Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/6QsmU9z8ds26qdbsGVuePtNa3q8.roa
File:                     6QsmU9z8ds26qdbsGVuePtNa3q8.roa (raw, json)
Hash identifier:          /0d8DoaSQJKD/fjqFPk7e+kx/hmHDrnyOc9g01Amdk0=
Subject key identifier:   E9:0B:26:53:DC:FC:76:CD:BA:A9:D6:EC:19:5B:9E:3E:D3:5A:DE:AF
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C7B210427B036AB001C075EA1CD27
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/6QsmU9z8ds26qdbsGVuePtNa3q8.roa
Signing time:             Wed 01 Jan 2025 01:48:07 +0000
ROA not before:           Wed 01 Jan 2025 01:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216255
IP address blocks:        2a12:bec0:470::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 15:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7b:21:04:27:b0:36:ab:00:1c:07:5e:a1:cd:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e90b2653dcfc76cdbaa9d6ec195b9e3ed35adeaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6c:53:90:35:d5:ef:9c:a8:03:9c:f1:13:66:
                    ca:85:6b:31:2b:b5:f1:ce:3a:da:d4:f5:22:d6:97:
                    66:4a:85:d8:12:56:6b:42:ca:20:59:07:47:47:86:
                    43:37:79:fd:26:7b:16:eb:18:b4:72:42:a0:b9:05:
                    0c:7a:48:9e:5e:6d:13:54:d6:56:72:52:d7:84:be:
                    b1:2e:97:0b:8f:6c:5a:b0:11:9c:ec:da:f3:c2:f3:
                    0f:c5:2f:6a:69:d9:25:c5:60:f4:a1:9f:e9:85:49:
                    3c:2f:e9:3c:9f:1c:4a:48:98:c4:58:6f:b9:c2:a6:
                    a3:99:ef:da:fe:91:e9:b1:8d:66:8a:3c:ce:db:7a:
                    d3:62:55:b3:b2:4d:34:0a:45:cb:fc:27:30:54:0f:
                    93:36:09:a1:50:b4:7b:f3:8a:03:60:0f:07:22:9a:
                    1e:80:d5:8a:79:14:6b:24:46:7d:29:67:ed:3f:c7:
                    cd:aa:05:fc:b5:21:ef:ff:59:eb:59:0c:7c:b9:94:
                    5a:16:e7:3f:a1:57:24:ac:6c:18:7e:49:5a:02:20:
                    a6:47:5c:66:ac:ed:4b:b0:68:02:ea:75:9c:8c:4b:
                    34:c6:9e:df:7e:8c:cd:32:21:5d:0e:74:f4:52:fc:
                    46:0a:94:57:d3:71:92:c4:13:34:86:e2:2a:95:b3:
                    b1:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:0B:26:53:DC:FC:76:CD:BA:A9:D6:EC:19:5B:9E:3E:D3:5A:DE:AF
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/6QsmU9z8ds26qdbsGVuePtNa3q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:470::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:47:09:c6:cc:bb:b5:c3:a0:47:a7:95:8b:02:65:be:90:b4:
         fa:c6:23:cc:47:9a:18:be:49:aa:2d:88:74:80:ff:1d:f0:62:
         15:5d:99:5a:bc:e7:d5:21:4a:7b:1a:50:32:1a:4e:c1:ba:53:
         73:d1:3a:70:e2:c0:73:c0:65:d5:86:fc:ce:24:1d:4b:fe:f6:
         88:84:09:2a:d9:35:58:2e:5d:b9:e8:73:fa:97:b5:9f:64:a7:
         aa:8e:a6:18:ef:82:7b:ef:79:99:43:77:59:af:c5:81:36:43:
         a9:86:bc:86:00:b9:df:b1:7f:eb:f8:32:cf:4e:c2:53:8a:19:
         14:7d:39:76:1d:10:89:1d:e4:25:1b:ca:25:3a:00:6d:53:91:
         2d:bc:1e:6d:b4:88:8f:ce:bb:2b:45:f0:6d:e0:83:1a:66:57:
         ab:6c:0c:e2:ef:09:b4:1f:00:75:05:66:44:a9:6a:5f:7c:fe:
         b8:77:d4:1a:35:91:82:d4:93:ee:71:05:c3:39:eb:06:5b:8a:
         68:0f:b8:f8:39:d5:97:85:52:65:71:51:b5:b7:f1:a9:24:53:
         d4:3e:53:d0:3f:75:4a:fe:08:e6:fe:67:54:ee:72:e5:5c:2c:
         3a:0b:fe:86:f6:b4:9c:96:e6:44:4b:4d:db:8f:80:ab:f4:8e:
         09:e3:e7:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHshBCewNqsAHAdeoc0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTBiMjY1M2RjZmM3NmNkYmFhOWQ2ZWMxOTViOWUzZWQzNWFkZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGxTkDXV75yoA5zxE2bKhWsxK7Xx
zjra1PUi1pdmSoXYElZrQsogWQdHR4ZDN3n9JnsW6xi0ckKguQUMekieXm0TVNZW
clLXhL6xLpcLj2xasBGc7NrzwvMPxS9qadklxWD0oZ/phUk8L+k8nxxKSJjEWG+5
wqajme/a/pHpsY1mijzO23rTYlWzsk00CkXL/CcwVA+TNgmhULR784oDYA8HIpoe
gNWKeRRrJEZ9KWftP8fNqgX8tSHv/1nrWQx8uZRaFuc/oVckrGwYfklaAiCmR1xm
rO1LsGgC6nWcjEs0xp7ffozNMiFdDnT0UvxGCpRX03GSxBM0huIqlbOxswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOkLJlPc/HbNuqnW7Blbnj7TWt6vMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvNlFzbVU5ejhkczI2cWRic0dWdWVQdE5hM3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wARw
MA0GCSqGSIb3DQEBCwUAA4IBAQA+RwnGzLu1w6BHp5WLAmW+kLT6xiPMR5oYvkmq
LYh0gP8d8GIVXZlavOfVIUp7GlAyGk7BulNz0Tpw4sBzwGXVhvzOJB1L/vaIhAkq
2TVYLl256HP6l7WfZKeqjqYY74J773mZQ3dZr8WBNkOphryGALnfsX/r+DLPTsJT
ihkUfTl2HRCJHeQlG8olOgBtU5EtvB5ttIiPzrsrRfBt4IMaZlerbAzi7wm0HwB1
BWZEqWpffP64d9QaNZGC1JPucQXDOesGW4poD7j4OdWXhVJlcVG1t/GpJFPUPlPQ
P3VK/gjm/mdU7nLlXCw6C/6G9rScluZES03bj4Cr9I4J4+cE
-----END CERTIFICATE-----