Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/jWt_FdPMKhJ6LBUGm4GuQwlMer0.roa
File:                     jWt_FdPMKhJ6LBUGm4GuQwlMer0.roa (raw, json)
Hash identifier:          JSe4tFMgywTUkhZKCdS6lj1tYUGBxWS17wo5Kf6yHnk=
Subject key identifier:   8D:6B:7F:15:D3:CC:2A:12:7A:2C:15:06:9B:81:AE:43:09:4C:7A:BD
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       0195ED47F21280F0672DCBBF7D4AA3CF2FE4
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/jWt_FdPMKhJ6LBUGm4GuQwlMer0.roa
Signing time:             Mon 31 Mar 2025 17:37:49 +0000
ROA not before:           Mon 31 Mar 2025 17:37:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        2a12:3b41::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ed:47:f2:12:80:f0:67:2d:cb:bf:7d:4a:a3:cf:2f:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: Mar 31 17:37:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d6b7f15d3cc2a127a2c15069b81ae43094c7abd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:41:b6:3e:5b:9b:c1:d3:da:b7:59:e3:ef:25:
                    40:ab:5a:e6:db:3a:1f:79:53:e8:90:30:b5:92:c5:
                    db:80:55:51:66:39:92:80:15:f4:f5:89:e4:3c:93:
                    8b:2c:ff:b4:d9:0f:d3:a1:0a:97:71:a4:a6:56:17:
                    22:df:32:08:c0:89:06:93:5b:08:81:70:3b:10:29:
                    03:74:4a:a9:44:e8:49:51:63:45:6e:8f:53:e0:2a:
                    e9:2d:93:23:f9:3a:a9:82:40:c3:85:94:b4:f7:81:
                    54:84:1b:b2:24:11:c3:1e:b0:8a:47:b1:26:99:96:
                    6a:9b:15:25:45:b3:d7:19:07:7d:0b:f0:55:78:eb:
                    f5:29:c7:ea:1f:fd:77:c6:ce:5b:a9:fd:b0:9e:61:
                    38:88:c1:31:8f:0f:00:e5:17:f5:f7:0e:c0:3f:16:
                    76:62:89:57:4e:d6:44:d3:c1:6e:0f:9d:b4:86:42:
                    17:36:36:75:0f:65:6f:b8:27:87:cc:87:1c:08:5f:
                    84:52:f5:d6:2a:b3:a8:fd:14:ee:49:68:dd:0a:62:
                    a2:7d:60:c3:ae:9b:d1:13:8b:72:f8:b5:3a:e8:a8:
                    be:03:a2:ea:1e:2e:a4:a4:31:c9:ca:a5:6c:b2:90:
                    1e:57:58:63:22:c2:03:37:af:dd:cd:30:41:19:71:
                    35:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:6B:7F:15:D3:CC:2A:12:7A:2C:15:06:9B:81:AE:43:09:4C:7A:BD
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/jWt_FdPMKhJ6LBUGm4GuQwlMer0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3b41::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:7b:ef:66:04:43:2c:77:69:1d:e8:db:db:2d:98:b2:77:25:
         86:66:3f:a4:17:97:fe:d9:d5:e9:84:e3:c1:40:b5:4c:7a:f1:
         89:5b:95:97:c5:1b:73:3a:93:d8:c4:2c:d7:a2:90:41:f6:ae:
         64:b7:c2:b0:5d:71:a5:c0:bf:56:85:05:cf:01:b7:ca:15:e0:
         c8:6d:7c:60:9a:ee:06:fd:e4:73:94:7b:7e:80:0c:44:d8:36:
         09:96:82:aa:03:e0:09:ac:74:a2:43:d5:3e:71:df:e4:e0:52:
         94:dd:50:f5:88:1e:d9:bb:71:65:77:90:e0:78:f0:c7:ca:d1:
         c2:0f:11:b3:7d:b1:1d:64:ca:44:0f:48:06:c7:54:82:dd:4e:
         45:6a:cf:af:80:e3:4f:ff:b7:c7:82:d4:57:08:fd:91:cc:8a:
         2a:76:56:d2:dd:bb:b7:20:e9:85:ff:d1:38:02:b4:4a:5c:cd:
         97:c5:f7:8e:eb:11:41:81:a9:fd:49:44:b0:20:a9:fe:97:30:
         48:4f:80:59:78:a5:d0:5f:d3:2e:7a:c5:bd:23:fc:0f:31:29:
         6e:46:98:c7:78:69:0a:e1:bf:fe:94:8a:30:4c:d0:c0:47:29:
         be:42:92:5c:15:04:50:b9:06:87:6c:01:01:12:7e:eb:03:8b:
         33:10:b4:e5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZXtR/ISgPBnLcu/fUqjzy/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjUwMzMxMTczNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDZiN2YxNWQzY2MyYTEyN2EyYzE1MDY5YjgxYWU0MzA5NGM3YWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEG2PlubwdPat1nj7yVAq1rm2zof
eVPokDC1ksXbgFVRZjmSgBX09YnkPJOLLP+02Q/ToQqXcaSmVhci3zIIwIkGk1sI
gXA7ECkDdEqpROhJUWNFbo9T4CrpLZMj+TqpgkDDhZS094FUhBuyJBHDHrCKR7Em
mZZqmxUlRbPXGQd9C/BVeOv1KcfqH/13xs5bqf2wnmE4iMExjw8A5Rf19w7APxZ2
YolXTtZE08FuD520hkIXNjZ1D2VvuCeHzIccCF+EUvXWKrOo/RTuSWjdCmKifWDD
rpvRE4ty+LU66Ki+A6LqHi6kpDHJyqVsspAeV1hjIsIDN6/dzTBBGXE1EQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFI1rfxXTzCoSeiwVBpuBrkMJTHq9MB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvald0X0ZkUE1LaEo2TEJVR200R3VRd2xNZXIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhI7QTAN
BgkqhkiG9w0BAQsFAAOCAQEAZ3vvZgRDLHdpHejb2y2YsnclhmY/pBeX/tnV6YTj
wUC1THrxiVuVl8UbczqT2MQs16KQQfauZLfCsF1xpcC/VoUFzwG3yhXgyG18YJru
Bv3kc5R7foAMRNg2CZaCqgPgCax0okPVPnHf5OBSlN1Q9Yge2btxZXeQ4Hjwx8rR
wg8Rs32xHWTKRA9IBsdUgt1ORWrPr4DjT/+3x4LUVwj9kcyKKnZW0t27tyDphf/R
OAK0SlzNl8X3jusRQYGp/UlEsCCp/pcwSE+AWXil0F/TLnrFvSP8DzEpbkaYx3hp
CuG//pSKMEzQwEcpvkKSXBUEULkGh2wBARJ+6wOLMxC05Q==
-----END CERTIFICATE-----