Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/53PRcjzGhjNwwdS706nDbjX0X50.roa
File:                     53PRcjzGhjNwwdS706nDbjX0X50.roa (raw, json)
Hash identifier:          KZbdrm9gyw1yM5PLzAeslUiT1TACAdwv9BIqXw0gUiE=
Subject key identifier:   E7:73:D1:72:3C:C6:86:33:70:C1:D4:BB:D3:A9:C3:6E:35:F4:5F:9D
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C61E28007611B7EFC46606A0F32E8
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/53PRcjzGhjNwwdS706nDbjX0X50.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210269
IP address blocks:        2a12:bec0:100::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:61:e2:80:07:61:1b:7e:fc:46:60:6a:0f:32:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e773d1723cc6863370c1d4bbd3a9c36e35f45f9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:76:89:1b:1b:e7:f3:49:23:8b:65:0f:b4:12:
                    98:98:51:f4:3a:29:15:b3:66:f4:e7:5e:d3:12:d3:
                    56:fc:e2:2a:91:71:bf:2d:15:13:32:7e:a5:db:65:
                    b9:fa:0b:16:51:e4:08:33:50:a9:ea:67:4e:cd:26:
                    35:c1:c5:02:40:8a:19:e9:87:bc:ea:85:bb:ee:92:
                    1c:60:2a:c3:a3:81:a4:05:88:d7:de:34:e7:d2:2f:
                    1f:3e:bb:e8:62:38:6b:d8:f2:c7:bf:f7:52:af:e3:
                    21:49:e8:ab:53:7f:0c:1f:2d:e7:21:b3:57:f5:1c:
                    35:25:d2:ae:4c:b1:b9:e2:f3:7a:ba:d7:ac:e6:e7:
                    b6:d0:eb:ff:b5:fe:c9:34:57:5c:54:e0:8f:9a:23:
                    a1:0c:ed:27:dd:83:e4:6d:54:0b:61:ec:a3:a8:23:
                    a9:9b:a5:8f:32:b7:e9:fc:7d:81:6a:0d:45:99:51:
                    3d:eb:0c:eb:d0:1b:4f:2f:cb:27:9c:11:34:c8:36:
                    33:71:75:33:b2:27:d6:06:dd:e8:56:34:43:d4:1d:
                    25:51:85:b0:7e:b0:2f:0e:35:1d:34:bd:fc:2a:46:
                    a0:3c:e4:05:95:f6:de:88:5d:9d:50:96:7d:b9:4c:
                    19:a9:a9:8b:85:d6:4a:1a:8e:e1:7e:f9:dd:94:ad:
                    33:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:73:D1:72:3C:C6:86:33:70:C1:D4:BB:D3:A9:C3:6E:35:F4:5F:9D
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/53PRcjzGhjNwwdS706nDbjX0X50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:100::/44

    Signature Algorithm: sha256WithRSAEncryption
         b9:c4:34:16:86:2d:ef:03:93:5a:60:db:72:4a:ac:8d:b2:76:
         37:2c:2c:8e:e2:d8:08:2e:98:33:7b:1e:de:19:e3:e2:6b:23:
         72:97:3f:4a:3a:b9:a6:03:f7:1b:2b:38:c4:e4:ce:53:f0:71:
         f3:76:3f:18:48:0a:79:f4:9d:a4:28:cb:f5:c9:59:77:8c:ce:
         62:af:db:71:6f:14:7d:9c:c4:0b:ee:89:e9:00:33:6b:b9:5e:
         fe:99:c1:31:82:aa:08:5d:62:2b:08:bf:14:a9:26:6c:1b:20:
         b9:f4:31:e2:be:6e:79:c9:81:c5:3e:e3:6f:bb:36:71:fb:4e:
         a7:19:c7:c2:b1:23:a7:43:14:c2:77:9d:fd:54:1c:18:6b:90:
         38:44:41:ee:03:ee:94:e8:43:33:af:28:75:4c:f3:c8:99:99:
         81:73:8b:a1:32:21:31:5f:1a:e5:4b:ae:5a:46:de:18:11:ba:
         83:1a:5b:f4:4c:c2:83:a0:63:da:c5:ef:7d:c4:c6:cd:61:b7:
         90:cf:11:90:c9:38:a9:fe:46:41:47:48:47:f5:d7:8d:26:a3:
         d0:ca:e6:28:43:31:a8:6d:ac:52:e8:c5:25:bc:12:f9:a4:69:
         b7:fb:98:3a:c1:3e:93:0a:f0:76:8a:fe:99:fd:c3:c7:09:65:
         60:dd:e9:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjGHigAdhG378RmBqDzLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzczZDE3MjNjYzY4NjMzNzBjMWQ0YmJkM2E5YzM2ZTM1ZjQ1ZjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnaJGxvn80kji2UPtBKYmFH0OikV
s2b0517TEtNW/OIqkXG/LRUTMn6l22W5+gsWUeQIM1Cp6mdOzSY1wcUCQIoZ6Ye8
6oW77pIcYCrDo4GkBYjX3jTn0i8fPrvoYjhr2PLHv/dSr+MhSeirU38MHy3nIbNX
9Rw1JdKuTLG54vN6utes5ue20Ov/tf7JNFdcVOCPmiOhDO0n3YPkbVQLYeyjqCOp
m6WPMrfp/H2Bag1FmVE96wzr0BtPL8snnBE0yDYzcXUzsifWBt3oVjRD1B0lUYWw
frAvDjUdNL38KkagPOQFlfbeiF2dUJZ9uUwZqamLhdZKGo7hfvndlK0zAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOdz0XI8xoYzcMHUu9Opw2419F+dMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvNTNQUmNqekdoak53d2RTNzA2bkRialgwWDUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQC5xDQWhi3vA5NaYNtySqyNsnY3LCyO4tgILpgz
ex7eGePiayNylz9KOrmmA/cbKzjE5M5T8HHzdj8YSAp59J2kKMv1yVl3jM5ir9tx
bxR9nMQL7onpADNruV7+mcExgqoIXWIrCL8UqSZsGyC59DHivm55yYHFPuNvuzZx
+06nGcfCsSOnQxTCd539VBwYa5A4REHuA+6U6EMzryh1TPPImZmBc4uhMiExXxrl
S65aRt4YEbqDGlv0TMKDoGPaxe99xMbNYbeQzxGQyTip/kZBR0hH9deNJqPQyuYo
QzGobaxS6MUlvBL5pGm3+5g6wT6TCvB2iv6Z/cPHCWVg3elq
-----END CERTIFICATE-----