Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/HS3vuqUM4jgvcSPyeTLzicZFTJs.roa
File:                     HS3vuqUM4jgvcSPyeTLzicZFTJs.roa (raw, json)
Hash identifier:          rNXRFUeL/XftnDz+9HWSiVAYomRkdYiTZtXpWJqTsjs=
Subject key identifier:   1D:2D:EF:BA:A5:0C:E2:38:2F:71:23:F2:79:32:F3:89:C6:45:4C:9B
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01942041039E82A15161DDA9FAC54D7D4FA7
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/HS3vuqUM4jgvcSPyeTLzicZFTJs.roa
Signing time:             Wed 01 Jan 2025 05:05:19 +0000
ROA not before:           Wed 01 Jan 2025 05:05:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213801
IP address blocks:        2a12:bec4:15f0::/44 maxlen: 44
                          2a12:bec4:15f0::/45 maxlen: 45
                          2a12:bec4:15f8::/45 maxlen: 45
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 12:04:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:41:03:9e:82:a1:51:61:dd:a9:fa:c5:4d:7d:4f:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 05:05:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d2defbaa50ce2382f7123f27932f389c6454c9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6c:3e:de:3a:26:5b:64:62:a1:71:e2:ad:bd:
                    ec:6e:10:84:66:67:6f:63:d4:92:72:4e:df:b5:ea:
                    5a:6f:58:86:4e:6d:d2:cf:c8:ee:f0:f1:0e:fd:ef:
                    31:e3:39:ef:ea:6c:7c:f3:c6:66:55:05:26:ae:16:
                    5c:b4:a3:13:f7:24:f7:c4:f3:0c:de:27:d6:9a:a1:
                    d4:dc:d4:01:d7:9c:df:7f:f1:95:08:bf:75:9a:70:
                    18:74:4d:06:6b:6d:be:eb:eb:3f:27:6d:15:31:90:
                    15:e5:e0:be:0b:01:92:b8:72:a0:2f:f0:1b:67:9b:
                    78:0a:f7:3c:22:14:22:cf:5a:20:27:94:2d:d1:65:
                    3f:03:e7:3b:fb:d6:f5:98:58:9e:93:d0:db:30:65:
                    df:df:ef:b2:f3:ba:a4:5a:73:d1:e2:e9:fd:51:f1:
                    2f:42:f3:11:cc:54:7a:4b:9e:5f:9b:e9:3d:85:3e:
                    d9:a7:39:5a:b3:f2:00:9d:15:c2:34:a5:78:54:25:
                    26:66:0d:33:bd:ab:98:c9:79:df:ab:60:d5:55:16:
                    f1:64:51:5f:50:6d:b2:bd:3c:bc:79:2e:61:5d:0c:
                    98:e7:c7:c9:56:b5:82:34:3d:e2:50:bf:95:55:2e:
                    4d:0f:0d:19:db:49:c6:79:c5:3b:a9:a6:6b:68:d5:
                    6a:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:2D:EF:BA:A5:0C:E2:38:2F:71:23:F2:79:32:F3:89:C6:45:4C:9B
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/HS3vuqUM4jgvcSPyeTLzicZFTJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:15f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7b:57:e7:5f:c3:a2:30:9e:bd:e8:19:ef:48:49:6b:84:62:30:
         89:3f:d2:83:13:ad:19:8b:1a:70:22:6f:23:b8:98:5a:31:78:
         f1:78:33:ad:6f:94:3e:2a:22:27:63:d2:2e:86:d0:f3:6f:43:
         e8:31:40:1c:5f:ab:0f:bc:e4:1f:3d:db:9e:6a:21:ac:e2:b8:
         24:85:9b:59:34:c0:a7:95:ff:d2:8c:ae:ee:34:00:9a:9b:1c:
         8f:55:23:e8:09:bd:2e:67:bb:5e:c2:3b:92:1b:ab:38:3d:5c:
         28:77:78:ce:6f:d7:c0:e6:9e:a8:64:2a:8f:ac:0a:68:9d:49:
         0e:6b:52:f7:42:cb:36:35:70:a8:c8:f7:50:de:7a:17:1e:06:
         0c:eb:1d:08:69:60:64:c4:60:39:0b:cd:37:13:f4:6c:ff:45:
         cb:8b:34:68:90:82:c5:8f:b0:be:dd:2f:53:31:e1:e3:ae:d5:
         a7:87:a2:f3:d5:5a:b7:7c:1d:55:80:3b:50:4e:63:b9:3c:44:
         a8:5f:86:8f:38:e7:dd:71:e5:bc:1a:1d:a0:af:21:8e:f5:5c:
         5c:b0:e1:79:8b:70:4e:68:83:7d:2c:0b:e2:75:70:fa:4d:d6:
         39:c1:f6:1d:44:31:c5:5b:3f:ff:37:34:be:93:e4:5e:7b:51:
         db:de:1d:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgQQOegqFRYd2p+sVNfU+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDUwNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDJkZWZiYWE1MGNlMjM4MmY3MTIzZjI3OTMyZjM4OWM2NDU0YzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWw+3jomW2RioXHirb3sbhCEZmdv
Y9SSck7ftepab1iGTm3Sz8ju8PEO/e8x4znv6mx888ZmVQUmrhZctKMT9yT3xPMM
3ifWmqHU3NQB15zff/GVCL91mnAYdE0Ga22+6+s/J20VMZAV5eC+CwGSuHKgL/Ab
Z5t4Cvc8IhQiz1ogJ5Qt0WU/A+c7+9b1mFiek9DbMGXf3++y87qkWnPR4un9UfEv
QvMRzFR6S55fm+k9hT7Zpzlas/IAnRXCNKV4VCUmZg0zvauYyXnfq2DVVRbxZFFf
UG2yvTy8eS5hXQyY58fJVrWCND3iUL+VVS5NDw0Z20nGecU7qaZraNVqOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB0t77qlDOI4L3Ej8nky84nGRUybMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvSFMzdnVxVU00amd2Y1NQeWVUTHppY1pGVEpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBXw
MA0GCSqGSIb3DQEBCwUAA4IBAQB7V+dfw6Iwnr3oGe9ISWuEYjCJP9KDE60Zixpw
Im8juJhaMXjxeDOtb5Q+KiInY9IuhtDzb0PoMUAcX6sPvOQfPdueaiGs4rgkhZtZ
NMCnlf/SjK7uNACamxyPVSPoCb0uZ7tewjuSG6s4PVwod3jOb9fA5p6oZCqPrApo
nUkOa1L3Qss2NXCoyPdQ3noXHgYM6x0IaWBkxGA5C803E/Rs/0XLizRokILFj7C+
3S9TMeHjrtWnh6Lz1Vq3fB1VgDtQTmO5PESoX4aPOOfdceW8Gh2gryGO9VxcsOF5
i3BOaIN9LAvidXD6TdY5wfYdRDHFWz//NzS+k+Ree1Hb3h0E
-----END CERTIFICATE-----