Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/HV5gh0fTSlN1IeA7yg3mS65CxnQ.roa
File:                     HV5gh0fTSlN1IeA7yg3mS65CxnQ.roa (raw, json)
Hash identifier:          OIq+v/wnLcBY9lfxACZ4hg5xsqoyPsK2GGoFAClHsXo=
Subject key identifier:   1D:5E:60:87:47:D3:4A:53:75:21:E0:3B:CA:0D:E6:4B:AE:42:C6:74
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C5790CF812AB0FF73CE067A89DC49
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/HV5gh0fTSlN1IeA7yg3mS65CxnQ.roa
Signing time:             Wed 01 Jan 2025 01:47:58 +0000
ROA not before:           Wed 01 Jan 2025 01:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199695
IP address blocks:        2a12:bec4:1620::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:57:90:cf:81:2a:b0:ff:73:ce:06:7a:89:dc:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d5e608747d34a537521e03bca0de64bae42c674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:30:06:8e:3b:2a:e7:9e:3a:88:00:93:14:a5:
                    ef:b1:77:34:a2:0a:80:2a:25:78:30:55:16:0a:9b:
                    8c:fb:32:fe:7a:8d:68:e0:16:42:08:dc:f5:94:3a:
                    c4:76:b3:a2:49:9e:e1:cf:ec:d4:88:9f:61:a6:65:
                    10:e4:e4:be:be:2b:a1:f6:d0:32:84:00:3d:d7:30:
                    9f:35:2c:54:2c:67:88:4a:4b:7e:ab:a6:dc:5f:e8:
                    a3:e0:43:13:39:a1:83:03:69:22:41:1f:a7:03:96:
                    07:6a:a1:93:67:b8:74:15:b1:25:3b:93:34:34:fd:
                    85:a9:0d:76:73:7f:7d:9e:2d:d4:c7:28:38:c7:d2:
                    76:a4:ad:d9:ff:d0:19:2c:3b:de:d4:fd:78:d3:1f:
                    2a:b6:b7:f6:11:d5:2c:ef:4d:09:32:99:77:4c:a3:
                    cb:f9:d7:01:a8:16:ee:e4:76:fa:82:f8:ff:3d:c8:
                    1e:cf:93:bb:26:50:92:82:0f:f1:fe:75:ae:29:20:
                    65:6d:af:d2:54:9e:65:6a:0c:34:09:9a:16:d7:64:
                    8b:8b:d8:7b:ac:c5:e9:45:ff:4d:e1:0a:8b:05:a9:
                    d0:88:f1:4b:51:fe:95:15:33:c8:18:c7:90:fe:59:
                    9f:00:93:47:d1:94:3d:c5:c4:c6:d2:a3:07:3a:03:
                    5d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:5E:60:87:47:D3:4A:53:75:21:E0:3B:CA:0D:E6:4B:AE:42:C6:74
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/HV5gh0fTSlN1IeA7yg3mS65CxnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1620::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:a9:c9:f1:0f:af:9d:b0:43:91:ef:40:c7:55:c1:f7:3a:05:
         c2:8c:fc:93:73:09:90:e6:f4:b9:05:12:e9:21:bd:da:48:04:
         ae:90:fe:b8:80:8c:a0:4a:2f:d7:9d:15:17:25:d5:57:0f:f9:
         31:94:aa:cf:7a:83:d3:40:69:fa:34:c9:1f:8e:35:2e:66:42:
         6b:09:68:4f:76:24:80:29:16:53:ab:11:fe:68:49:72:72:17:
         cb:47:b1:fc:12:67:a8:86:cd:64:10:ed:86:df:c6:f0:7c:7a:
         8c:c0:b5:dd:ee:3c:e4:d9:7c:02:01:fd:03:b8:23:a0:56:1d:
         a4:b6:a9:45:5d:24:f5:5b:b5:34:47:75:ba:a8:e4:f4:d2:73:
         fb:68:fb:16:0e:47:c3:e4:1d:46:8f:40:55:79:c2:db:ed:24:
         41:a9:51:67:6f:05:b3:fc:9a:67:cb:52:2e:44:75:39:59:f3:
         e6:ac:53:81:d1:9d:01:d6:93:b6:c6:0c:db:c8:0c:10:f3:48:
         5a:62:fd:da:19:aa:ca:7c:a0:d2:75:06:69:65:8e:9d:bc:8a:
         10:c4:b8:d2:ae:d7:9e:1e:3b:05:fa:46:34:af:26:c2:dc:34:
         92:54:ec:13:48:66:9e:ea:3f:79:50:df:fe:ad:df:a0:ab:0b:
         06:eb:b9:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjFeQz4EqsP9zzgZ6idxJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDVlNjA4NzQ3ZDM0YTUzNzUyMWUwM2JjYTBkZTY0YmFlNDJjNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTAGjjsq5546iACTFKXvsXc0ogqA
KiV4MFUWCpuM+zL+eo1o4BZCCNz1lDrEdrOiSZ7hz+zUiJ9hpmUQ5OS+viuh9tAy
hAA91zCfNSxULGeISkt+q6bcX+ij4EMTOaGDA2kiQR+nA5YHaqGTZ7h0FbElO5M0
NP2FqQ12c399ni3Uxyg4x9J2pK3Z/9AZLDve1P140x8qtrf2EdUs700JMpl3TKPL
+dcBqBbu5Hb6gvj/Pcgez5O7JlCSgg/x/nWuKSBlba/SVJ5lagw0CZoW12SLi9h7
rMXpRf9N4QqLBanQiPFLUf6VFTPIGMeQ/lmfAJNH0ZQ9xcTG0qMHOgNdEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB1eYIdH00pTdSHgO8oN5kuuQsZ0MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvSFY1Z2gwZlRTbE4xSWVBN3lnM21TNjVDeG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+xBYg
MA0GCSqGSIb3DQEBCwUAA4IBAQC/qcnxD6+dsEOR70DHVcH3OgXCjPyTcwmQ5vS5
BRLpIb3aSASukP64gIygSi/XnRUXJdVXD/kxlKrPeoPTQGn6NMkfjjUuZkJrCWhP
diSAKRZTqxH+aElychfLR7H8Emeohs1kEO2G38bwfHqMwLXd7jzk2XwCAf0DuCOg
Vh2ktqlFXST1W7U0R3W6qOT00nP7aPsWDkfD5B1Gj0BVecLb7SRBqVFnbwWz/Jpn
y1IuRHU5WfPmrFOB0Z0B1pO2xgzbyAwQ80haYv3aGarKfKDSdQZpZY6dvIoQxLjS
rteeHjsF+kY0rybC3DSSVOwTSGae6j95UN/+rd+gqwsG67ne
-----END CERTIFICATE-----