Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/5uDV4MKUdIbLiwIa2FxIYUn2dQ4.roa
File:                     5uDV4MKUdIbLiwIa2FxIYUn2dQ4.roa (raw, json)
Hash identifier:          OFcuz/mpl0OTYz76qPpDHBTTDDjrVBzKo07eR0yk6Hc=
Subject key identifier:   E6:E0:D5:E0:C2:94:74:86:CB:8B:02:1A:D8:5C:48:61:49:F6:75:0E
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C7EA420FA0437D2F520D07FE6DE7A
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/5uDV4MKUdIbLiwIa2FxIYUn2dQ4.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216418
IP address blocks:        2a12:bec0:430::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7e:a4:20:fa:04:37:d2:f5:20:d0:7f:e6:de:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6e0d5e0c2947486cb8b021ad85c486149f6750e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9c:c7:36:0e:24:ac:73:47:f5:0b:07:25:a1:
                    b2:22:d8:03:c9:31:3a:13:60:10:45:a7:8c:e4:83:
                    a3:f1:ec:92:17:f7:36:bf:2d:ea:05:c4:c9:8f:09:
                    26:19:64:bb:99:3a:a6:c0:56:f9:e8:63:6b:65:9a:
                    fa:93:34:e2:85:75:2a:25:52:af:3e:d7:a4:cf:20:
                    84:46:cc:62:b3:17:05:31:cf:da:7d:93:ee:ee:fe:
                    e9:e5:7d:3a:13:df:a1:89:43:f5:ac:d9:0b:51:d1:
                    43:e4:0d:b4:22:83:84:43:a5:53:29:71:36:ae:3d:
                    f6:27:0c:1d:78:65:11:6a:7c:d0:68:cf:b1:1c:0f:
                    34:87:d4:03:04:9c:cb:a9:ad:0f:7e:ff:23:79:7c:
                    ef:33:dd:0c:bd:d1:b6:9d:44:4a:7a:08:d8:87:03:
                    53:cb:99:f3:31:c8:e0:65:72:f6:e9:e0:6e:be:84:
                    45:87:6a:62:d1:2b:74:f8:03:3e:00:8a:01:20:a8:
                    6a:ee:55:8c:86:c0:2a:b0:b9:01:b8:02:ee:e0:e4:
                    21:e2:1f:5f:d6:72:c2:85:ee:c0:9d:8d:39:53:d5:
                    b5:d0:da:bf:88:cf:d2:0f:cf:91:36:88:c8:56:b5:
                    f4:8f:d8:8b:30:22:58:06:89:88:6d:92:ca:ad:22:
                    b7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:E0:D5:E0:C2:94:74:86:CB:8B:02:1A:D8:5C:48:61:49:F6:75:0E
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/5uDV4MKUdIbLiwIa2FxIYUn2dQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:430::/44

    Signature Algorithm: sha256WithRSAEncryption
         28:34:ec:0d:ec:6e:4e:fe:af:c0:f1:85:15:17:9f:d2:cf:45:
         d7:f5:1c:fc:43:25:a4:73:97:41:56:cc:bc:eb:87:34:8d:25:
         0c:8e:1a:77:a0:2e:ba:db:86:21:0d:e5:ed:f9:66:77:30:5e:
         3d:78:c0:05:96:13:2c:41:e4:95:e5:c5:33:f5:f8:c1:23:7e:
         f5:fe:5a:ac:e7:48:af:32:d6:99:e6:59:6f:11:0c:47:d6:9c:
         8e:16:c6:a9:d4:e0:88:22:e5:30:73:32:67:9e:4e:79:ef:a7:
         6c:26:9c:43:ed:90:25:20:3e:3b:3c:0d:06:e8:10:39:b4:25:
         87:cb:75:e3:63:c5:17:a6:20:69:fa:64:5f:b3:40:d2:c7:9b:
         35:91:ee:54:19:ee:08:2f:86:65:f2:15:00:cd:5f:87:6d:22:
         8a:65:c5:f5:8e:8a:f9:b4:ff:b2:88:67:67:6b:f1:79:f3:79:
         c2:75:8b:9a:56:44:ea:a1:57:ff:43:28:19:06:01:f6:22:17:
         01:1d:05:85:1f:3d:5c:ad:88:de:a5:be:35:d3:6b:f3:0c:e7:
         15:7c:7a:7c:79:c6:99:fb:cc:c0:2d:be:60:bf:50:3f:48:6e:
         39:43:69:3f:6d:26:eb:e8:b5:0f:c9:a6:3a:74:af:2a:86:ac:
         9b:4f:cf:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjH6kIPoEN9L1INB/5t56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmUwZDVlMGMyOTQ3NDg2Y2I4YjAyMWFkODVjNDg2MTQ5ZjY3NTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pzHNg4krHNH9QsHJaGyItgDyTE6
E2AQRaeM5IOj8eySF/c2vy3qBcTJjwkmGWS7mTqmwFb56GNrZZr6kzTihXUqJVKv
PtekzyCERsxisxcFMc/afZPu7v7p5X06E9+hiUP1rNkLUdFD5A20IoOEQ6VTKXE2
rj32JwwdeGURanzQaM+xHA80h9QDBJzLqa0Pfv8jeXzvM90MvdG2nURKegjYhwNT
y5nzMcjgZXL26eBuvoRFh2pi0St0+AM+AIoBIKhq7lWMhsAqsLkBuALu4OQh4h9f
1nLChe7AnY05U9W10Nq/iM/SD8+RNojIVrX0j9iLMCJYBomIbZLKrSK3rQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFObg1eDClHSGy4sCGthcSGFJ9nUOMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvNXVEVjRNS1VkSWJMaXdJYTJGeElZVW4yZFE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAQw
MA0GCSqGSIb3DQEBCwUAA4IBAQAoNOwN7G5O/q/A8YUVF5/Sz0XX9Rz8QyWkc5dB
Vsy864c0jSUMjhp3oC6624YhDeXt+WZ3MF49eMAFlhMsQeSV5cUz9fjBI371/lqs
50ivMtaZ5llvEQxH1pyOFsap1OCIIuUwczJnnk5576dsJpxD7ZAlID47PA0G6BA5
tCWHy3XjY8UXpiBp+mRfs0DSx5s1ke5UGe4IL4Zl8hUAzV+HbSKKZcX1jor5tP+y
iGdna/F583nCdYuaVkTqoVf/QygZBgH2IhcBHQWFHz1crYjepb4102vzDOcVfHp8
ecaZ+8zALb5gv1A/SG45Q2k/bSbr6LUPyaY6dK8qhqybT881
-----END CERTIFICATE-----