Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ZFy-NhYTmq7JBuzU6Z2Ukf_B9P4.roa
File:                     ZFy-NhYTmq7JBuzU6Z2Ukf_B9P4.roa (raw, json)
Hash identifier:          iz6wgJXL/ubSbMtkaiLJL02lkSAnPFgA+wYpTdVoOT0=
Subject key identifier:   64:5C:BE:36:16:13:9A:AE:C9:06:EC:D4:E9:9D:94:91:FF:C1:F4:FE
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019801734932CDC9074A8C7858003FF0EF51
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ZFy-NhYTmq7JBuzU6Z2Ukf_B9P4.roa
Signing time:             Sun 13 Jul 2025 01:43:09 +0000
ROA not before:           Sun 13 Jul 2025 01:43:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399646
IP address blocks:        2a12:bec4:12ab::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:01:73:49:32:cd:c9:07:4a:8c:78:58:00:3f:f0:ef:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jul 13 01:43:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=645cbe3616139aaec906ecd4e99d9491ffc1f4fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8f:be:14:dd:08:b8:52:84:e3:d1:c2:a9:96:
                    e0:b4:8c:bb:ea:ce:43:b0:e4:85:74:b2:ca:fe:73:
                    8c:8c:82:db:05:5b:24:fa:8a:16:a8:a7:ea:a7:95:
                    14:19:62:31:a5:e6:33:b8:d1:be:1a:fa:fc:ac:c3:
                    d1:64:29:6d:c9:ba:c6:31:2b:3e:24:d5:c0:a8:74:
                    5d:69:72:88:1c:39:40:e3:12:52:88:1c:49:e4:71:
                    c4:f0:d0:79:15:6f:18:be:89:ef:5f:ff:31:ee:5f:
                    ed:e4:85:d9:7e:23:ca:f2:9f:57:bd:ee:83:80:4d:
                    c6:09:9b:b5:3a:41:10:63:87:7a:d0:2d:4c:23:d9:
                    68:25:cb:31:1a:2a:18:30:72:7c:84:58:e7:b4:33:
                    23:7f:62:c2:e6:e7:c1:21:3f:bb:5b:b7:fd:7b:8d:
                    ea:48:30:40:be:36:0b:dd:a7:97:ea:18:65:a9:f1:
                    ef:82:6c:1b:ce:37:f5:ed:ca:7c:f4:42:dd:73:4b:
                    a9:d2:8e:ac:c8:4a:a5:93:33:8e:c0:24:61:d6:b2:
                    17:e5:a3:89:23:6d:77:00:4d:e3:0c:b1:2b:2e:af:
                    de:23:9d:1d:53:8b:77:29:99:eb:3a:e7:66:4c:12:
                    9f:f0:62:51:fc:b5:cc:fd:ab:ed:4a:6c:15:89:b4:
                    3f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5C:BE:36:16:13:9A:AE:C9:06:EC:D4:E9:9D:94:91:FF:C1:F4:FE
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ZFy-NhYTmq7JBuzU6Z2Ukf_B9P4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:12ab::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:93:33:cc:35:e4:cf:78:eb:ad:74:e7:33:11:46:b0:c8:69:
         a4:f4:f0:f0:d4:a0:ac:1e:1c:59:0f:b0:89:cc:64:9a:98:96:
         77:60:b9:de:2a:20:e8:46:dc:84:dc:70:35:80:e4:d5:cd:49:
         f0:55:21:8d:db:1d:f8:61:b4:fe:32:27:9f:61:74:f5:17:79:
         9b:97:77:99:9d:d3:18:25:19:26:c6:d9:40:c5:46:91:b0:40:
         63:32:6e:e2:1f:1d:27:46:fe:db:b0:bd:ad:a0:0f:3f:07:91:
         a5:d2:98:cd:fe:51:13:15:98:b3:16:6f:e1:cc:61:2b:f3:aa:
         48:2b:93:25:85:df:a2:05:e0:3f:62:af:00:26:4b:3c:1c:66:
         ed:f5:af:e5:dc:9f:f1:9c:63:fd:f9:e2:f1:3f:56:cf:73:12:
         cc:f3:d3:dd:d6:2d:bb:ea:1c:2e:fd:3c:62:dc:e4:9d:10:75:
         d6:e3:4e:db:70:46:d9:8b:83:b1:65:37:0e:40:48:22:97:4c:
         18:b0:37:c6:9f:89:9a:3b:a4:87:85:6c:ae:65:eb:1c:c7:91:
         d3:82:21:d4:5f:7b:86:42:ea:08:bb:ea:a2:83:8c:1d:ab:ae:
         eb:6b:4f:ab:ae:36:4c:51:3f:f0:42:fa:11:a4:db:ef:e7:ce:
         e5:6d:d3:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgBc0kyzckHSox4WAA/8O9RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNzEzMDE0MzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDVjYmUzNjE2MTM5YWFlYzkwNmVjZDRlOTlkOTQ5MWZmYzFmNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY++FN0IuFKE49HCqZbgtIy76s5D
sOSFdLLK/nOMjILbBVsk+ooWqKfqp5UUGWIxpeYzuNG+Gvr8rMPRZCltybrGMSs+
JNXAqHRdaXKIHDlA4xJSiBxJ5HHE8NB5FW8YvonvX/8x7l/t5IXZfiPK8p9Xve6D
gE3GCZu1OkEQY4d60C1MI9loJcsxGioYMHJ8hFjntDMjf2LC5ufBIT+7W7f9e43q
SDBAvjYL3aeX6hhlqfHvgmwbzjf17cp89ELdc0up0o6syEqlkzOOwCRh1rIX5aOJ
I213AE3jDLErLq/eI50dU4t3KZnrOudmTBKf8GJR/LXM/avtSmwVibQ/nQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGRcvjYWE5quyQbs1OmdlJH/wfT+MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvWkZ5LU5oWVRtcTdKQnV6VTZaMlVrZl9COVA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+xBKr
MA0GCSqGSIb3DQEBCwUAA4IBAQA5kzPMNeTPeOutdOczEUawyGmk9PDw1KCsHhxZ
D7CJzGSamJZ3YLneKiDoRtyE3HA1gOTVzUnwVSGN2x34YbT+MiefYXT1F3mbl3eZ
ndMYJRkmxtlAxUaRsEBjMm7iHx0nRv7bsL2toA8/B5Gl0pjN/lETFZizFm/hzGEr
86pIK5Mlhd+iBeA/Yq8AJks8HGbt9a/l3J/xnGP9+eLxP1bPcxLM89Pd1i276hwu
/Txi3OSdEHXW407bcEbZi4OxZTcOQEgil0wYsDfGn4maO6SHhWyuZescx5HTgiHU
X3uGQuoIu+qig4wdq67ra0+rrjZMUT/wQvoRpNvv587lbdMe
-----END CERTIFICATE-----