Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1WKAnvVv4a9xITw9zDEC7tGlpG8.roa
File:                     1WKAnvVv4a9xITw9zDEC7tGlpG8.roa (raw, json)
Hash identifier:          Ft6rIyNBeYHNZD7up5waRIr5tXaR0bjQH2edeqKA8f0=
Subject key identifier:   D5:62:80:9E:F5:6F:E1:AF:71:21:3C:3D:CC:31:02:EE:D1:A5:A4:6F
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01980AAF2D504E71E67404A7F8B986F4E0D7
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1WKAnvVv4a9xITw9zDEC7tGlpG8.roa
Signing time:             Mon 14 Jul 2025 20:45:09 +0000
ROA not before:           Mon 14 Jul 2025 20:45:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215439
IP address blocks:        2a12:bec4:110::/44 maxlen: 44
                          2a12:bec4:1180::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0a:af:2d:50:4e:71:e6:74:04:a7:f8:b9:86:f4:e0:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jul 14 20:45:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d562809ef56fe1af71213c3dcc3102eed1a5a46f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8d:e9:c9:64:33:3f:74:14:7c:eb:c2:75:f9:
                    ad:d3:9a:64:85:af:f9:94:7b:57:51:db:69:6e:7d:
                    a9:73:97:61:9a:7a:85:93:e8:c5:28:a5:a2:eb:ab:
                    dd:f9:e3:d7:43:1c:f6:7b:a1:0d:ef:c8:73:d5:ae:
                    65:52:51:3f:4f:2c:6f:5f:e7:40:d7:47:ac:fa:44:
                    92:02:c8:77:d8:4b:36:5f:e4:be:91:27:ec:08:5b:
                    68:bd:8d:d2:9b:86:5d:2d:24:e7:06:4c:f7:27:84:
                    9c:0f:c0:e4:40:b0:60:9c:b9:2e:08:9e:72:f6:f7:
                    94:6d:e0:64:9b:f8:47:16:23:75:60:c8:94:56:ca:
                    76:d5:4b:56:19:35:8c:f0:34:1a:c6:c8:e0:ef:a2:
                    b9:e1:bb:8d:90:d0:dd:ab:f5:84:ec:78:12:8c:24:
                    82:e0:e4:ca:e9:a7:20:43:8b:23:01:b7:4a:ea:8e:
                    89:9c:7b:78:09:a7:0f:ae:5a:48:02:c9:76:74:89:
                    f6:fe:bf:bf:99:5e:e9:63:52:a0:ca:b5:b8:77:fc:
                    24:62:51:a7:c4:c6:5f:df:13:74:83:26:d8:c3:53:
                    59:0a:0b:c4:8e:6f:3e:15:c1:ab:b4:d5:27:ce:f7:
                    c5:b0:32:23:a4:85:e4:bb:88:a8:3e:45:ce:ae:fa:
                    e9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:62:80:9E:F5:6F:E1:AF:71:21:3C:3D:CC:31:02:EE:D1:A5:A4:6F
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1WKAnvVv4a9xITw9zDEC7tGlpG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:110::/44
                  2a12:bec4:1180::/44

    Signature Algorithm: sha256WithRSAEncryption
         5f:bf:e8:f9:8c:41:b1:3a:43:58:2c:b6:fa:46:74:71:d4:4d:
         f2:0a:33:d1:89:a9:53:93:ab:79:1a:ef:ff:3c:55:8a:af:13:
         52:54:e6:10:92:ff:57:99:f7:78:fa:e0:19:95:96:c2:7e:37:
         90:e9:f3:7a:6b:a1:17:d0:d3:76:70:c1:39:e8:01:ab:c1:ad:
         cc:4b:42:09:20:6b:1d:b0:44:69:15:55:13:f2:14:2a:fd:d8:
         7e:90:42:f4:5a:1e:ad:26:1e:79:d3:6c:2a:e7:7e:22:f4:e3:
         5b:e8:31:5f:70:10:19:ee:5b:6f:60:5c:e5:bc:bf:fb:16:38:
         a2:13:ad:0e:40:db:e8:18:52:53:b0:17:e4:5e:01:ab:b4:0f:
         be:e3:09:bf:79:4b:7b:48:b0:93:a9:3e:72:be:3e:55:c9:e2:
         97:80:e0:0b:d9:0f:a0:e6:20:5a:23:f5:86:21:e8:77:eb:ce:
         bf:e0:0e:25:77:4c:af:2a:00:38:29:53:d6:82:ed:59:cd:40:
         ce:16:34:5b:a7:d1:fc:97:ee:27:04:61:df:38:8a:6b:e1:c5:
         39:03:5d:29:25:2e:4f:05:24:de:c2:48:56:71:28:b4:83:69:
         ae:52:5b:f8:80:9b:53:d4:cc:7b:28:34:71:06:7d:cd:bf:c0:
         a2:a9:f3:90
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgKry1QTnHmdASn+LmG9ODXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNzE0MjA0NTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTYyODA5ZWY1NmZlMWFmNzEyMTNjM2RjYzMxMDJlZWQxYTVhNDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm43pyWQzP3QUfOvCdfmt05pkha/5
lHtXUdtpbn2pc5dhmnqFk+jFKKWi66vd+ePXQxz2e6EN78hz1a5lUlE/TyxvX+dA
10es+kSSAsh32Es2X+S+kSfsCFtovY3Sm4ZdLSTnBkz3J4ScD8DkQLBgnLkuCJ5y
9veUbeBkm/hHFiN1YMiUVsp21UtWGTWM8DQaxsjg76K54buNkNDdq/WE7HgSjCSC
4OTK6acgQ4sjAbdK6o6JnHt4CacPrlpIAsl2dIn2/r+/mV7pY1KgyrW4d/wkYlGn
xMZf3xN0gybYw1NZCgvEjm8+FcGrtNUnzvfFsDIjpIXku4ioPkXOrvrpqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNVigJ71b+GvcSE8PcwxAu7RpaRvMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMVdLQW52VnY0YTl4SVR3OXpERUM3dEdscEc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xAEQ
AwcEKhK+xBGAMA0GCSqGSIb3DQEBCwUAA4IBAQBfv+j5jEGxOkNYLLb6RnRx1E3y
CjPRialTk6t5Gu//PFWKrxNSVOYQkv9Xmfd4+uAZlZbCfjeQ6fN6a6EX0NN2cME5
6AGrwa3MS0IJIGsdsERpFVUT8hQq/dh+kEL0Wh6tJh5502wq534i9ONb6DFfcBAZ
7ltvYFzlvL/7FjiiE60OQNvoGFJTsBfkXgGrtA++4wm/eUt7SLCTqT5yvj5VyeKX
gOAL2Q+g5iBaI/WGIeh3686/4A4ld0yvKgA4KVPWgu1ZzUDOFjRbp9H8l+4nBGHf
OIpr4cU5A10pJS5PBSTewkhWcSi0g2muUlv4gJtT1Mx7KDRxBn3Nv8CiqfOQ
-----END CERTIFICATE-----