Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/AiLfrW2W_MOcypOuJ1i74g04Jwk.roa
File:                     AiLfrW2W_MOcypOuJ1i74g04Jwk.roa (raw, json)
Hash identifier:          UnzqdJl1+w+gOdryYpe5pdtdmPTXjHiwHnrBcyT1KZA=
Subject key identifier:   02:22:DF:AD:6D:96:FC:C3:9C:CA:93:AE:27:58:BB:E2:0D:38:27:09
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C7A957C88809FAFFB4FB27298BD65
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/AiLfrW2W_MOcypOuJ1i74g04Jwk.roa
Signing time:             Wed 01 Jan 2025 01:48:07 +0000
ROA not before:           Wed 01 Jan 2025 01:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216253
IP address blocks:        2a12:bec0:480::/44 maxlen: 48
                          2a12:bec4:1140::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7a:95:7c:88:80:9f:af:fb:4f:b2:72:98:bd:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0222dfad6d96fcc39cca93ae2758bbe20d382709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:df:c0:74:52:48:4a:bf:8d:3f:42:81:36:a0:
                    c4:0e:eb:47:84:f9:82:e8:e1:4e:70:fe:df:d3:30:
                    47:81:68:f3:20:74:61:6a:5e:6f:75:cb:71:de:61:
                    19:b3:50:18:f9:ee:9e:e1:50:62:37:c1:b9:58:31:
                    52:5a:43:eb:de:9c:8a:9e:89:f1:e2:18:de:32:f1:
                    f7:ef:fc:95:fc:1e:56:15:8f:40:3c:16:05:0d:5c:
                    01:16:e9:97:98:5e:e4:4c:20:39:66:7f:17:6d:2b:
                    c5:db:f5:a2:36:3b:84:34:e3:3a:a8:0c:d9:4e:77:
                    a2:77:1b:ea:1c:23:a3:97:6d:5b:92:f3:ea:e8:18:
                    8b:c0:7c:1b:09:5a:eb:d2:54:9b:9e:2a:f1:45:95:
                    26:88:61:cd:4a:63:1a:de:10:ee:7d:24:07:ed:8f:
                    c9:3b:fc:31:25:54:fd:5b:0a:21:14:11:04:5c:5d:
                    07:46:c9:5e:12:db:78:08:ec:0f:0e:11:f4:c5:4c:
                    46:87:b9:ea:0d:37:59:b3:fc:ee:c8:84:62:b4:39:
                    6a:63:e3:f2:6f:f7:91:01:84:45:e0:fa:ed:d5:f5:
                    72:a4:93:31:5b:e6:39:c0:c7:1b:16:e8:7e:e6:f7:
                    cb:6f:73:f3:1b:28:fc:2d:f7:c7:fd:7d:43:41:99:
                    88:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:22:DF:AD:6D:96:FC:C3:9C:CA:93:AE:27:58:BB:E2:0D:38:27:09
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/AiLfrW2W_MOcypOuJ1i74g04Jwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:480::/44
                  2a12:bec4:1140::/44

    Signature Algorithm: sha256WithRSAEncryption
         02:e2:ab:56:e3:a5:a5:84:91:a0:4c:22:e7:92:21:91:44:02:
         47:4b:aa:d3:83:d4:c7:b0:c1:1e:56:92:70:56:46:46:cc:d2:
         d6:cc:7f:6b:d4:39:cf:98:4a:18:59:a2:56:b4:75:b7:dc:3b:
         0e:5f:a0:e8:77:33:c1:38:95:c6:b8:71:81:48:c0:7c:da:69:
         70:5d:4e:84:5e:43:1b:93:ad:7f:df:55:f9:0f:83:26:88:73:
         81:0b:2b:d9:e6:da:38:52:e0:62:27:dc:a1:48:70:64:86:40:
         a8:b5:da:fe:71:0e:42:e7:f4:ed:6e:2c:40:e6:78:24:53:39:
         73:e6:a0:86:3e:4b:90:d9:dc:e1:2c:fc:3b:c7:27:1e:d2:7e:
         25:9a:02:f1:fa:e3:0a:91:17:7e:8f:27:a8:96:33:73:35:c4:
         04:52:19:7a:05:40:86:87:ae:55:7f:e6:9c:d5:41:ce:5b:2c:
         cd:d2:79:9b:4d:0a:97:d3:35:b9:84:8a:ad:5b:2e:7e:16:e3:
         64:3b:09:5d:9e:8c:ad:8e:c1:8a:f4:b8:b2:e4:2f:76:de:ac:
         69:cb:4a:dd:04:e3:8b:6f:a2:99:17:ee:f1:b7:69:b4:a0:88:
         61:66:10:da:af:b6:fb:ef:2d:3a:ce:1d:64:48:bb:22:f6:bd:
         37:62:8c:ad
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQfjHqVfIiAn6/7T7JymL1lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjIyZGZhZDZkOTZmY2MzOWNjYTkzYWUyNzU4YmJlMjBkMzgyNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt/AdFJISr+NP0KBNqDEDutHhPmC
6OFOcP7f0zBHgWjzIHRhal5vdctx3mEZs1AY+e6e4VBiN8G5WDFSWkPr3pyKnonx
4hjeMvH37/yV/B5WFY9APBYFDVwBFumXmF7kTCA5Zn8XbSvF2/WiNjuENOM6qAzZ
TneidxvqHCOjl21bkvPq6BiLwHwbCVrr0lSbnirxRZUmiGHNSmMa3hDufSQH7Y/J
O/wxJVT9WwohFBEEXF0HRsleEtt4COwPDhH0xUxGh7nqDTdZs/zuyIRitDlqY+Py
b/eRAYRF4Prt1fVypJMxW+Y5wMcbFuh+5vfLb3PzGyj8LffH/X1DQZmIrwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAIi361tlvzDnMqTridYu+INOCcJMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvQWlMZnJXMldfTU9jeXBPdUoxaTc0ZzA0SndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+wASA
AwcEKhK+xBFAMA0GCSqGSIb3DQEBCwUAA4IBAQAC4qtW46WlhJGgTCLnkiGRRAJH
S6rTg9THsMEeVpJwVkZGzNLWzH9r1DnPmEoYWaJWtHW33DsOX6DodzPBOJXGuHGB
SMB82mlwXU6EXkMbk61/31X5D4MmiHOBCyvZ5to4UuBiJ9yhSHBkhkCotdr+cQ5C
5/TtbixA5ngkUzlz5qCGPkuQ2dzhLPw7xyce0n4lmgLx+uMKkRd+jyeoljNzNcQE
Uhl6BUCGh65Vf+ac1UHOWyzN0nmbTQqX0zW5hIqtWy5+FuNkOwldnoytjsGK9Liy
5C923qxpy0rdBOOLb6KZF+7xt2m0oIhhZhDar7b77y06zh1kSLsi9r03Yoyt
-----END CERTIFICATE-----