Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DZ99HNYRc3zgM9t4MNVUcUzCpIU.roa
File:                     DZ99HNYRc3zgM9t4MNVUcUzCpIU.roa (raw, json)
Hash identifier:          kxSX7v1+M1tTdu93wM7oiueYkSlTff+r/ksPmPc3BlY=
Subject key identifier:   0D:9F:7D:1C:D6:11:73:7C:E0:33:DB:78:30:D5:54:71:4C:C2:A4:85
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C5CDE2DA4FE9F9CA4199329F88523
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DZ99HNYRc3zgM9t4MNVUcUzCpIU.roa
Signing time:             Wed 01 Jan 2025 01:47:59 +0000
ROA not before:           Wed 01 Jan 2025 01:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200636
IP address blocks:        2a12:bec0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5c:de:2d:a4:fe:9f:9c:a4:19:93:29:f8:85:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d9f7d1cd611737ce033db7830d554714cc2a485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:78:6e:29:99:89:cb:d9:3c:43:ef:32:e2:01:
                    1f:2c:28:0e:03:ef:e6:2c:5c:87:1f:14:9c:07:6f:
                    ff:bc:dd:be:c6:bb:71:e9:65:29:44:63:13:3d:57:
                    c9:b3:70:96:10:c5:94:87:da:dc:94:3f:8a:6d:32:
                    59:0e:fc:77:03:82:41:c7:61:ee:e6:5e:03:f6:5a:
                    65:4c:54:08:b4:e1:83:95:d8:c2:d8:a1:ab:3b:e8:
                    67:63:46:90:d9:70:c8:cb:6f:24:c7:4d:d1:e5:fb:
                    da:78:0e:57:ff:79:97:54:85:22:29:31:f3:00:68:
                    95:b2:68:8e:d4:25:62:8c:2e:ea:e3:55:f7:8d:c4:
                    28:98:18:c7:26:4e:af:78:7c:c8:e5:2c:7b:0b:55:
                    44:86:8e:8e:2a:90:a7:6c:27:6d:8b:cd:f4:b7:39:
                    23:60:56:e6:e2:d5:11:49:98:e2:57:4c:14:76:2b:
                    17:ef:45:ed:7b:9b:bb:01:28:28:e8:92:5d:db:78:
                    38:d6:29:27:25:50:76:1a:ed:85:a7:b4:f7:67:6c:
                    80:58:6a:ef:e0:4b:8d:c5:d6:e7:b2:f2:91:84:a7:
                    4b:a6:fa:2e:79:67:6f:e2:2e:7a:79:68:19:b8:7a:
                    cd:78:81:a3:f6:ad:f7:39:cd:c1:50:e0:56:f6:25:
                    6d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:9F:7D:1C:D6:11:73:7C:E0:33:DB:78:30:D5:54:71:4C:C2:A4:85
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/DZ99HNYRc3zgM9t4MNVUcUzCpIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:ec:35:1a:c6:ea:e6:e5:5a:69:c7:8b:1f:54:c1:bc:30:af:
         d7:7e:17:2f:c8:1a:7b:97:a0:6e:c2:90:73:db:cb:94:85:ea:
         14:ad:af:6d:f2:07:9e:eb:4a:26:d9:ad:ce:7c:b6:25:d4:94:
         33:17:60:e2:47:12:9a:c8:d5:76:90:03:fc:45:9d:1f:f1:98:
         2f:c0:0c:51:74:ee:ae:76:d8:98:97:f0:db:d4:d4:5a:ed:63:
         da:39:1c:7b:fd:39:ce:37:25:e6:f3:d5:bc:33:19:dd:5d:f5:
         d5:a3:75:60:aa:57:3d:d3:ee:30:ef:23:0b:22:b6:32:6e:52:
         c8:7d:90:af:ec:ff:61:3f:68:9a:c3:76:1f:9d:0a:6e:90:48:
         0d:35:bd:1c:33:c3:64:e8:60:f4:e9:2c:77:52:af:32:a5:6d:
         1d:5f:a6:48:74:2f:7a:25:4d:e5:5c:22:3d:bd:65:b6:24:a3:
         df:e1:53:f1:70:e7:78:89:da:f1:e8:88:c7:62:1e:80:49:04:
         06:e7:fa:48:a9:87:a6:ee:73:ac:53:b4:dc:c8:a8:19:d0:92:
         2d:ab:0a:d9:23:99:fc:ec:c4:25:5e:ef:2c:3d:fd:88:c2:a1:
         18:01:66:f6:00:a1:c9:f2:5d:b7:a8:0d:de:ca:85:df:6e:37:
         39:26:a9:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjFzeLaT+n5ykGZMp+IUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDlmN2QxY2Q2MTE3MzdjZTAzM2RiNzgzMGQ1NTQ3MTRjYzJhNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3huKZmJy9k8Q+8y4gEfLCgOA+/m
LFyHHxScB2//vN2+xrtx6WUpRGMTPVfJs3CWEMWUh9rclD+KbTJZDvx3A4JBx2Hu
5l4D9lplTFQItOGDldjC2KGrO+hnY0aQ2XDIy28kx03R5fvaeA5X/3mXVIUiKTHz
AGiVsmiO1CVijC7q41X3jcQomBjHJk6veHzI5Sx7C1VEho6OKpCnbCdti830tzkj
YFbm4tURSZjiV0wUdisX70Xte5u7ASgo6JJd23g41iknJVB2Gu2Fp7T3Z2yAWGrv
4EuNxdbnsvKRhKdLpvoueWdv4i56eWgZuHrNeIGj9q33Oc3BUOBW9iVtkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA2ffRzWEXN84DPbeDDVVHFMwqSFMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRFo5OUhOWVJjM3pnTTl0NE1OVlVjVXpDcElVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+wAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQC27DUaxurm5Vppx4sfVMG8MK/XfhcvyBp7l6Bu
wpBz28uUheoUra9t8gee60om2a3OfLYl1JQzF2DiRxKayNV2kAP8RZ0f8ZgvwAxR
dO6udtiYl/Db1NRa7WPaORx7/TnONyXm89W8MxndXfXVo3Vgqlc90+4w7yMLIrYy
blLIfZCv7P9hP2iaw3YfnQpukEgNNb0cM8Nk6GD06Sx3Uq8ypW0dX6ZIdC96JU3l
XCI9vWW2JKPf4VPxcOd4idrx6IjHYh6ASQQG5/pIqYem7nOsU7TcyKgZ0JItqwrZ
I5n87MQlXu8sPf2IwqEYAWb2AKHJ8l23qA3eyoXfbjc5Jqnm
-----END CERTIFICATE-----