Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FHRQmXWtwAewzXujz-XVqyvf2_Y.roa
File:                     FHRQmXWtwAewzXujz-XVqyvf2_Y.roa (raw, json)
Hash identifier:          nnYjgKH5OtTyrT6wod0jcKVX4qGf6yXGaHcMD/FHwIM=
Subject key identifier:   14:74:50:99:75:AD:C0:07:B0:CD:7B:A3:CF:E5:D5:AB:2B:DF:DB:F6
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C4DDA9FD5F17CC5CD6757372300FE
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FHRQmXWtwAewzXujz-XVqyvf2_Y.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197970
IP address blocks:        2a12:bec0:370::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4d:da:9f:d5:f1:7c:c5:cd:67:57:37:23:00:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1474509975adc007b0cd7ba3cfe5d5ab2bdfdbf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:43:52:98:f9:fa:b0:3d:8e:43:bd:1a:4b:8d:
                    f5:4d:68:79:9a:22:8e:27:b7:50:f4:ae:ff:48:d5:
                    e4:9b:d6:c8:99:ff:2d:5b:65:c1:c0:b1:03:57:42:
                    c6:17:0a:e4:f9:5d:1c:0d:ff:59:17:75:6f:44:28:
                    2a:52:85:ca:df:cb:04:3b:7f:be:9a:99:d3:cf:00:
                    31:b5:8b:da:06:6c:69:f9:8f:e1:3c:38:7f:c2:a2:
                    e0:0e:87:a4:99:70:8d:8d:5d:6b:0e:a8:bf:57:18:
                    f3:9a:f5:c2:59:16:24:e1:ca:ba:15:de:4c:ce:e7:
                    43:83:bc:4b:91:05:15:0b:b6:50:66:73:09:ab:7b:
                    1d:68:5d:63:b3:f5:25:db:75:ab:e7:17:00:be:a8:
                    1b:3d:3a:09:50:3c:71:45:ce:b7:8b:4a:e6:a9:5d:
                    f1:d0:4b:dc:87:46:af:fa:0e:d2:19:73:3c:f9:54:
                    61:83:fb:4c:01:ca:f6:9a:af:4e:c1:af:73:1b:30:
                    f4:38:cf:28:82:d0:5f:6e:71:51:80:33:c6:1a:16:
                    0f:0a:46:27:2b:72:37:7e:d2:b7:f4:40:5e:77:ec:
                    a0:36:bc:ce:c6:fd:c5:7d:17:bf:af:bd:fc:ac:89:
                    fa:4d:1d:be:74:ad:e6:a9:c1:3a:a0:c9:75:61:d1:
                    ab:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:74:50:99:75:AD:C0:07:B0:CD:7B:A3:CF:E5:D5:AB:2B:DF:DB:F6
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FHRQmXWtwAewzXujz-XVqyvf2_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:370::/44

    Signature Algorithm: sha256WithRSAEncryption
         50:91:fc:02:5d:c5:b8:c9:8c:83:c2:18:0c:66:b2:a9:e7:f0:
         2a:0f:39:87:d7:74:a1:e6:30:77:40:62:5c:3d:51:f8:66:32:
         bc:6a:96:0b:33:d8:b1:89:c1:91:3f:d1:3f:ab:3c:83:c6:47:
         fb:2f:88:51:ba:13:cd:e2:9f:71:d2:58:50:e4:5e:d0:c4:60:
         a6:1f:da:d2:69:b6:0e:ef:76:07:86:7e:5d:cf:c8:8b:fa:70:
         5e:58:e5:1e:01:7c:2c:20:40:6c:85:a7:4c:58:d3:f6:21:18:
         30:bd:6a:fe:58:46:ed:87:c8:85:e1:0e:e1:a7:e7:5f:79:ff:
         72:7f:4f:ca:69:35:1c:4a:8a:1f:dc:dc:c4:ba:34:05:f3:87:
         3e:aa:18:36:29:78:05:37:31:ad:fe:dd:1a:c0:97:12:99:24:
         f8:93:39:1f:05:6d:eb:09:83:c8:60:eb:50:04:22:c5:9a:07:
         56:f2:7a:b2:96:37:d2:db:58:ce:94:68:6a:46:8e:9e:78:5f:
         ba:8c:93:62:d9:2d:f0:fe:46:7b:4f:e6:ba:72:42:b2:8e:a4:
         98:60:1f:96:a4:ec:46:8d:a5:21:aa:de:42:0c:bf:c3:51:22:
         ff:e7:ca:25:6c:9a:b2:2c:b6:cd:08:3c:0a:f4:ec:43:2b:97:
         49:86:94:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjE3an9XxfMXNZ1c3IwD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDc0NTA5OTc1YWRjMDA3YjBjZDdiYTNjZmU1ZDVhYjJiZGZkYmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokNSmPn6sD2OQ70aS431TWh5miKO
J7dQ9K7/SNXkm9bImf8tW2XBwLEDV0LGFwrk+V0cDf9ZF3VvRCgqUoXK38sEO3++
mpnTzwAxtYvaBmxp+Y/hPDh/wqLgDoekmXCNjV1rDqi/VxjzmvXCWRYk4cq6Fd5M
zudDg7xLkQUVC7ZQZnMJq3sdaF1js/Ul23Wr5xcAvqgbPToJUDxxRc63i0rmqV3x
0Evch0av+g7SGXM8+VRhg/tMAcr2mq9Owa9zGzD0OM8ogtBfbnFRgDPGGhYPCkYn
K3I3ftK39EBed+ygNrzOxv3FfRe/r738rIn6TR2+dK3mqcE6oMl1YdGrQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBR0UJl1rcAHsM17o8/l1asr39v2MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRkhSUW1YV3R3QWV3elh1anotWFZxeXZmMl9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wANw
MA0GCSqGSIb3DQEBCwUAA4IBAQBQkfwCXcW4yYyDwhgMZrKp5/AqDzmH13Sh5jB3
QGJcPVH4ZjK8apYLM9ixicGRP9E/qzyDxkf7L4hRuhPN4p9x0lhQ5F7QxGCmH9rS
abYO73YHhn5dz8iL+nBeWOUeAXwsIEBshadMWNP2IRgwvWr+WEbth8iF4Q7hp+df
ef9yf0/KaTUcSoof3NzEujQF84c+qhg2KXgFNzGt/t0awJcSmST4kzkfBW3rCYPI
YOtQBCLFmgdW8nqyljfS21jOlGhqRo6eeF+6jJNi2S3w/kZ7T+a6ckKyjqSYYB+W
pOxGjaUhqt5CDL/DUSL/58olbJqyLLbNCDwK9OxDK5dJhpS5
-----END CERTIFICATE-----