Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/6kPOBcJV42yj0O2y3I0Bbpm25zY.roa
File:                     6kPOBcJV42yj0O2y3I0Bbpm25zY.roa (raw, json)
Hash identifier:          VzyEFR9ZpSNV99v+/DljrD3rwiX/y3yenN+bjXK97LU=
Subject key identifier:   EA:43:CE:05:C2:55:E3:6C:A3:D0:ED:B2:DC:8D:01:6E:99:B6:E7:36
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C5D50A6F38302EFD4D81933332325
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/6kPOBcJV42yj0O2y3I0Bbpm25zY.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202585
IP address blocks:        2a12:bec0:5e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5d:50:a6:f3:83:02:ef:d4:d8:19:33:33:23:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea43ce05c255e36ca3d0edb2dc8d016e99b6e736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:69:ca:ad:d9:13:6c:37:97:62:60:6a:e6:5c:
                    10:05:b3:7e:e0:6d:6e:9c:af:62:4f:12:99:73:8f:
                    f3:f1:18:d4:6d:5c:47:77:3b:2e:dc:0d:6e:ba:53:
                    a0:07:8c:6b:5a:95:13:a1:2e:62:77:e2:d3:cc:91:
                    4b:2f:35:32:c7:2a:68:6e:3d:e0:0e:10:d6:eb:15:
                    a4:85:81:9a:46:41:ea:cf:90:bf:d3:81:53:b1:e3:
                    c0:b8:1b:60:cb:6e:11:d2:75:44:79:75:7a:ec:ad:
                    49:a6:e4:c8:cf:d1:77:e9:9e:96:b6:76:bc:07:50:
                    a7:36:97:96:43:11:cf:15:33:7d:86:3b:5c:d3:f6:
                    1a:5f:dc:d1:20:46:6f:6a:35:79:7b:c0:aa:1c:a4:
                    60:20:98:86:da:84:96:1b:ad:45:b6:51:76:87:af:
                    47:41:11:d0:03:df:1a:b1:d4:dd:d7:d3:8c:20:f1:
                    4f:7f:29:b4:6e:6f:a7:47:9c:76:74:c1:fd:af:4d:
                    1e:8f:7f:57:9f:78:88:65:48:3c:60:5a:4c:65:bb:
                    06:e0:f8:ef:af:c0:5b:c9:96:80:ce:f9:e6:06:c0:
                    ae:f7:be:88:06:24:61:2b:13:80:ed:d8:20:75:71:
                    84:9c:13:f3:88:44:7f:ec:3d:29:85:91:52:e5:7f:
                    a3:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:43:CE:05:C2:55:E3:6C:A3:D0:ED:B2:DC:8D:01:6E:99:B6:E7:36
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/6kPOBcJV42yj0O2y3I0Bbpm25zY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:5e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         86:b9:46:08:e0:b5:20:ab:c5:1c:fb:c9:a2:b1:48:06:74:19:
         b1:3d:bc:25:05:78:57:d3:4d:c6:60:35:ee:9a:23:fd:ec:12:
         12:0a:a7:7f:22:74:a9:44:4e:9f:f9:56:66:69:8d:e7:fb:73:
         b3:bc:ff:07:5b:19:8c:cd:24:a1:e9:29:47:b7:f9:03:df:d3:
         37:11:45:bf:74:e7:33:da:3f:3b:12:8d:19:cb:39:5e:7f:c7:
         a3:3d:4e:34:cd:78:b7:9a:e9:10:c0:15:e2:2e:bc:30:f2:fe:
         9f:ed:4b:11:9e:44:de:26:92:8f:03:b6:54:5d:e1:e9:5a:a8:
         f0:d9:e3:fd:82:8b:97:ce:08:5c:0e:93:f1:99:12:73:ce:6e:
         fc:05:7d:67:a2:0a:2d:a5:11:a6:34:ac:a9:31:68:d1:d0:33:
         7a:a5:35:d8:f4:57:51:97:f2:b6:76:25:40:b5:28:4e:33:79:
         48:02:64:50:8c:03:c1:31:c1:e7:18:95:4d:45:b8:d7:12:64:
         62:24:c3:4c:5d:76:48:2b:df:ab:d7:52:d9:59:9b:aa:1d:f3:
         e1:15:30:1e:12:bf:96:1d:af:50:17:35:d9:57:f3:dd:2d:7c:
         da:1a:de:0b:0f:18:fb:f2:42:82:61:56:78:5c:6c:ed:a2:0e:
         51:ed:ee:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjF1QpvODAu/U2BkzMyMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQzY2UwNWMyNTVlMzZjYTNkMGVkYjJkYzhkMDE2ZTk5YjZlNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7WnKrdkTbDeXYmBq5lwQBbN+4G1u
nK9iTxKZc4/z8RjUbVxHdzsu3A1uulOgB4xrWpUToS5id+LTzJFLLzUyxypobj3g
DhDW6xWkhYGaRkHqz5C/04FTsePAuBtgy24R0nVEeXV67K1JpuTIz9F36Z6Wtna8
B1CnNpeWQxHPFTN9hjtc0/YaX9zRIEZvajV5e8CqHKRgIJiG2oSWG61FtlF2h69H
QRHQA98asdTd19OMIPFPfym0bm+nR5x2dMH9r00ej39Xn3iIZUg8YFpMZbsG4Pjv
r8BbyZaAzvnmBsCu976IBiRhKxOA7dggdXGEnBPziER/7D0phZFS5X+jYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOpDzgXCVeNso9DtstyNAW6Ztuc2MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvNmtQT0JjSlY0MnlqME8yeTNJMEJicG0yNXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAXg
MA0GCSqGSIb3DQEBCwUAA4IBAQCGuUYI4LUgq8Uc+8misUgGdBmxPbwlBXhX003G
YDXumiP97BISCqd/InSpRE6f+VZmaY3n+3OzvP8HWxmMzSSh6SlHt/kD39M3EUW/
dOcz2j87Eo0Zyzlef8ejPU40zXi3mukQwBXiLrww8v6f7UsRnkTeJpKPA7ZUXeHp
Wqjw2eP9gouXzghcDpPxmRJzzm78BX1nogotpRGmNKypMWjR0DN6pTXY9FdRl/K2
diVAtShOM3lIAmRQjAPBMcHnGJVNRbjXEmRiJMNMXXZIK9+r11LZWZuqHfPhFTAe
Er+WHa9QFzXZV/PdLXzaGt4LDxj78kKCYVZ4XGztog5R7e7Z
-----END CERTIFICATE-----