Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/3LKPskcHkgdZmDf7twbFR_t9j1g.roa
File:                     3LKPskcHkgdZmDf7twbFR_t9j1g.roa (raw, json)
Hash identifier:          qw4Alz+08ISRB1s3SI+rURlEwFqWHbFY9FRQk4pnGAU=
Subject key identifier:   DC:B2:8F:B2:47:07:92:07:59:98:37:FB:B7:06:C5:47:FB:7D:8F:58
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0197F2AD3C96531F582906890EC7B8B72AFF
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/3LKPskcHkgdZmDf7twbFR_t9j1g.roa
Signing time:             Thu 10 Jul 2025 04:52:08 +0000
ROA not before:           Thu 10 Jul 2025 04:52:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213801
IP address blocks:        2a12:bec4:15f0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f2:ad:3c:96:53:1f:58:29:06:89:0e:c7:b8:b7:2a:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jul 10 04:52:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcb28fb247079207599837fbb706c547fb7d8f58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0f:00:75:d7:dc:a9:b4:55:14:2f:57:c6:3c:
                    78:c5:ee:2f:c5:b9:fc:ed:13:c9:15:18:d6:d3:87:
                    83:32:dc:98:75:9a:df:d1:21:bc:cc:03:70:3f:9d:
                    19:53:ac:e2:d9:44:e1:0e:d8:a7:77:6e:0f:3f:5b:
                    49:71:64:17:d4:38:7b:ee:f5:c0:f4:11:23:79:8f:
                    72:e3:cf:cb:8d:e1:76:e9:b2:d3:ac:0a:52:b0:ff:
                    de:f8:fd:dd:0d:a2:bf:4b:03:9b:c8:c8:0e:08:d1:
                    fb:a8:c8:8e:c5:da:01:b6:7a:e3:ae:5b:d4:42:d8:
                    28:be:2f:02:65:f0:7e:bd:b2:55:70:b6:a3:3d:5d:
                    fc:e0:8e:df:00:11:51:d0:64:f6:2d:95:44:83:09:
                    a3:4a:e1:32:66:71:b7:ec:45:e0:d0:65:d4:5e:af:
                    2f:e4:43:86:e5:fd:4e:d5:2a:e7:fe:55:1f:2b:2d:
                    1a:ee:72:d5:ad:10:2f:1d:34:fb:c3:88:1a:7c:33:
                    75:af:5b:5c:8f:27:48:24:43:1c:56:db:40:11:52:
                    c0:99:24:8d:f6:07:b0:b7:12:c5:c0:9e:e0:45:c5:
                    4c:a4:de:46:34:7c:1c:00:0c:e8:2f:d4:b8:3e:ac:
                    49:e4:09:90:66:d5:b5:6b:b7:bc:b0:6b:79:de:ba:
                    73:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B2:8F:B2:47:07:92:07:59:98:37:FB:B7:06:C5:47:FB:7D:8F:58
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/3LKPskcHkgdZmDf7twbFR_t9j1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:15f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         83:f4:68:a5:f0:34:04:1f:e5:25:71:a3:a7:89:42:ca:d8:62:
         1e:dd:cf:e4:85:61:52:98:48:ea:dc:00:45:bd:08:82:5b:66:
         17:ae:99:e3:74:26:83:2b:2d:66:27:67:f0:71:f9:d0:9f:8c:
         8f:15:7c:ac:dc:40:10:56:46:18:9d:93:1d:d4:e1:e8:a7:10:
         dd:a0:b7:5e:04:93:a1:04:91:4b:21:56:0a:d5:a2:bc:ea:fa:
         f8:93:d8:ca:93:48:34:cb:30:dd:40:a9:a4:b3:92:11:fd:7b:
         8c:24:7e:2f:f4:ca:39:6e:fc:8e:6c:ec:25:35:02:28:79:05:
         4e:7c:76:2a:03:42:e7:c6:e1:6d:4d:54:69:f7:4b:d7:a4:28:
         79:57:3d:6c:90:b1:74:18:8c:72:f3:69:37:c6:70:78:19:23:
         c8:a4:13:27:82:ad:4f:ae:72:4a:80:58:51:f2:5b:08:83:48:
         52:f9:10:da:31:77:df:4a:79:0a:7d:8b:4a:7c:f6:54:4a:1e:
         4b:d8:de:58:36:ec:00:4f:ed:c9:81:ad:05:59:7c:48:f6:84:
         69:54:37:98:dd:6a:91:cb:5c:57:50:ef:77:40:bb:c8:0c:79:
         92:b5:1c:11:3a:cf:38:42:f1:10:c6:63:67:80:15:0e:22:20:
         11:3b:ad:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfyrTyWUx9YKQaJDse4tyr/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNzEwMDQ1MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2IyOGZiMjQ3MDc5MjA3NTk5ODM3ZmJiNzA2YzU0N2ZiN2Q4ZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQ8AddfcqbRVFC9Xxjx4xe4vxbn8
7RPJFRjW04eDMtyYdZrf0SG8zANwP50ZU6zi2UThDtind24PP1tJcWQX1Dh77vXA
9BEjeY9y48/LjeF26bLTrApSsP/e+P3dDaK/SwObyMgOCNH7qMiOxdoBtnrjrlvU
Qtgovi8CZfB+vbJVcLajPV384I7fABFR0GT2LZVEgwmjSuEyZnG37EXg0GXUXq8v
5EOG5f1O1Srn/lUfKy0a7nLVrRAvHTT7w4gafDN1r1tcjydIJEMcVttAEVLAmSSN
9gewtxLFwJ7gRcVMpN5GNHwcAAzoL9S4PqxJ5AmQZtW1a7e8sGt53rpzaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNyyj7JHB5IHWZg3+7cGxUf7fY9YMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvM0xLUHNrY0hrZ2RabURmN3R3YkZSX3Q5ajFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBXw
MA0GCSqGSIb3DQEBCwUAA4IBAQCD9Gil8DQEH+UlcaOniULK2GIe3c/khWFSmEjq
3ABFvQiCW2YXrpnjdCaDKy1mJ2fwcfnQn4yPFXys3EAQVkYYnZMd1OHopxDdoLde
BJOhBJFLIVYK1aK86vr4k9jKk0g0yzDdQKmks5IR/XuMJH4v9Mo5bvyObOwlNQIo
eQVOfHYqA0LnxuFtTVRp90vXpCh5Vz1skLF0GIxy82k3xnB4GSPIpBMngq1PrnJK
gFhR8lsIg0hS+RDaMXffSnkKfYtKfPZUSh5L2N5YNuwAT+3Jga0FWXxI9oRpVDeY
3WqRy1xXUO93QLvIDHmStRwROs84QvEQxmNngBUOIiARO62w
-----END CERTIFICATE-----