Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DPoJGvR4WsJuymdEOB_Pl8WkwHA.roa
File:                     DPoJGvR4WsJuymdEOB_Pl8WkwHA.roa (raw, json)
Hash identifier:          OTFhdh/CC/DTLH2MgxUMLP91ph18x5xEZRf5caF1LA4=
Subject key identifier:   0C:FA:09:1A:F4:78:5A:C2:6E:CA:67:44:38:1F:CF:97:C5:A4:C0:70
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C50BEE5EF57DB2E6A17B6AFD9A501
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DPoJGvR4WsJuymdEOB_Pl8WkwHA.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198889
IP address blocks:        2a12:bec0:2c0::/44 maxlen: 48
                          2a12:bec0:2ce::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:50:be:e5:ef:57:db:2e:6a:17:b6:af:d9:a5:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cfa091af4785ac26eca6744381fcf97c5a4c070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:1a:ed:8c:ff:aa:b8:08:8a:d2:1a:de:d2:68:
                    52:9a:f9:4b:d8:9c:47:35:0c:be:7b:b0:14:7f:6a:
                    9f:c2:f3:58:04:db:ae:f4:c7:52:66:3b:80:f8:25:
                    f8:c0:ba:2d:18:ca:77:bf:33:22:3e:cc:f4:78:95:
                    1d:b9:16:64:88:c3:e1:e9:54:d5:51:a0:16:8b:a9:
                    31:67:4e:4c:db:97:5a:2f:c6:75:70:09:10:43:57:
                    bf:f1:85:e8:2e:4f:f0:88:10:d5:dd:4c:e0:1a:50:
                    1c:d8:f4:2a:87:86:24:fd:50:9b:1f:fd:13:d7:a6:
                    dd:cc:a4:9e:c0:28:53:d4:f0:3f:1c:92:86:00:01:
                    2a:93:c5:68:51:05:ea:7e:50:75:48:f0:01:72:cc:
                    8c:c9:39:f8:54:fe:5a:6a:49:ef:61:7a:12:03:56:
                    65:89:90:e1:ff:c7:90:f5:71:44:7d:f9:57:fc:96:
                    3c:a5:ec:15:13:0e:1e:c3:77:04:1c:34:e8:d9:04:
                    6c:25:39:15:d5:5d:97:eb:98:5d:3a:86:58:f2:e1:
                    ca:dd:f5:ad:d7:df:0b:f2:d3:70:73:14:7b:8e:45:
                    ab:30:07:07:b5:a8:4f:ad:a5:b8:22:8b:77:c2:98:
                    92:15:f5:28:e3:b4:7b:02:e3:88:8a:f3:ec:de:f1:
                    40:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:FA:09:1A:F4:78:5A:C2:6E:CA:67:44:38:1F:CF:97:C5:A4:C0:70
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DPoJGvR4WsJuymdEOB_Pl8WkwHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:2c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:0e:ab:0c:fd:68:2f:00:a2:a2:0c:ed:e8:b9:00:73:13:08:
         86:7a:6b:94:f9:be:a5:e9:1d:c6:60:e4:79:4d:3c:42:0d:b3:
         90:a9:e9:b3:6f:f2:58:a4:b0:95:c3:97:80:16:a9:b9:1e:9e:
         15:19:98:bf:28:c6:5c:da:03:7d:47:5c:22:17:34:0d:d9:cf:
         67:6c:e9:4c:ae:56:43:4e:26:4e:99:3a:8f:03:1f:9d:d6:4e:
         57:22:ca:81:c2:ca:2e:a7:d5:65:fd:76:d2:3e:d0:30:93:a1:
         3f:16:3b:6e:2c:02:25:7f:f5:4b:a6:70:eb:78:d4:94:1d:d5:
         fd:ab:58:de:a1:aa:d7:ef:33:69:d6:60:68:1e:a2:3f:36:bc:
         c4:b5:41:fe:0f:c2:f3:f8:e4:62:80:43:7d:3c:5e:a4:9f:c3:
         37:82:2e:5c:5d:4d:c4:bf:d0:93:0e:0e:c0:dc:a0:ed:34:0c:
         0b:9b:ba:6c:b2:4b:2e:e9:6e:b7:fe:8d:4b:7b:7b:be:2b:0b:
         ff:9a:1f:5e:a1:40:7b:fb:28:77:78:8c:e3:7f:a8:bd:10:b5:
         71:9e:fc:29:60:3a:61:d3:4c:0d:c8:0e:ee:65:40:4e:10:7a:
         2c:6f:75:e2:42:7c:d6:92:ae:28:76:b9:04:e2:1b:e8:ae:ec:
         e3:a6:d1:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjFC+5e9X2y5qF7av2aUBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2ZhMDkxYWY0Nzg1YWMyNmVjYTY3NDQzODFmY2Y5N2M1YTRjMDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4BrtjP+quAiK0hre0mhSmvlL2JxH
NQy+e7AUf2qfwvNYBNuu9MdSZjuA+CX4wLotGMp3vzMiPsz0eJUduRZkiMPh6VTV
UaAWi6kxZ05M25daL8Z1cAkQQ1e/8YXoLk/wiBDV3UzgGlAc2PQqh4Yk/VCbH/0T
16bdzKSewChT1PA/HJKGAAEqk8VoUQXqflB1SPABcsyMyTn4VP5aaknvYXoSA1Zl
iZDh/8eQ9XFEfflX/JY8pewVEw4ew3cEHDTo2QRsJTkV1V2X65hdOoZY8uHK3fWt
198L8tNwcxR7jkWrMAcHtahPraW4Iot3wpiSFfUo47R7AuOIivPs3vFARQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAz6CRr0eFrCbspnRDgfz5fFpMBwMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRFBvSkd2UjRXc0p1eW1kRU9CX1BsOFdrd0hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wALA
MA0GCSqGSIb3DQEBCwUAA4IBAQBlDqsM/WgvAKKiDO3ouQBzEwiGemuU+b6l6R3G
YOR5TTxCDbOQqemzb/JYpLCVw5eAFqm5Hp4VGZi/KMZc2gN9R1wiFzQN2c9nbOlM
rlZDTiZOmTqPAx+d1k5XIsqBwsoup9Vl/XbSPtAwk6E/FjtuLAIlf/VLpnDreNSU
HdX9q1jeoarX7zNp1mBoHqI/NrzEtUH+D8Lz+ORigEN9PF6kn8M3gi5cXU3Ev9CT
Dg7A3KDtNAwLm7pssksu6W63/o1Le3u+Kwv/mh9eoUB7+yh3eIzjf6i9ELVxnvwp
YDph00wNyA7uZUBOEHosb3XiQnzWkq4odrkE4hvoruzjptFy
-----END CERTIFICATE-----