Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FlEWBH5nF2x753spyDkAqyUFv7U.roa
File:                     FlEWBH5nF2x753spyDkAqyUFv7U.roa (raw, json)
Hash identifier:          KzlDJxGheWgSseD4YmuJQ94CmchF5NjQHf7VLG1994s=
Subject key identifier:   16:51:16:04:7E:67:17:6C:7B:E7:7B:29:C8:39:00:AB:25:05:BF:B5
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0194940D99E92E9A6C2BE8B0BB36A7423423
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FlEWBH5nF2x753spyDkAqyUFv7U.roa
Signing time:             Thu 23 Jan 2025 16:45:06 +0000
ROA not before:           Thu 23 Jan 2025 16:45:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213535
IP address blocks:        2a12:bec4:16f0::/44 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:94:0d:99:e9:2e:9a:6c:2b:e8:b0:bb:36:a7:42:34:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan 23 16:45:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=165116047e67176c7be77b29c83900ab2505bfb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:dc:43:3b:ce:37:92:46:dd:63:23:7a:d8:b8:
                    c0:f5:05:5e:cd:1c:f7:61:d1:8d:94:d9:36:ba:45:
                    06:e1:7d:25:36:b2:4e:96:2d:29:e4:a0:89:2c:3c:
                    aa:27:e2:c1:97:a9:0f:cb:cb:8c:5f:e9:d4:9a:60:
                    80:c9:e7:ba:44:7f:ba:12:4b:d9:21:a0:9a:1f:26:
                    13:83:cc:d0:51:c3:21:ce:c1:07:9d:9a:6a:d7:72:
                    74:67:c4:95:4a:a4:76:02:c6:93:d2:9a:ad:cf:4c:
                    1c:ca:06:45:fa:f5:bc:94:5d:be:15:59:19:f5:49:
                    79:da:58:39:5b:5d:d8:08:1d:c9:6e:cf:5d:b1:50:
                    f5:f0:62:0f:23:7c:9b:06:bc:63:62:10:ba:8d:db:
                    28:fb:c0:96:21:61:53:49:8a:6f:1f:24:88:7e:f7:
                    34:62:6f:b4:b7:a4:24:26:7d:51:13:4a:41:b4:9e:
                    47:90:59:9d:46:e8:ea:37:bb:87:ba:7b:a9:38:82:
                    60:43:38:f5:db:65:91:24:8a:77:1e:43:b7:04:c5:
                    3f:b6:fb:bc:cd:74:ca:21:4c:ce:98:3a:f0:7e:58:
                    b7:8c:eb:d9:28:a9:30:fc:39:2d:3f:aa:bd:eb:9d:
                    04:2a:a0:83:e3:df:00:b7:23:f6:e5:d9:38:dc:ce:
                    f0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:51:16:04:7E:67:17:6C:7B:E7:7B:29:C8:39:00:AB:25:05:BF:B5
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/FlEWBH5nF2x753spyDkAqyUFv7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:16f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         91:cb:d0:c3:19:1e:71:5f:35:84:9c:e1:59:40:69:bf:0d:09:
         08:a3:67:89:22:bd:c6:ab:03:94:72:6e:3f:7e:a7:3b:18:f6:
         58:57:a5:ca:34:6e:1d:8e:e2:58:7a:81:e0:ba:dc:58:53:72:
         1d:a0:2b:43:f4:6f:63:88:a2:ec:78:a2:3b:d2:35:80:f4:eb:
         b4:ff:89:89:e6:d3:e5:46:87:95:a4:12:1b:f4:bc:aa:81:95:
         de:b7:26:f1:42:80:99:7d:62:34:59:82:ed:4a:94:70:62:6e:
         99:f3:8c:da:36:ef:c7:5a:96:97:14:c7:05:90:42:12:7f:5d:
         5e:c2:0e:34:86:ff:a4:6d:fc:5b:45:f7:a8:d5:62:53:37:7f:
         19:63:e9:40:91:b9:4c:39:c8:4c:82:52:d1:55:3d:86:b1:e6:
         69:70:d9:8d:93:74:60:62:c6:4f:8f:7b:43:93:ac:0e:30:a5:
         06:2a:65:0b:a7:78:93:92:0d:92:b6:e6:6d:1e:70:ab:58:b6:
         7d:1b:40:e8:af:73:40:32:41:1a:1c:0d:b3:8f:c9:69:17:04:
         06:9a:1a:17:c8:5c:81:39:7c:8c:00:a6:ff:35:67:71:c8:6a:
         3f:76:43:4c:10:74:ef:b8:d1:cb:9b:f6:f6:7a:67:ec:45:47:
         3b:9f:d1:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZSUDZnpLppsK+iwuzanQjQjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTIzMTY0NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjUxMTYwNDdlNjcxNzZjN2JlNzdiMjljODM5MDBhYjI1MDViZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9xDO843kkbdYyN62LjA9QVezRz3
YdGNlNk2ukUG4X0lNrJOli0p5KCJLDyqJ+LBl6kPy8uMX+nUmmCAyee6RH+6EkvZ
IaCaHyYTg8zQUcMhzsEHnZpq13J0Z8SVSqR2AsaT0pqtz0wcygZF+vW8lF2+FVkZ
9Ul52lg5W13YCB3Jbs9dsVD18GIPI3ybBrxjYhC6jdso+8CWIWFTSYpvHySIfvc0
Ym+0t6QkJn1RE0pBtJ5HkFmdRujqN7uHunupOIJgQzj122WRJIp3HkO3BMU/tvu8
zXTKIUzOmDrwfli3jOvZKKkw/DktP6q9650EKqCD498AtyP25dk43M7wHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBZRFgR+Zxdse+d7Kcg5AKslBb+1MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRmxFV0JINW5GMng3NTNzcHlEa0FxeVVGdjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBbw
MA0GCSqGSIb3DQEBCwUAA4IBAQCRy9DDGR5xXzWEnOFZQGm/DQkIo2eJIr3GqwOU
cm4/fqc7GPZYV6XKNG4djuJYeoHgutxYU3IdoCtD9G9jiKLseKI70jWA9Ou0/4mJ
5tPlRoeVpBIb9LyqgZXetybxQoCZfWI0WYLtSpRwYm6Z84zaNu/HWpaXFMcFkEIS
f11ewg40hv+kbfxbRfeo1WJTN38ZY+lAkblMOchMglLRVT2GseZpcNmNk3RgYsZP
j3tDk6wOMKUGKmULp3iTkg2StuZtHnCrWLZ9G0Dor3NAMkEaHA2zj8lpFwQGmhoX
yFyBOXyMAKb/NWdxyGo/dkNMEHTvuNHLm/b2emfsRUc7n9Fz
-----END CERTIFICATE-----