Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/8kLo1MLdpJFwlXvyohLFD6bE-TY.roa
File:                     8kLo1MLdpJFwlXvyohLFD6bE-TY.roa (raw, json)
Hash identifier:          W3wDq86phyyom9Zx3uvfGjFYuRR3dO8Ozw3aOrZiSME=
Subject key identifier:   F2:42:E8:D4:C2:DD:A4:91:70:95:7B:F2:A2:12:C5:0F:A6:C4:F9:36
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019731E7B5415478778E57A25C3571FBDCE1
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/8kLo1MLdpJFwlXvyohLFD6bE-TY.roa
Signing time:             Mon 02 Jun 2025 18:29:17 +0000
ROA not before:           Mon 02 Jun 2025 18:29:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207695
IP address blocks:        2a12:bec4:1750::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:31:e7:b5:41:54:78:77:8e:57:a2:5c:35:71:fb:dc:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jun  2 18:29:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f242e8d4c2dda49170957bf2a212c50fa6c4f936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:cc:84:70:4f:fe:fc:a1:b7:fa:67:4c:0a:de:
                    3c:79:f1:a7:d6:3d:df:47:16:67:b4:6f:c4:2a:60:
                    8c:a1:44:bc:8d:ac:ca:4c:13:dc:62:03:98:0a:f7:
                    d3:bc:40:c1:cb:60:2f:f0:bf:fb:28:11:b0:9c:85:
                    14:2f:98:26:49:1f:f1:06:3c:6e:d9:dc:43:3c:d6:
                    54:7a:80:31:dc:07:3f:92:0b:0d:6e:9c:9c:8a:78:
                    f6:ee:9d:d6:05:50:5c:5f:a4:aa:2f:3b:c0:94:ba:
                    4a:3e:c9:37:25:47:d6:25:f7:8d:bd:57:d3:74:4f:
                    9d:fb:4c:07:1e:26:6e:08:3b:1f:2b:30:92:da:a3:
                    f6:bf:96:58:33:59:4c:38:18:ac:a6:06:1a:08:d9:
                    d0:19:8d:bc:23:fb:f2:e7:85:84:04:32:5d:56:ef:
                    37:2e:f9:1b:b7:fa:39:7b:01:1d:5f:62:e4:fc:e0:
                    33:67:3e:2a:7b:88:ce:8e:2a:cf:98:3e:1f:82:f6:
                    43:b8:29:8b:4a:e3:8c:87:a8:b5:41:e2:4c:11:74:
                    d8:69:05:d2:1c:47:58:de:f7:a5:62:60:58:3f:7f:
                    fb:f0:36:74:a9:84:15:05:36:49:76:c0:a5:84:17:
                    8c:cf:cf:a0:84:a6:ae:e5:f3:8e:44:eb:95:8d:87:
                    3f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:42:E8:D4:C2:DD:A4:91:70:95:7B:F2:A2:12:C5:0F:A6:C4:F9:36
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/8kLo1MLdpJFwlXvyohLFD6bE-TY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1750::/44

    Signature Algorithm: sha256WithRSAEncryption
         53:e5:bf:fe:de:17:e6:0b:ff:72:cc:51:3a:5a:d5:e6:31:44:
         37:33:8a:00:67:39:02:be:84:52:8b:30:6f:1c:4f:51:1f:4f:
         90:a5:d6:b9:3c:02:0b:73:38:0d:16:9e:a2:70:e2:ed:0f:e7:
         20:4e:e2:69:12:02:65:87:cd:a4:e6:95:20:b5:0b:17:13:bf:
         c0:e8:5a:a6:8b:67:52:76:64:62:b8:9c:52:ab:be:48:6b:61:
         5c:30:cf:77:eb:eb:00:1a:8c:98:b6:2b:5f:e3:66:37:58:e6:
         78:24:37:d7:3b:c0:0c:e0:22:db:5e:8f:d5:c9:7b:30:9c:0a:
         33:34:72:f5:2b:75:e8:cf:dc:6d:48:f9:c4:0d:34:0e:6f:b7:
         18:62:e8:06:40:f8:fc:c0:7f:1c:bd:e4:d0:fa:48:89:d4:9b:
         2d:65:11:f4:7f:5d:6b:5e:83:9e:68:41:71:9b:6e:9c:40:4f:
         9d:8b:47:5e:28:2a:90:13:86:de:60:43:9d:8d:8b:84:b1:5e:
         ba:d2:e7:41:3a:0f:3b:73:fb:09:1b:0f:45:ed:ae:93:33:ea:
         58:ea:33:76:18:2e:d5:d4:37:71:96:dd:fa:6f:d0:5f:5a:f2:
         4d:c3:d2:3d:c9:b2:02:95:a1:96:cc:38:c3:55:02:73:6d:86:
         19:4e:41:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZcx57VBVHh3jleiXDVx+9zhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNjAyMTgyOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQyZThkNGMyZGRhNDkxNzA5NTdiZjJhMjEyYzUwZmE2YzRmOTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMyEcE/+/KG3+mdMCt48efGn1j3f
RxZntG/EKmCMoUS8jazKTBPcYgOYCvfTvEDBy2Av8L/7KBGwnIUUL5gmSR/xBjxu
2dxDPNZUeoAx3Ac/kgsNbpycinj27p3WBVBcX6SqLzvAlLpKPsk3JUfWJfeNvVfT
dE+d+0wHHiZuCDsfKzCS2qP2v5ZYM1lMOBispgYaCNnQGY28I/vy54WEBDJdVu83
Lvkbt/o5ewEdX2Lk/OAzZz4qe4jOjirPmD4fgvZDuCmLSuOMh6i1QeJMEXTYaQXS
HEdY3velYmBYP3/78DZ0qYQVBTZJdsClhBeMz8+ghKau5fOOROuVjYc/WQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPJC6NTC3aSRcJV78qISxQ+mxPk2MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvOGtMbzFNTGRwSkZ3bFh2eW9oTEZENmJFLVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBdQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBT5b/+3hfmC/9yzFE6WtXmMUQ3M4oAZzkCvoRS
izBvHE9RH0+Qpda5PAILczgNFp6icOLtD+cgTuJpEgJlh82k5pUgtQsXE7/A6Fqm
i2dSdmRiuJxSq75Ia2FcMM936+sAGoyYtitf42Y3WOZ4JDfXO8AM4CLbXo/VyXsw
nAozNHL1K3Xoz9xtSPnEDTQOb7cYYugGQPj8wH8cveTQ+kiJ1JstZRH0f11rXoOe
aEFxm26cQE+di0deKCqQE4beYEOdjYuEsV660udBOg87c/sJGw9F7a6TM+pY6jN2
GC7V1Ddxlt36b9BfWvJNw9I9ybIClaGWzDjDVQJzbYYZTkFV
-----END CERTIFICATE-----