Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/5dH_C8W5v47xug2ZyWYlzKecF_g.roa
File:                     5dH_C8W5v47xug2ZyWYlzKecF_g.roa (raw, json)
Hash identifier:          qc421r9r/7lU3s9LfVt8//W1EXVtI9am5KczZAgBCDA=
Subject key identifier:   E5:D1:FF:0B:C5:B9:BF:8E:F1:BA:0D:99:C9:66:25:CC:A7:9C:17:F8
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01980AAF2C2E7749D245A3FCDB3724441AB0
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/5dH_C8W5v47xug2ZyWYlzKecF_g.roa
Signing time:             Mon 14 Jul 2025 20:45:08 +0000
ROA not before:           Mon 14 Jul 2025 20:45:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213229
IP address blocks:        2a12:bec4:10b5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0a:af:2c:2e:77:49:d2:45:a3:fc:db:37:24:44:1a:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jul 14 20:45:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5d1ff0bc5b9bf8ef1ba0d99c96625cca79c17f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:dc:0a:19:dc:a1:75:74:3c:54:c5:4a:ea:a4:
                    fe:45:00:c5:3c:fb:6c:ee:c9:b8:48:9f:49:82:cd:
                    d4:81:93:a4:96:dd:4c:04:66:c0:5e:a8:09:a4:1d:
                    61:0d:bb:f1:a3:ef:81:25:7d:61:aa:fe:67:d9:7b:
                    71:7d:e1:ff:92:8b:f1:9b:e8:9c:2d:71:32:60:fd:
                    07:32:0b:17:8b:06:75:49:9a:6a:8a:dc:73:85:3d:
                    7e:25:62:fc:2d:34:98:c0:b7:13:21:b5:91:47:dd:
                    50:25:50:95:72:ba:ac:e0:b3:ed:25:e3:d5:7b:6b:
                    95:84:fb:66:d8:9a:ef:d2:d9:93:16:c3:99:25:d3:
                    b8:1a:f7:e2:8f:ac:5d:81:af:8a:87:32:f8:49:cd:
                    a2:fe:5a:6d:60:98:b4:09:35:59:76:63:f6:5d:e5:
                    a9:1d:31:7e:8b:55:ab:2f:cc:37:32:b2:af:f1:01:
                    d4:18:3b:a3:59:cd:73:c8:f0:91:f4:f7:94:da:ac:
                    73:1e:5a:17:6a:7e:29:a8:36:fc:e0:19:d1:3a:b1:
                    c3:ff:24:7d:eb:df:7b:19:52:b2:a3:1b:f7:a4:8b:
                    76:22:30:0d:a4:3b:95:f2:c8:21:f2:9b:7b:f4:fa:
                    5f:81:df:40:4c:bf:bd:d8:37:27:f4:ba:a8:0b:3c:
                    39:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D1:FF:0B:C5:B9:BF:8E:F1:BA:0D:99:C9:66:25:CC:A7:9C:17:F8
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/5dH_C8W5v47xug2ZyWYlzKecF_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:10b5::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:c9:55:13:e7:01:ac:b7:2c:bb:df:08:54:26:52:a9:e4:eb:
         30:d4:e7:58:c3:a0:79:7b:69:1d:12:16:07:90:c5:4b:23:2a:
         a3:1c:87:ed:4e:69:09:b3:70:e1:af:8e:c5:35:d2:dd:8a:9a:
         b6:d3:35:b1:52:1c:2c:1d:cd:29:67:de:a2:9a:b1:8c:2a:a7:
         f6:ff:e6:7b:f5:b7:34:6f:3e:4a:14:e3:70:ed:bc:3d:c8:a0:
         0a:f6:73:a2:30:1f:19:a9:29:04:8a:a7:a6:14:3a:cd:24:cd:
         2b:43:a8:07:e3:1d:6c:89:f1:5d:0a:10:8a:ac:7b:3c:47:db:
         3e:07:62:03:31:f4:0d:62:bb:35:e1:51:73:09:c3:41:cf:70:
         2d:97:20:60:74:b1:42:de:5f:ca:35:a6:45:66:a2:f6:97:3f:
         4e:9b:74:c5:8d:26:16:38:da:ec:18:ed:a8:ff:9c:60:a9:a4:
         78:eb:f7:7f:49:42:81:fb:13:3d:f3:d7:7e:d6:15:2b:88:b1:
         9d:42:bf:ce:ec:08:bc:c9:41:77:e6:be:4f:d2:ff:c7:66:7d:
         c3:98:7c:ea:cd:bf:b8:6b:8c:97:ce:91:85:ad:f6:3e:04:1b:
         a8:41:9f:37:70:ae:e8:2f:69:42:f9:18:a9:96:81:b5:e5:95:
         9d:15:83:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgKrywud0nSRaP82zckRBqwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNzE0MjA0NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWQxZmYwYmM1YjliZjhlZjFiYTBkOTljOTY2MjVjY2E3OWMxN2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9wKGdyhdXQ8VMVK6qT+RQDFPPts
7sm4SJ9Jgs3UgZOklt1MBGbAXqgJpB1hDbvxo++BJX1hqv5n2XtxfeH/kovxm+ic
LXEyYP0HMgsXiwZ1SZpqitxzhT1+JWL8LTSYwLcTIbWRR91QJVCVcrqs4LPtJePV
e2uVhPtm2Jrv0tmTFsOZJdO4Gvfij6xdga+KhzL4Sc2i/lptYJi0CTVZdmP2XeWp
HTF+i1WrL8w3MrKv8QHUGDujWc1zyPCR9PeU2qxzHloXan4pqDb84BnROrHD/yR9
6997GVKyoxv3pIt2IjANpDuV8sgh8pt79Ppfgd9ATL+92Dcn9LqoCzw5iQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOXR/wvFub+O8boNmclmJcynnBf4MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvNWRIX0M4VzV2NDd4dWcyWnlXWWx6S2VjRl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+xBC1
MA0GCSqGSIb3DQEBCwUAA4IBAQCByVUT5wGstyy73whUJlKp5Osw1OdYw6B5e2kd
EhYHkMVLIyqjHIftTmkJs3Dhr47FNdLdipq20zWxUhwsHc0pZ96imrGMKqf2/+Z7
9bc0bz5KFONw7bw9yKAK9nOiMB8ZqSkEiqemFDrNJM0rQ6gH4x1sifFdChCKrHs8
R9s+B2IDMfQNYrs14VFzCcNBz3AtlyBgdLFC3l/KNaZFZqL2lz9Om3TFjSYWONrs
GO2o/5xgqaR46/d/SUKB+xM989d+1hUriLGdQr/O7Ai8yUF35r5P0v/HZn3DmHzq
zb+4a4yXzpGFrfY+BBuoQZ83cK7oL2lC+RiploG15ZWdFYOI
-----END CERTIFICATE-----