Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/IUgM7TPOE5-sY1AU3JVvez_E9Ro.roa
File:                     IUgM7TPOE5-sY1AU3JVvez_E9Ro.roa (raw, json)
Hash identifier:          VR23s/LVVb6Aw9E0GzETpiruDkKUDV3WtBghxr2oA/8=
Subject key identifier:   21:48:0C:ED:33:CE:13:9F:AC:63:50:14:DC:95:6F:7B:3F:C4:F5:1A
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C46F39DA2AD7F8BDAD5DA6632813B
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/IUgM7TPOE5-sY1AU3JVvez_E9Ro.roa
Signing time:             Wed 01 Jan 2025 01:47:54 +0000
ROA not before:           Wed 01 Jan 2025 01:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        2a12:bec0:420::/44 maxlen: 48
                          2a12:bec4:13f0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:46:f3:9d:a2:ad:7f:8b:da:d5:da:66:32:81:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21480ced33ce139fac635014dc956f7b3fc4f51a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:0b:90:0f:03:f5:a5:86:9f:6c:37:8e:74:c6:
                    fd:11:dc:44:cf:9a:d3:17:c3:4c:fb:85:77:3a:24:
                    6b:15:e0:2f:dc:22:5c:db:3d:21:b4:94:cc:9c:03:
                    9c:e9:39:8c:20:c9:2f:b5:04:b9:40:1d:7c:fb:a1:
                    bd:dd:a9:16:53:14:69:9c:6c:d5:f3:bd:41:07:ce:
                    90:96:44:86:18:34:7b:5d:9b:dc:1d:6f:d3:ef:2d:
                    16:03:f1:fe:2a:86:22:a8:14:f6:87:de:0b:46:67:
                    c6:f3:fc:f3:71:b1:47:ec:14:f7:67:39:a5:f1:06:
                    d6:bc:8f:e4:3e:3d:8e:ad:85:d3:9d:9e:70:21:bb:
                    0a:a7:5e:b6:be:63:f3:9e:87:cd:ab:00:48:a0:da:
                    07:45:93:ac:15:6b:82:d3:d5:1b:37:7a:66:09:e2:
                    a2:76:aa:c8:01:81:84:65:7a:86:1c:bf:21:d7:0a:
                    2c:66:b7:68:5a:72:49:ff:42:3d:cd:e6:14:d2:a7:
                    da:0f:9a:74:bf:3d:6f:bd:75:34:b7:b7:f3:e1:b4:
                    3a:68:b3:81:6b:c4:d6:cc:d5:f3:29:2a:80:68:fa:
                    ce:a5:81:d3:3c:58:69:b4:46:c8:d6:cc:e1:23:66:
                    49:d2:57:a4:22:2b:85:62:c0:79:d8:b0:eb:88:4e:
                    a1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:48:0C:ED:33:CE:13:9F:AC:63:50:14:DC:95:6F:7B:3F:C4:F5:1A
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/IUgM7TPOE5-sY1AU3JVvez_E9Ro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:420::/44
                  2a12:bec4:13f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:73:c1:fa:8d:10:ba:2b:7f:66:41:5d:e2:ac:49:d1:22:ac:
         17:83:42:1e:00:d0:a0:3c:75:cd:12:02:f3:bd:8c:6f:49:63:
         3b:f6:70:f1:dd:2c:1b:29:54:b2:9c:f7:0a:04:bc:f3:83:90:
         d5:94:a6:c1:83:d4:2e:42:dc:31:77:da:5b:51:8e:37:e8:fe:
         cb:60:1c:72:28:87:f9:a3:f7:68:92:5b:d6:8e:9b:34:da:af:
         05:8a:3e:42:22:fc:a5:82:54:a7:f2:f9:5f:c1:ab:43:db:dc:
         b9:12:52:5b:eb:7d:83:c4:f7:0e:4c:b6:0c:70:bf:07:a8:27:
         fd:25:27:fb:22:4e:7c:5a:86:c0:49:0b:8b:94:f6:d9:d5:cf:
         df:10:20:99:fb:08:36:bf:60:46:04:ef:f1:7c:58:84:e6:7a:
         45:12:f7:6c:74:8a:49:0d:fb:83:75:31:b4:94:95:ba:1c:6a:
         f0:37:76:31:38:ca:ff:b3:85:90:f2:05:e4:2d:c9:4e:d4:4a:
         b6:21:9f:ed:ef:7d:00:b8:a0:34:83:49:25:98:a6:af:2f:d9:
         1e:e4:9a:8e:73:8e:64:4a:07:23:74:2c:41:fe:54:f7:b6:01:
         fe:53:ce:54:7a:da:d7:f4:52:f9:22:09:d4:a7:8b:d0:ae:89:
         5c:42:aa:ad
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQfjEbznaKtf4va1dpmMoE7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTQ4MGNlZDMzY2UxMzlmYWM2MzUwMTRkYzk1NmY3YjNmYzRmNTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AuQDwP1pYafbDeOdMb9EdxEz5rT
F8NM+4V3OiRrFeAv3CJc2z0htJTMnAOc6TmMIMkvtQS5QB18+6G93akWUxRpnGzV
871BB86QlkSGGDR7XZvcHW/T7y0WA/H+KoYiqBT2h94LRmfG8/zzcbFH7BT3Zzml
8QbWvI/kPj2OrYXTnZ5wIbsKp162vmPznofNqwBIoNoHRZOsFWuC09UbN3pmCeKi
dqrIAYGEZXqGHL8h1wosZrdoWnJJ/0I9zeYU0qfaD5p0vz1vvXU0t7fz4bQ6aLOB
a8TWzNXzKSqAaPrOpYHTPFhptEbI1szhI2ZJ0lekIiuFYsB52LDriE6hXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCFIDO0zzhOfrGNQFNyVb3s/xPUaMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvSVVnTTdUUE9FNS1zWTFBVTNKVnZlel9FOVJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+wAQg
AwcEKhK+xBPwMA0GCSqGSIb3DQEBCwUAA4IBAQBcc8H6jRC6K39mQV3irEnRIqwX
g0IeANCgPHXNEgLzvYxvSWM79nDx3SwbKVSynPcKBLzzg5DVlKbBg9QuQtwxd9pb
UY436P7LYBxyKIf5o/doklvWjps02q8Fij5CIvylglSn8vlfwatD29y5ElJb632D
xPcOTLYMcL8HqCf9JSf7Ik58WobASQuLlPbZ1c/fECCZ+wg2v2BGBO/xfFiE5npF
EvdsdIpJDfuDdTG0lJW6HGrwN3YxOMr/s4WQ8gXkLclO1Eq2IZ/t730AuKA0g0kl
mKavL9ke5JqOc45kSgcjdCxB/lT3tgH+U85UetrX9FL5IgnUp4vQrolcQqqt
-----END CERTIFICATE-----