Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1SmSnsLpf6nWgV1JXZgkDaimjpk.roa
File:                     1SmSnsLpf6nWgV1JXZgkDaimjpk.roa (raw, json)
Hash identifier:          AkbiP2n4jnuJ/Z8S3fmKYjg4HbFT0wphE+irfFfy52Y=
Subject key identifier:   D5:29:92:9E:C2:E9:7F:A9:D6:81:5D:49:5D:98:24:0D:A8:A6:8E:99
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0194F2425396DF03FE4CDDD6FFE5EEFFAB34
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1SmSnsLpf6nWgV1JXZgkDaimjpk.roa
Signing time:             Mon 10 Feb 2025 23:47:00 +0000
ROA not before:           Mon 10 Feb 2025 23:47:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        2a12:bec0:230::/44 maxlen: 48
                          2a12:bec0:5d5::/48 maxlen: 48
                          2a12:bec0:5df::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 15:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f2:42:53:96:df:03:fe:4c:dd:d6:ff:e5:ee:ff:ab:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Feb 10 23:47:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d529929ec2e97fa9d6815d495d98240da8a68e99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6e:b0:c0:bf:72:47:3d:74:d1:5f:63:3f:ff:
                    77:5e:49:82:ea:4e:3b:9c:b1:22:60:c4:16:4a:2c:
                    68:89:9d:6c:3c:88:80:d1:ab:97:b1:86:e0:43:5f:
                    2a:df:52:38:95:b1:1b:9e:80:05:61:63:42:6c:d3:
                    2a:20:96:dc:f3:42:b6:a4:74:5a:cf:34:09:29:96:
                    87:00:1b:e6:bc:da:50:89:8a:e1:99:7a:b0:b7:cc:
                    a2:f9:05:0d:5d:e8:ba:ae:47:4c:2b:2b:dd:20:e2:
                    57:7c:7d:71:d0:b4:e1:5e:5d:39:76:dc:05:94:31:
                    2f:d0:76:0c:5c:97:94:e6:46:1c:35:5d:f4:25:4b:
                    84:e2:d4:53:49:d7:65:eb:af:e8:b1:1e:64:97:d1:
                    0e:9b:05:ac:c8:1c:04:73:0e:3a:9f:9e:24:86:7c:
                    00:3f:7e:f7:79:70:86:7e:7d:1b:f0:03:66:e0:c1:
                    73:55:4c:25:f4:ca:a0:fd:c3:52:61:da:2e:77:02:
                    69:82:51:4a:c4:30:d1:cc:94:4b:53:ab:1f:8f:91:
                    36:a1:9c:77:42:25:92:e3:10:f3:91:4f:5f:8d:bc:
                    07:f7:d5:07:5f:e6:44:5a:d3:2c:fc:b5:b9:ce:04:
                    1d:e2:83:a0:a4:a4:ab:d8:70:8f:eb:e9:63:b5:89:
                    fe:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:29:92:9E:C2:E9:7F:A9:D6:81:5D:49:5D:98:24:0D:A8:A6:8E:99
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1SmSnsLpf6nWgV1JXZgkDaimjpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:230::/44
                  2a12:bec0:5d5::/48
                  2a12:bec0:5df::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:fb:d4:45:b3:4e:5e:56:8f:85:17:1d:03:40:ae:67:97:2f:
         d0:fa:e7:4f:e0:be:d4:f7:5b:6b:2b:5f:54:5a:ff:ca:22:f2:
         e4:b8:85:8b:f0:71:0b:de:68:ab:ca:0f:87:db:06:bd:d5:fc:
         f6:47:6d:87:9f:eb:14:55:d3:9f:82:d2:a5:0a:2d:d9:36:2f:
         3b:51:8e:dc:1d:47:34:23:76:13:56:24:0f:a2:84:8d:5c:a8:
         a4:5d:98:ff:c7:c0:ce:a7:02:f1:53:18:2f:ed:45:20:04:a8:
         2f:7e:37:15:7f:4f:03:fb:3c:e5:3a:29:19:80:a7:03:44:82:
         26:6e:86:3c:fc:c1:6b:6c:0b:12:3f:d6:b2:d3:4e:5f:8a:83:
         09:84:2c:2f:e1:48:5f:f2:c0:92:ff:62:1e:a4:29:95:aa:7d:
         b6:33:f3:2f:99:80:33:e5:69:9c:37:54:2f:58:67:e4:d0:32:
         bb:37:b3:6e:e9:4c:92:91:6c:cb:2e:8f:4f:df:43:17:42:c8:
         65:11:e2:7d:c5:da:65:98:f1:52:e3:5a:1d:7a:ff:04:3c:bd:
         9a:84:0a:e2:9f:86:82:99:16:76:cb:e8:13:c4:f7:aa:55:f8:
         bc:a5:0c:bb:38:e1:22:b9:9c:cb:de:99:36:d7:e4:84:10:79:
         57:9d:65:38
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZTyQlOW3wP+TN3W/+Xu/6s0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMjEwMjM0NzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTI5OTI5ZWMyZTk3ZmE5ZDY4MTVkNDk1ZDk4MjQwZGE4YTY4ZTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArm6wwL9yRz100V9jP/93XkmC6k47
nLEiYMQWSixoiZ1sPIiA0auXsYbgQ18q31I4lbEbnoAFYWNCbNMqIJbc80K2pHRa
zzQJKZaHABvmvNpQiYrhmXqwt8yi+QUNXei6rkdMKyvdIOJXfH1x0LThXl05dtwF
lDEv0HYMXJeU5kYcNV30JUuE4tRTSddl66/osR5kl9EOmwWsyBwEcw46n54khnwA
P373eXCGfn0b8ANm4MFzVUwl9Mqg/cNSYdoudwJpglFKxDDRzJRLU6sfj5E2oZx3
QiWS4xDzkU9fjbwH99UHX+ZEWtMs/LW5zgQd4oOgpKSr2HCP6+ljtYn+CQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNUpkp7C6X+p1oFdSV2YJA2opo6ZMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMVNtU25zTHBmNm5XZ1YxSlhaZ2tEYWltanBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKhK+wAIw
AwcAKhK+wAXVAwcAKhK+wAXfMA0GCSqGSIb3DQEBCwUAA4IBAQBN+9RFs05eVo+F
Fx0DQK5nly/Q+udP4L7U91trK19UWv/KIvLkuIWL8HEL3miryg+H2wa91fz2R22H
n+sUVdOfgtKlCi3ZNi87UY7cHUc0I3YTViQPooSNXKikXZj/x8DOpwLxUxgv7UUg
BKgvfjcVf08D+zzlOikZgKcDRIImboY8/MFrbAsSP9ay005fioMJhCwv4Uhf8sCS
/2IepCmVqn22M/MvmYAz5WmcN1QvWGfk0DK7N7Nu6UySkWzLLo9P30MXQshlEeJ9
xdplmPFS41odev8EPL2ahArin4aCmRZ2y+gTxPeqVfi8pQy7OOEiuZzL3pk21+SE
EHlXnWU4
-----END CERTIFICATE-----