Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2YiKRPhpLRHkgQv5qPnbz499Vjs.roa
File:                     2YiKRPhpLRHkgQv5qPnbz499Vjs.roa (raw, json)
Hash identifier:          uY3mBMDredcsAG5gWNr+OEwewG1fu+1bxwhSqMPAPM0=
Subject key identifier:   D9:88:8A:44:F8:69:2D:11:E4:81:0B:F9:A8:F9:DB:CF:8F:7D:56:3B
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C752601711F71512CA3E18AAF33E7
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2YiKRPhpLRHkgQv5qPnbz499Vjs.roa
Signing time:             Wed 01 Jan 2025 01:48:06 +0000
ROA not before:           Wed 01 Jan 2025 01:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215842
IP address blocks:        2a12:bec0:5d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:75:26:01:71:1f:71:51:2c:a3:e1:8a:af:33:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9888a44f8692d11e4810bf9a8f9dbcf8f7d563b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e5:5e:ef:4d:39:b2:d0:b2:68:46:41:46:8b:
                    10:f2:64:28:fc:01:68:0e:b5:bb:f0:9f:c0:06:94:
                    dc:bd:5e:25:cb:b0:c4:ca:fb:ea:b5:a5:90:de:cf:
                    84:f5:81:a4:a3:f0:8c:e1:f4:be:2b:18:3b:29:e0:
                    07:2f:d7:a9:1f:78:85:11:92:94:f1:63:61:80:50:
                    bf:b3:1b:bd:93:09:7c:65:cd:ec:8b:1a:1f:9c:3f:
                    b6:be:b6:58:f9:bf:02:92:eb:6b:76:32:e3:1c:69:
                    2b:fa:df:47:8b:85:19:22:2c:bd:f8:56:61:38:f2:
                    b9:5c:fb:20:d8:e2:3e:df:0e:a3:54:40:ad:98:16:
                    8f:58:a0:0d:71:eb:e7:33:9f:a6:18:4c:6b:62:fd:
                    36:91:a7:b8:e0:ee:36:77:0d:db:2b:c3:a6:e6:8f:
                    a6:51:52:c3:64:2f:f9:61:dd:66:98:93:81:57:20:
                    4e:db:e5:bf:cf:7c:1c:87:8c:8b:a2:f1:58:04:68:
                    ed:dd:f2:87:a1:82:97:ee:24:5a:49:89:f8:87:e4:
                    c6:a2:f5:f2:3b:e3:b5:b3:9c:c7:bf:89:7e:3e:11:
                    4b:7a:2a:07:92:33:3c:ba:5e:3b:b1:33:5a:61:5a:
                    a5:7b:98:65:08:b4:87:68:99:59:8d:0b:f3:19:03:
                    2f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:88:8A:44:F8:69:2D:11:E4:81:0B:F9:A8:F9:DB:CF:8F:7D:56:3B
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/2YiKRPhpLRHkgQv5qPnbz499Vjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:5d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b5:10:6f:82:68:f7:47:1f:48:65:51:a8:3e:7f:e3:13:64:67:
         b4:ec:59:a7:5c:40:64:1b:d3:ee:7c:09:30:6a:0a:39:6c:4e:
         1c:d4:79:c4:f6:e6:10:b4:50:66:ca:d3:11:38:8f:06:10:d7:
         9e:48:2a:15:3c:00:b2:7d:84:34:0c:bc:c9:ea:b8:5c:05:51:
         40:76:79:00:7e:98:23:22:ce:7b:b5:54:7d:2c:8e:d0:af:93:
         c0:23:0b:e8:75:25:00:79:64:33:d6:e5:26:22:27:0d:58:b1:
         a4:fd:0c:06:8f:16:3b:21:2f:a7:34:ae:13:bf:61:ed:22:6c:
         d0:1e:22:d9:8e:f5:fd:93:51:87:b7:46:01:a6:e6:48:cf:06:
         21:c3:7e:71:8d:6d:ab:ef:a0:0b:79:aa:a5:db:06:4a:83:69:
         87:fb:82:f4:e2:7a:4f:94:15:fc:0c:85:f9:91:59:3a:25:25:
         67:8b:e8:cf:c2:ba:d1:76:ef:55:2d:39:fd:3a:6c:74:89:31:
         c7:27:46:6b:3f:56:7e:00:55:ce:4a:99:d7:b1:5e:16:8a:8b:
         70:08:be:2e:a3:42:67:c8:84:e6:3f:63:08:3e:42:3f:05:e7:
         a8:47:fb:c7:05:b3:08:ee:5c:aa:c2:3d:b7:0b:fb:01:f2:2f:
         a2:32:94:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHUmAXEfcVEso+GKrzPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTg4OGE0NGY4NjkyZDExZTQ4MTBiZjlhOGY5ZGJjZjhmN2Q1NjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouVe7005stCyaEZBRosQ8mQo/AFo
DrW78J/ABpTcvV4ly7DEyvvqtaWQ3s+E9YGko/CM4fS+Kxg7KeAHL9epH3iFEZKU
8WNhgFC/sxu9kwl8Zc3sixofnD+2vrZY+b8CkutrdjLjHGkr+t9Hi4UZIiy9+FZh
OPK5XPsg2OI+3w6jVECtmBaPWKANcevnM5+mGExrYv02kae44O42dw3bK8Om5o+m
UVLDZC/5Yd1mmJOBVyBO2+W/z3wch4yLovFYBGjt3fKHoYKX7iRaSYn4h+TGovXy
O+O1s5zHv4l+PhFLeioHkjM8ul47sTNaYVqle5hlCLSHaJlZjQvzGQMvBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNmIikT4aS0R5IEL+aj528+PfVY7MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMllpS1JQaHBMUkhrZ1F2NXFQbmJ6NDk5VmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAXQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC1EG+CaPdHH0hlUag+f+MTZGe07FmnXEBkG9Pu
fAkwago5bE4c1HnE9uYQtFBmytMROI8GENeeSCoVPACyfYQ0DLzJ6rhcBVFAdnkA
fpgjIs57tVR9LI7Qr5PAIwvodSUAeWQz1uUmIicNWLGk/QwGjxY7IS+nNK4Tv2Ht
ImzQHiLZjvX9k1GHt0YBpuZIzwYhw35xjW2r76ALeaql2wZKg2mH+4L04npPlBX8
DIX5kVk6JSVni+jPwrrRdu9VLTn9Omx0iTHHJ0ZrP1Z+AFXOSpnXsV4WiotwCL4u
o0JnyITmP2MIPkI/BeeoR/vHBbMI7lyqwj23C/sB8i+iMpTn
-----END CERTIFICATE-----