Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/BXFeUkRsfPZQukiKMOZYJSGHBRc.roa
File:                     BXFeUkRsfPZQukiKMOZYJSGHBRc.roa (raw, json)
Hash identifier:          jZN2PER10lwlN1qF1o4M+7To+XQTWNQT6kp8ByJcKpE=
Subject key identifier:   05:71:5E:52:44:6C:7C:F6:50:BA:48:8A:30:E6:58:25:21:87:05:17
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019423118A2040943AE88538D7E6BA6918A4
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/BXFeUkRsfPZQukiKMOZYJSGHBRc.roa
Signing time:             Wed 01 Jan 2025 18:12:19 +0000
ROA not before:           Wed 01 Jan 2025 18:12:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214417
IP address blocks:        2a12:bec4:1280::/44 maxlen: 44
                          2a12:bec4:1480::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:11:8a:20:40:94:3a:e8:85:38:d7:e6:ba:69:18:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:12:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05715e52446c7cf650ba488a30e6582521870517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c3:35:3f:9b:3f:7a:c1:85:32:b5:6c:5c:75:
                    77:d5:a5:08:b0:b5:73:94:c7:61:67:e4:64:8e:f2:
                    f4:30:30:43:df:45:28:4d:25:e7:a8:d3:a3:de:b1:
                    85:ec:79:4f:29:30:30:c4:71:85:0b:92:13:ec:17:
                    7f:11:3d:dd:02:24:7f:27:21:23:a5:cc:8e:fd:d1:
                    78:34:71:a7:f4:05:bd:71:5c:e8:7d:41:87:d7:4f:
                    42:83:0b:8b:66:4d:8c:6e:74:09:ce:68:a6:92:2a:
                    d4:aa:42:13:ed:cc:17:cc:08:df:c0:d8:a6:d3:df:
                    85:1c:86:ee:1e:d4:f1:a7:58:8f:e1:8e:07:c4:57:
                    c2:f3:26:dd:12:35:39:76:ed:ba:df:01:8e:43:c3:
                    91:8a:e9:25:76:61:cb:9e:28:f5:3c:ff:3b:cb:63:
                    2c:ed:5a:ff:5d:2e:ec:b3:58:71:3b:e0:81:1f:bb:
                    72:35:0f:1f:91:61:e0:98:12:a9:09:ab:0b:c2:e8:
                    c7:e5:81:8d:97:6f:6e:71:72:92:b2:e2:4d:12:ac:
                    75:ec:22:5b:37:90:dc:81:74:55:6b:8d:d6:3c:80:
                    a2:11:14:3e:01:ba:a0:56:42:c8:a8:be:a4:db:8c:
                    1a:30:bc:c7:40:44:2f:12:62:7c:03:45:2d:17:e9:
                    b3:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:71:5E:52:44:6C:7C:F6:50:BA:48:8A:30:E6:58:25:21:87:05:17
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/BXFeUkRsfPZQukiKMOZYJSGHBRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1280::/44
                  2a12:bec4:1480::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:35:10:16:a4:ef:11:a9:fb:15:a6:a8:57:dd:a7:52:80:cc:
         c9:3f:f3:62:bb:17:df:f9:0d:b8:6c:99:ba:b9:dd:48:47:da:
         f0:7d:5a:cb:5e:96:51:0a:a6:c0:ee:ef:ac:07:44:bd:83:b7:
         af:0b:19:b6:58:74:4c:81:30:9d:37:72:c2:e5:86:7d:96:c1:
         26:9e:b4:f4:1c:86:00:bd:d8:3e:38:0e:e0:2e:d4:38:5b:1d:
         74:29:f1:80:7e:90:f6:1d:13:cf:98:37:ab:68:a1:22:65:50:
         50:60:4f:d6:72:99:e3:c9:8d:1a:d1:2a:e7:ca:63:04:c8:c0:
         e0:e0:23:6a:15:4e:75:d8:c9:3d:5c:e3:97:39:26:07:74:85:
         f0:3d:95:fa:bd:44:db:4a:85:8b:70:e0:1d:9b:79:23:7b:05:
         7e:da:f5:08:83:78:c6:fe:4c:45:d2:69:6f:ef:bd:ec:55:2a:
         a5:eb:36:b6:9d:e6:fe:18:0d:7c:a5:dd:c5:e2:da:4a:3c:21:
         5e:fd:a4:0c:f0:1c:7f:2c:3c:96:54:28:d8:2f:a6:2b:c3:5f:
         c0:12:6b:1d:8a:de:9b:c2:2f:18:f2:5e:89:05:88:e6:ed:1c:
         d8:31:9a:aa:e8:65:5a:2a:0f:aa:0f:a0:8e:75:66:20:af:cc:
         5e:a8:ce:d1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjEYogQJQ66IU41+a6aRikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMTgxMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTcxNWU1MjQ0NmM3Y2Y2NTBiYTQ4OGEzMGU2NTgyNTIxODcwNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcM1P5s/esGFMrVsXHV31aUIsLVz
lMdhZ+RkjvL0MDBD30UoTSXnqNOj3rGF7HlPKTAwxHGFC5IT7Bd/ET3dAiR/JyEj
pcyO/dF4NHGn9AW9cVzofUGH109CgwuLZk2MbnQJzmimkirUqkIT7cwXzAjfwNim
09+FHIbuHtTxp1iP4Y4HxFfC8ybdEjU5du263wGOQ8ORiukldmHLnij1PP87y2Ms
7Vr/XS7ss1hxO+CBH7tyNQ8fkWHgmBKpCasLwujH5YGNl29ucXKSsuJNEqx17CJb
N5DcgXRVa43WPICiERQ+AbqgVkLIqL6k24waMLzHQEQvEmJ8A0UtF+mzHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAVxXlJEbHz2ULpIijDmWCUhhwUXMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvQlhGZVVrUnNmUFpRdWtpS01PWllKU0dIQlJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xBKA
AwcAKhK+xBSAMA0GCSqGSIb3DQEBCwUAA4IBAQBKNRAWpO8RqfsVpqhX3adSgMzJ
P/Niuxff+Q24bJm6ud1IR9rwfVrLXpZRCqbA7u+sB0S9g7evCxm2WHRMgTCdN3LC
5YZ9lsEmnrT0HIYAvdg+OA7gLtQ4Wx10KfGAfpD2HRPPmDeraKEiZVBQYE/Wcpnj
yY0a0SrnymMEyMDg4CNqFU512Mk9XOOXOSYHdIXwPZX6vUTbSoWLcOAdm3kjewV+
2vUIg3jG/kxF0mlv773sVSql6za2neb+GA18pd3F4tpKPCFe/aQM8Bx/LDyWVCjY
L6Yrw1/AEmsdit6bwi8Y8l6JBYjm7RzYMZqq6GVaKg+qD6COdWYgr8xeqM7R
-----END CERTIFICATE-----