzI3NWZmMmM3NzRkZWU2Zjg4NDI2ZjM3YzZlYzA0MzdhMTU1NmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuedtunXir9EWv9jch3nWCzfbe1xv
pJ8X12dJUToITBiQaDG2zNt+El9/lswFyT11UkHZwwzsl+KuQTxfult0J2uLvzya
1X3TcU3Ftx94tfG3r3gjEUkJvCnhvCSxc/W0wMj8fwr6rOwWYlSHVTCfMIfHypX2
MSKpVs41TZ12mHUE18C4zfgQ+ceRCrTdw5QWp7/HlxiWbAqdgIs78Z5HEmxqt6Cj
QtedxME3jUcYzKrRPIXcRYyag43YwhPjTGk3VHwFq3MdG302R/rrVZYWfqBHRM4O
xgFiSn4q/enKgq4tsVxzMZjWoeVc0QGhtelQOIYhHWfQnc1qifNFK2c4QQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMwnX/LHdN7m+IQm83xuwEN6FVatMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvekNkZjhzZDAzdWI0aENiemZHN0FRM29WVnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAUw
MA0GCSqGSIb3DQEBCwUAA4IBAQAeMi5C4L0fOXkCTjZ/6ufvLsybACl+Npnr434A
pSTY+jItokSewfxE+JGURDAUntXE+G7i9JlusE9Jyxf8Nb8VHXo0fD4vknwtR8ce
2QeaoV8dwD0Bwg4dmiu2Hh3J2l1SOvxxdVm4Vhwr/+XzxOiDQMFjFpRASHoGvrX/
FqVJTBZExN9/QSQALAA3mAFMXZjd8doxGNlXtZ1tmUnOMmXhGaAuuNerZXHNzWPu
O9YJE9kH4C9zFAnLCXb/Nr4O2V/YAOZ4z6LDPZfcr8vQNMN2hPy0e0LGn5EPVyzL
X9MPGnz40yY7+L3R54UedmZXZXFoHsAiZVS5UyRXbGusadE9
-----END CERTIFICATE-----