Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/8fs53ghdhfseUC7V-HFC2zAy9sE.roa
File:                     8fs53ghdhfseUC7V-HFC2zAy9sE.roa (raw, json)
Hash identifier:          IOHdI7J7MrPttF03H0FuORb/Ir5AGxCMPj4E3I4c1Lg=
Subject key identifier:   F1:FB:39:DE:08:5D:85:FB:1E:50:2E:D5:F8:71:42:DB:30:32:F6:C1
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01977EAA96C5692BDB53DFC862F8813E2E60
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/8fs53ghdhfseUC7V-HFC2zAy9sE.roa
Signing time:             Tue 17 Jun 2025 16:13:18 +0000
ROA not before:           Tue 17 Jun 2025 16:13:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212824
IP address blocks:        2a12:bec4:1830::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7e:aa:96:c5:69:2b:db:53:df:c8:62:f8:81:3e:2e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jun 17 16:13:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1fb39de085d85fb1e502ed5f87142db3032f6c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7f:39:85:2d:03:d9:86:d9:df:e7:67:fb:74:
                    2d:40:41:00:fc:73:b5:7b:02:ed:c8:4f:be:70:21:
                    4f:75:30:80:00:ad:dd:f7:0b:46:a6:32:a1:66:87:
                    7a:65:8f:66:c8:35:07:9d:a6:45:b2:6f:35:22:cd:
                    36:9b:c0:86:af:51:3e:89:21:73:22:d3:0e:a4:4c:
                    58:3d:df:ca:c7:22:08:93:cc:ab:b8:aa:84:b4:7e:
                    40:d6:71:42:5d:42:8d:9d:f5:8c:ec:a0:90:ec:52:
                    17:33:f3:ff:67:38:98:cd:61:a8:3d:ac:7a:eb:d8:
                    a3:02:32:84:f4:75:08:5f:b5:9d:d0:f7:c0:a4:a5:
                    e8:55:63:17:27:d4:09:e4:78:9a:3f:d2:32:12:c1:
                    17:7c:62:df:97:dc:92:76:75:09:35:f9:b5:49:f2:
                    8f:41:21:83:a5:2a:c4:eb:89:6b:8f:05:d1:00:6b:
                    96:94:2e:85:af:da:6f:66:6a:04:42:96:fd:c9:b3:
                    0f:c5:17:ef:80:ad:5a:2f:61:8a:68:2b:f5:7e:7d:
                    c3:01:f3:09:f3:25:c7:ff:bc:fa:f9:41:1d:c0:dd:
                    4a:d4:02:59:ac:5c:e6:c5:a5:f2:e0:18:29:bf:4d:
                    3f:5d:23:95:81:9d:54:d3:2a:8c:80:52:09:0e:b6:
                    86:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:FB:39:DE:08:5D:85:FB:1E:50:2E:D5:F8:71:42:DB:30:32:F6:C1
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/8fs53ghdhfseUC7V-HFC2zAy9sE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1830::/44

    Signature Algorithm: sha256WithRSAEncryption
         a1:13:06:82:e1:2e:80:42:96:78:ea:32:80:ed:cb:52:2a:06:
         85:0d:23:dd:2d:e6:a1:4d:fe:e9:21:51:28:e5:39:b9:1b:c6:
         76:10:89:00:ae:f9:d9:f1:70:55:76:c1:70:e0:bc:2f:73:7f:
         46:01:7a:3c:e9:fc:cc:ea:f0:6f:66:b0:49:06:fc:f1:79:7f:
         e7:e8:14:9b:5b:1b:a6:27:54:6c:49:c5:5f:15:08:b7:ef:2a:
         64:49:f9:fc:a8:4f:60:56:46:06:81:3f:6e:48:73:5d:59:89:
         3c:e8:c7:07:75:da:fc:3c:61:91:da:14:94:d2:39:e9:0f:8e:
         d1:61:4c:d6:9e:91:8a:c7:00:80:67:ab:ca:22:25:d9:2a:07:
         df:79:7f:f1:2d:9d:95:49:2d:d0:69:f9:98:86:ba:76:db:2a:
         21:b1:47:64:6e:96:ed:8e:07:20:60:ee:63:11:33:fa:16:e0:
         f0:29:cb:78:87:22:1a:1b:3e:f6:26:4c:25:12:da:a9:6c:05:
         47:5b:39:2c:dc:6a:00:36:41:98:44:99:a3:73:b7:fb:77:d1:
         11:a3:6e:38:a2:6d:8f:8a:ec:37:92:7d:bd:44:3b:0f:31:c5:
         46:2f:0c:0e:8e:43:59:93:a9:30:0f:66:54:b9:33:c5:60:97:
         4b:03:34:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZd+qpbFaSvbU9/IYviBPi5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNjE3MTYxMzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWZiMzlkZTA4NWQ4NWZiMWU1MDJlZDVmODcxNDJkYjMwMzJmNmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH85hS0D2YbZ3+dn+3QtQEEA/HO1
ewLtyE++cCFPdTCAAK3d9wtGpjKhZod6ZY9myDUHnaZFsm81Is02m8CGr1E+iSFz
ItMOpExYPd/KxyIIk8yruKqEtH5A1nFCXUKNnfWM7KCQ7FIXM/P/ZziYzWGoPax6
69ijAjKE9HUIX7Wd0PfApKXoVWMXJ9QJ5HiaP9IyEsEXfGLfl9ySdnUJNfm1SfKP
QSGDpSrE64lrjwXRAGuWlC6Fr9pvZmoEQpb9ybMPxRfvgK1aL2GKaCv1fn3DAfMJ
8yXH/7z6+UEdwN1K1AJZrFzmxaXy4Bgpv00/XSOVgZ1U0yqMgFIJDraGSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPH7Od4IXYX7HlAu1fhxQtswMvbBMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvOGZzNTNnaGRoZnNlVUM3Vi1IRkMyekF5OXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBgw
MA0GCSqGSIb3DQEBCwUAA4IBAQChEwaC4S6AQpZ46jKA7ctSKgaFDSPdLeahTf7p
IVEo5Tm5G8Z2EIkArvnZ8XBVdsFw4Lwvc39GAXo86fzM6vBvZrBJBvzxeX/n6BSb
WxumJ1RsScVfFQi37ypkSfn8qE9gVkYGgT9uSHNdWYk86McHddr8PGGR2hSU0jnp
D47RYUzWnpGKxwCAZ6vKIiXZKgffeX/xLZ2VSS3QafmYhrp22yohsUdkbpbtjgcg
YO5jETP6FuDwKct4hyIaGz72JkwlEtqpbAVHWzks3GoANkGYRJmjc7f7d9ERo244
om2Piuw3kn29RDsPMcVGLwwOjkNZk6kwD2ZUuTPFYJdLAzR/
-----END CERTIFICATE-----