Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/3OLXJwX8B8vopO3KDjRCgZGlo7c.roa
File:                     3OLXJwX8B8vopO3KDjRCgZGlo7c.roa (raw, json)
Hash identifier:          JlFXHZlTtEBf19AZiXYcXmlDJQbWFg/nMIe/POz14+I=
Subject key identifier:   DC:E2:D7:27:05:FC:07:CB:E8:A4:ED:CA:0E:34:42:81:91:A5:A3:B7
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C7CDF440CF20ACF2894C10C6D82C4
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/3OLXJwX8B8vopO3KDjRCgZGlo7c.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216401
IP address blocks:        2a12:bec0:e20::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7c:df:44:0c:f2:0a:cf:28:94:c1:0c:6d:82:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dce2d72705fc07cbe8a4edca0e34428191a5a3b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:39:14:a8:04:ed:3c:1c:c7:73:06:74:7b:37:
                    16:1e:4a:25:71:2e:75:d5:23:82:85:5b:c9:13:3e:
                    26:ed:5e:2a:81:09:a1:e8:24:15:8d:78:3f:19:4f:
                    91:c8:fc:a5:cc:97:c0:66:e0:72:43:28:4b:d3:71:
                    4c:0a:d4:13:01:6d:a5:4d:73:73:e5:28:52:11:83:
                    a5:0c:22:60:51:50:0f:e3:6b:d1:0d:3b:08:90:a5:
                    45:98:f3:42:38:e2:f6:da:08:ca:06:cf:3c:38:bf:
                    f9:89:e0:75:7c:bd:59:c7:ae:25:63:95:60:c7:44:
                    cd:ec:07:5a:78:5d:c3:fb:35:74:ab:ac:30:25:9e:
                    15:d0:d6:81:a2:95:29:82:d7:1d:ca:f0:c9:0b:ba:
                    1a:f7:60:15:f0:9a:7f:fa:77:fe:9a:3b:a3:53:a8:
                    2e:52:ca:6e:e8:e4:3c:e6:37:27:9c:20:ba:de:15:
                    3a:52:10:ac:e0:17:b8:2c:69:8b:a5:7a:08:06:71:
                    23:8d:4e:1a:ed:fb:9e:67:91:97:e5:e6:d7:89:a1:
                    9c:87:4a:60:39:a4:66:26:d7:af:a6:a6:ad:f1:8d:
                    d8:e5:f6:59:9b:12:08:95:03:d7:4a:4f:6a:43:7d:
                    e2:a1:2b:ad:6e:39:6e:fb:89:7d:14:3a:7b:39:b8:
                    76:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E2:D7:27:05:FC:07:CB:E8:A4:ED:CA:0E:34:42:81:91:A5:A3:B7
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/3OLXJwX8B8vopO3KDjRCgZGlo7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:e20::/44

    Signature Algorithm: sha256WithRSAEncryption
         af:ae:fb:5e:bc:60:a0:93:fb:25:a6:05:3d:6e:da:04:0b:82:
         30:a8:73:36:c4:46:41:fc:83:aa:62:39:a0:f9:f1:70:89:3f:
         34:d3:0c:a8:7f:4d:bd:4d:92:60:d0:b7:42:d0:66:d8:41:ba:
         00:bb:28:19:b9:25:91:68:90:5a:72:3f:80:5f:88:6e:c3:c7:
         72:79:62:e5:30:22:76:7c:95:e2:72:aa:e6:2b:33:91:95:03:
         ff:7e:da:24:49:f3:cd:fb:22:af:c5:5c:cc:a1:de:95:f4:5e:
         1e:6e:80:94:71:e1:81:be:1a:a1:fa:a6:77:ef:05:3d:94:68:
         1e:9b:5c:96:75:b8:07:ac:2f:cf:5d:24:0d:7d:92:bc:c0:e4:
         26:33:30:aa:67:5f:48:f8:35:12:e5:f9:2c:0b:ac:67:64:39:
         36:16:70:03:d7:88:6d:8a:ed:76:29:2c:8a:2e:1b:2f:d1:8f:
         45:39:d2:38:eb:c0:db:de:86:0f:33:0f:f4:eb:c1:a5:26:83:
         8e:4e:87:ba:98:2a:86:84:1e:a4:96:7b:86:81:72:3a:74:0b:
         dd:22:0e:20:71:29:6f:bd:59:6b:98:86:b0:82:51:ea:22:81:
         35:2f:cd:3f:b1:3b:df:83:23:1b:09:7e:ba:2f:0d:ee:9f:cb:
         d2:b4:9e:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHzfRAzyCs8olMEMbYLEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2UyZDcyNzA1ZmMwN2NiZThhNGVkY2EwZTM0NDI4MTkxYTVhM2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDkUqATtPBzHcwZ0ezcWHkolcS51
1SOChVvJEz4m7V4qgQmh6CQVjXg/GU+RyPylzJfAZuByQyhL03FMCtQTAW2lTXNz
5ShSEYOlDCJgUVAP42vRDTsIkKVFmPNCOOL22gjKBs88OL/5ieB1fL1Zx64lY5Vg
x0TN7AdaeF3D+zV0q6wwJZ4V0NaBopUpgtcdyvDJC7oa92AV8Jp/+nf+mjujU6gu
Uspu6OQ85jcnnCC63hU6UhCs4Be4LGmLpXoIBnEjjU4a7fueZ5GX5ebXiaGch0pg
OaRmJtevpqat8Y3Y5fZZmxIIlQPXSk9qQ33ioSutbjlu+4l9FDp7Obh27QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNzi1ycF/AfL6KTtyg40QoGRpaO3MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvM09MWEp3WDhCOHZvcE8zS0RqUkNnWkdsbzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wA4g
MA0GCSqGSIb3DQEBCwUAA4IBAQCvrvtevGCgk/slpgU9btoEC4IwqHM2xEZB/IOq
Yjmg+fFwiT800wyof029TZJg0LdC0GbYQboAuygZuSWRaJBacj+AX4huw8dyeWLl
MCJ2fJXicqrmKzORlQP/ftokSfPN+yKvxVzMod6V9F4eboCUceGBvhqh+qZ37wU9
lGgem1yWdbgHrC/PXSQNfZK8wOQmMzCqZ19I+DUS5fksC6xnZDk2FnAD14htiu12
KSyKLhsv0Y9FOdI468Db3oYPMw/068GlJoOOToe6mCqGhB6klnuGgXI6dAvdIg4g
cSlvvVlrmIawglHqIoE1L80/sTvfgyMbCX66Lw3un8vStJ4i
-----END CERTIFICATE-----