Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/XM_8GZfL63D50fvmqozAb7TgHig.roa
File:                     XM_8GZfL63D50fvmqozAb7TgHig.roa (raw, json)
Hash identifier:          oVsBTFe15WQipDhi9QOXbhzf3fMipxDExkc56doa210=
Subject key identifier:   5C:CF:FC:19:97:CB:EB:70:F9:D1:FB:E6:AA:8C:C0:6F:B4:E0:1E:28
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01982A429F96CC30D9CC3381C14085BDBF84
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/XM_8GZfL63D50fvmqozAb7TgHig.roa
Signing time:             Sun 20 Jul 2025 23:54:25 +0000
ROA not before:           Sun 20 Jul 2025 23:54:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213520
IP address blocks:        2a12:bec4:1b50::/44 maxlen: 44
                          2a12:bec4:1bb0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2a:42:9f:96:cc:30:d9:cc:33:81:c1:40:85:bd:bf:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jul 20 23:54:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ccffc1997cbeb70f9d1fbe6aa8cc06fb4e01e28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:54:64:a6:8b:ae:d3:c7:51:35:83:fd:41:f6:
                    38:20:a6:85:78:ab:2e:53:fd:68:7b:44:bb:d7:fb:
                    1f:2e:a1:15:1e:f7:79:3b:a3:56:18:d4:df:f9:67:
                    0a:6e:37:01:33:24:3b:64:c4:79:23:2c:41:dc:2b:
                    16:45:c5:2c:eb:c2:94:42:53:2f:e0:a7:49:5f:64:
                    67:f2:c2:c2:10:a8:44:7a:57:30:80:4b:81:63:4c:
                    f1:05:7b:b8:ec:ca:0a:b2:18:58:49:05:4a:a4:bf:
                    da:b6:aa:e0:a9:27:df:03:eb:9d:e1:26:0a:e9:11:
                    db:a4:6f:08:6f:6d:22:38:dd:7d:b5:91:40:e4:44:
                    2c:1e:af:81:11:f0:b7:c5:f2:66:3c:f2:e9:f2:45:
                    2e:bf:31:56:62:c1:e6:bf:e2:f2:d9:e7:b6:81:2c:
                    71:59:51:df:e1:9b:0e:81:2e:5d:73:76:4a:4b:a3:
                    73:56:dd:5b:6f:47:d9:9e:75:51:71:f2:86:c3:6a:
                    35:bc:6e:83:1b:2e:1a:dd:ad:16:76:aa:dc:37:88:
                    b2:95:e7:19:8f:eb:d0:f7:1a:55:66:15:6e:39:a3:
                    e2:79:c3:6d:63:6f:8d:23:17:5d:29:b8:7e:a2:cf:
                    41:6c:7a:d6:12:1e:ee:7d:fd:0a:ec:f2:d7:75:7d:
                    e9:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:CF:FC:19:97:CB:EB:70:F9:D1:FB:E6:AA:8C:C0:6F:B4:E0:1E:28
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/XM_8GZfL63D50fvmqozAb7TgHig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1b50::/44
                  2a12:bec4:1bb0::/44

    Signature Algorithm: sha256WithRSAEncryption
         83:7e:c9:71:a5:c6:19:fa:c9:ef:cc:f3:77:66:09:d3:86:d6:
         fa:ed:72:89:8b:37:9b:6f:e5:ff:2b:c1:72:96:33:67:26:07:
         18:58:be:fa:d8:f3:a7:1d:16:54:d0:42:d6:6f:82:4f:11:c2:
         14:ee:ae:06:e5:d6:a6:34:a0:60:4e:53:d9:58:0b:ee:a2:3f:
         70:6c:3e:b5:a9:fa:6d:27:9d:e2:2b:0c:0c:42:38:b7:d1:9a:
         6a:cf:0a:51:ef:7d:49:71:ab:0a:03:1c:de:6d:47:f1:9d:8c:
         5d:b6:fa:92:01:6a:9e:de:b7:f4:a0:70:ec:93:66:ee:47:ed:
         02:73:71:60:04:70:fb:33:dc:22:85:39:b2:92:4c:45:45:fd:
         14:f9:1f:cb:b5:40:65:c5:c6:c2:cd:ec:92:5b:14:a4:de:e8:
         d1:6b:b8:05:00:f7:e7:ba:9e:eb:b3:c5:1d:69:d8:78:8f:5f:
         37:53:fd:f9:0b:6e:cc:36:d8:82:02:54:59:40:c1:26:6f:31:
         fe:eb:87:d2:57:3f:9e:c6:9b:fe:16:17:fb:72:3e:45:46:30:
         3e:ff:4e:08:b9:e7:6b:4f:17:b2:50:42:24:40:25:69:a1:91:
         df:74:03:72:17:8a:7d:c9:45:c4:08:2b:04:f5:c3:c4:c3:5b:
         ba:f7:a3:92
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgqQp+WzDDZzDOBwUCFvb+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNzIwMjM1NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2NmZmMxOTk3Y2JlYjcwZjlkMWZiZTZhYThjYzA2ZmI0ZTAxZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1Rkpouu08dRNYP9QfY4IKaFeKsu
U/1oe0S71/sfLqEVHvd5O6NWGNTf+WcKbjcBMyQ7ZMR5IyxB3CsWRcUs68KUQlMv
4KdJX2Rn8sLCEKhEelcwgEuBY0zxBXu47MoKshhYSQVKpL/atqrgqSffA+ud4SYK
6RHbpG8Ib20iON19tZFA5EQsHq+BEfC3xfJmPPLp8kUuvzFWYsHmv+Ly2ee2gSxx
WVHf4ZsOgS5dc3ZKS6NzVt1bb0fZnnVRcfKGw2o1vG6DGy4a3a0WdqrcN4iylecZ
j+vQ9xpVZhVuOaPiecNtY2+NIxddKbh+os9BbHrWEh7uff0K7PLXdX3p8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFzP/BmXy+tw+dH75qqMwG+04B4oMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvWE1fOEdaZkw2M0Q1MGZ2bXFvekFiN1RnSGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xBtQ
AwcEKhK+xBuwMA0GCSqGSIb3DQEBCwUAA4IBAQCDfslxpcYZ+snvzPN3ZgnThtb6
7XKJizebb+X/K8FyljNnJgcYWL762POnHRZU0ELWb4JPEcIU7q4G5damNKBgTlPZ
WAvuoj9wbD61qfptJ53iKwwMQji30ZpqzwpR731JcasKAxzebUfxnYxdtvqSAWqe
3rf0oHDsk2buR+0Cc3FgBHD7M9wihTmykkxFRf0U+R/LtUBlxcbCzeySWxSk3ujR
a7gFAPfnup7rs8Udadh4j183U/35C27MNtiCAlRZQMEmbzH+64fSVz+expv+Fhf7
cj5FRjA+/04IuedrTxeyUEIkQCVpoZHfdANyF4p9yUXECCsE9cPEw1u696OS
-----END CERTIFICATE-----