Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/cp8oLj7BzZxQ9d7oMtDVSNMYJvI.roa
File:                     cp8oLj7BzZxQ9d7oMtDVSNMYJvI.roa (raw, json)
Hash identifier:          Zv2FRpo2U5R0TLXO/01KO/xSWksSNssh2cjUnND99yM=
Subject key identifier:   72:9F:28:2E:3E:C1:CD:9C:50:F5:DE:E8:32:D0:D5:48:D3:18:26:F2
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01955F554A952BB9D77979F874BD3CD5322C
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/cp8oLj7BzZxQ9d7oMtDVSNMYJvI.roa
Signing time:             Tue 04 Mar 2025 04:06:19 +0000
ROA not before:           Tue 04 Mar 2025 04:06:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63150
IP address blocks:        2a12:bec4:1870::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5f:55:4a:95:2b:b9:d7:79:79:f8:74:bd:3c:d5:32:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Mar  4 04:06:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=729f282e3ec1cd9c50f5dee832d0d548d31826f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6c:93:f0:7d:53:0a:16:58:67:63:76:b4:08:
                    ab:5d:eb:19:8a:79:99:bd:35:19:37:19:74:8e:dd:
                    94:a0:3d:3a:9d:f2:25:09:49:4b:65:16:64:3c:98:
                    b2:fd:7d:29:83:6e:46:31:9e:49:b4:78:ef:5d:c9:
                    26:55:cb:6f:99:1b:12:a8:8f:0a:20:dc:f3:2a:81:
                    3f:7f:f1:df:07:63:bb:55:73:92:96:c0:e1:23:03:
                    3f:93:24:b3:3b:42:22:f7:9d:8f:e7:dd:f5:06:24:
                    59:60:fd:ab:3c:8c:06:2b:68:67:92:2d:8a:46:a6:
                    7a:b6:2c:45:9a:cc:34:d0:29:7b:5d:a0:d2:0a:89:
                    f1:1d:91:2c:47:26:5e:27:99:58:4c:7f:1a:5a:8e:
                    71:17:68:f9:98:4e:ae:df:d5:5f:ed:03:13:2c:30:
                    a7:21:cf:ba:ac:40:57:23:e0:cb:f1:b7:b0:a7:be:
                    be:97:69:36:cc:16:d9:9b:b5:b9:7d:2b:17:df:51:
                    e3:0e:0c:b5:8c:4f:ba:68:e3:2f:22:86:3a:a1:98:
                    1a:b9:87:37:a5:3b:21:ba:8f:1b:bc:37:a8:d0:3d:
                    16:47:4a:f9:b1:18:68:3f:a6:cb:9b:8b:8b:7b:f6:
                    fb:d6:bc:8c:e3:0f:69:2a:66:20:bb:44:f1:a9:51:
                    c3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:9F:28:2E:3E:C1:CD:9C:50:F5:DE:E8:32:D0:D5:48:D3:18:26:F2
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/cp8oLj7BzZxQ9d7oMtDVSNMYJvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1870::/44

    Signature Algorithm: sha256WithRSAEncryption
         35:6c:b9:6e:d1:65:e2:88:a1:d0:37:31:60:2e:76:d7:f6:e8:
         af:0c:a1:13:e0:8a:0a:71:4f:f9:47:43:5c:44:21:ed:c4:74:
         8c:a3:c9:74:26:85:e1:f7:0b:03:05:5f:f4:0f:95:d8:45:f3:
         79:cc:35:42:fe:47:f6:b7:a0:46:ce:73:1e:48:82:e1:d9:b4:
         4a:67:a2:6f:17:b7:12:ec:92:7c:f3:fc:a5:80:c6:91:df:d2:
         3b:b4:4b:72:89:fb:f4:ce:a0:b8:07:1a:b5:2c:1f:d5:e5:ea:
         98:91:b7:3a:1c:a9:44:b1:cc:df:fd:eb:3e:0e:e2:7b:e2:b1:
         0f:ca:89:10:db:11:d1:6e:c8:4a:7d:ad:f3:77:5c:c0:ad:d8:
         cf:23:dd:0c:03:07:0d:24:00:80:29:2f:b8:7f:14:41:67:a8:
         39:fe:a5:99:e8:cc:49:b1:96:fa:7b:e4:ca:a0:40:08:92:52:
         9d:00:af:60:79:8d:cf:ce:73:9b:c2:1b:94:c6:3b:bc:fc:2a:
         7e:ff:66:8e:f3:26:f8:19:32:f4:72:8e:95:f2:6a:bb:60:05:
         79:f2:64:61:ba:58:76:9e:56:d0:89:ea:b8:8d:c7:bd:22:0f:
         a0:e3:6c:17:b5:b1:ac:1a:0d:86:e2:3b:c0:d4:b7:aa:60:04:
         46:ff:f1:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZVfVUqVK7nXeXn4dL081TIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMzA0MDQwNjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjlmMjgyZTNlYzFjZDljNTBmNWRlZTgzMmQwZDU0OGQzMTgyNmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2yT8H1TChZYZ2N2tAirXesZinmZ
vTUZNxl0jt2UoD06nfIlCUlLZRZkPJiy/X0pg25GMZ5JtHjvXckmVctvmRsSqI8K
INzzKoE/f/HfB2O7VXOSlsDhIwM/kySzO0Ii952P5931BiRZYP2rPIwGK2hnki2K
RqZ6tixFmsw00Cl7XaDSConxHZEsRyZeJ5lYTH8aWo5xF2j5mE6u39Vf7QMTLDCn
Ic+6rEBXI+DL8bewp76+l2k2zBbZm7W5fSsX31HjDgy1jE+6aOMvIoY6oZgauYc3
pTshuo8bvDeo0D0WR0r5sRhoP6bLm4uLe/b71ryM4w9pKmYgu0TxqVHDjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHKfKC4+wc2cUPXe6DLQ1UjTGCbyMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvY3A4b0xqN0J6WnhROWQ3b010RFZTTk1ZSnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBhw
MA0GCSqGSIb3DQEBCwUAA4IBAQA1bLlu0WXiiKHQNzFgLnbX9uivDKET4IoKcU/5
R0NcRCHtxHSMo8l0JoXh9wsDBV/0D5XYRfN5zDVC/kf2t6BGznMeSILh2bRKZ6Jv
F7cS7JJ88/ylgMaR39I7tEtyifv0zqC4Bxq1LB/V5eqYkbc6HKlEsczf/es+DuJ7
4rEPyokQ2xHRbshKfa3zd1zArdjPI90MAwcNJACAKS+4fxRBZ6g5/qWZ6MxJsZb6
e+TKoEAIklKdAK9geY3PznObwhuUxju8/Cp+/2aO8yb4GTL0co6V8mq7YAV58mRh
ulh2nlbQieq4jce9Ig+g42wXtbGsGg2G4jvA1LeqYARG//Gj
-----END CERTIFICATE-----