Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/A4kwNIQcJQi55CMVzs80ADRYMjU.roa
File:                     A4kwNIQcJQi55CMVzs80ADRYMjU.roa (raw, json)
Hash identifier:          EHqH0dalQMo2V5zwqu1VHR/xPpaZtdxO32jS9ItLX3E=
Subject key identifier:   03:89:30:34:84:1C:25:08:B9:E4:23:15:CE:CF:34:00:34:58:32:35
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C72C3AC8E2C6DA6D394785F8D593E
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/A4kwNIQcJQi55CMVzs80ADRYMjU.roa
Signing time:             Wed 01 Jan 2025 01:48:05 +0000
ROA not before:           Wed 01 Jan 2025 01:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215745
IP address blocks:        2a12:bec0:638::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:72:c3:ac:8e:2c:6d:a6:d3:94:78:5f:8d:59:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03893034841c2508b9e42315cecf340034583235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f3:69:4c:f2:1e:c5:25:80:ee:4b:03:54:71:
                    42:91:c7:f2:fd:fe:df:81:b0:b2:60:15:0b:d1:8c:
                    86:74:1f:5c:12:f9:88:d2:3d:ef:40:5d:21:e3:1a:
                    53:dc:50:5e:e1:41:c9:39:fe:dd:07:55:0c:45:6d:
                    e3:b3:ad:c4:da:34:70:02:bf:21:17:4e:e6:ed:a7:
                    ce:9d:a8:8c:da:8c:c1:18:a9:1b:4c:54:7f:97:ae:
                    56:5d:f6:ca:fa:5b:8d:f9:15:02:35:4f:78:67:ac:
                    e9:42:15:43:da:c9:70:0f:b0:4f:0e:5f:02:3a:15:
                    80:da:52:83:b3:73:a7:e4:45:84:bb:68:44:c3:1e:
                    7d:a9:56:87:ba:b0:0e:24:e3:73:d9:63:6a:ba:80:
                    ca:33:2d:32:21:c3:e5:dc:04:54:ba:a3:e0:68:46:
                    4c:68:2c:35:1d:83:75:35:ee:4f:a6:1c:ea:f3:8a:
                    8a:42:91:db:d7:59:f7:df:a3:dc:de:2d:5e:b4:b5:
                    49:90:72:28:0e:70:29:ec:b3:76:fd:1a:ab:6a:a8:
                    2c:c5:fc:41:bf:ec:8a:5c:45:6c:fc:6c:3b:96:e7:
                    62:b7:d1:8d:fb:13:8d:b1:44:f4:a1:82:9e:4c:e8:
                    24:2e:f7:48:34:fa:f0:57:d8:70:2f:2c:7c:b6:56:
                    d2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:89:30:34:84:1C:25:08:B9:E4:23:15:CE:CF:34:00:34:58:32:35
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/A4kwNIQcJQi55CMVzs80ADRYMjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:638::/46

    Signature Algorithm: sha256WithRSAEncryption
         4f:cd:69:89:fe:5c:41:8e:9b:31:f5:d9:c6:8d:ed:9e:a8:eb:
         41:a1:fe:c9:cc:97:52:8a:c8:3e:1b:c1:dc:c4:1f:94:e4:52:
         3b:0c:2a:0e:cc:13:c8:de:f8:2f:32:3b:85:9e:3f:4e:87:4e:
         9e:25:47:b4:d9:87:cb:94:ee:d9:a1:d8:31:5c:62:27:50:ba:
         37:e6:a0:56:b8:a1:85:c3:d1:e6:ed:35:18:e2:b1:d3:63:85:
         9c:aa:c4:76:ea:9f:f0:b3:61:a3:63:5e:a1:b0:b8:76:28:27:
         a1:4e:0f:4a:89:92:a4:4e:14:6b:60:21:41:8d:98:1c:5b:ab:
         81:85:3d:3f:d9:72:63:1a:33:6a:2a:34:32:ef:fd:76:ca:90:
         4c:94:a4:e9:51:fa:7c:a9:80:d8:a0:37:ea:86:ea:7d:02:5b:
         bb:a0:5e:d6:90:8c:a6:7c:53:59:cb:5a:08:f4:05:3c:22:ee:
         38:2f:b9:64:21:f6:91:3f:f1:b1:39:82:42:94:b1:eb:f1:ee:
         eb:c4:c0:e2:4f:42:92:f0:52:38:ce:b5:a2:4f:90:14:76:af:
         45:7a:f2:33:3b:8d:d8:53:c6:b6:ef:41:ae:ec:18:67:e5:d8:
         26:79:32:ac:98:89:4e:2e:46:66:8c:d0:a3:f4:f2:4f:ae:02:
         26:ac:db:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHLDrI4sbabTlHhfjVk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzg5MzAzNDg0MWMyNTA4YjllNDIzMTVjZWNmMzQwMDM0NTgzMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/NpTPIexSWA7ksDVHFCkcfy/f7f
gbCyYBUL0YyGdB9cEvmI0j3vQF0h4xpT3FBe4UHJOf7dB1UMRW3js63E2jRwAr8h
F07m7afOnaiM2ozBGKkbTFR/l65WXfbK+luN+RUCNU94Z6zpQhVD2slwD7BPDl8C
OhWA2lKDs3On5EWEu2hEwx59qVaHurAOJONz2WNquoDKMy0yIcPl3ARUuqPgaEZM
aCw1HYN1Ne5Pphzq84qKQpHb11n336Pc3i1etLVJkHIoDnAp7LN2/RqraqgsxfxB
v+yKXEVs/Gw7ludit9GN+xONsUT0oYKeTOgkLvdINPrwV9hwLyx8tlbSDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAOJMDSEHCUIueQjFc7PNAA0WDI1MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvQTRrd05JUWNKUWk1NUNNVnpzODBBRFJZTWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhK+wAY4
MA0GCSqGSIb3DQEBCwUAA4IBAQBPzWmJ/lxBjpsx9dnGje2eqOtBof7JzJdSisg+
G8HcxB+U5FI7DCoOzBPI3vgvMjuFnj9Oh06eJUe02YfLlO7ZodgxXGInULo35qBW
uKGFw9Hm7TUY4rHTY4WcqsR26p/ws2GjY16hsLh2KCehTg9KiZKkThRrYCFBjZgc
W6uBhT0/2XJjGjNqKjQy7/12ypBMlKTpUfp8qYDYoDfqhup9Alu7oF7WkIymfFNZ
y1oI9AU8Iu44L7lkIfaRP/GxOYJClLHr8e7rxMDiT0KS8FI4zrWiT5AUdq9FevIz
O43YU8a270Gu7Bhn5dgmeTKsmIlOLkZmjNCj9PJPrgImrNu7
-----END CERTIFICATE-----