Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LS3ryUjpt6YDajN5WsQm2d1Jnoo.roa
File:                     LS3ryUjpt6YDajN5WsQm2d1Jnoo.roa (raw, json)
Hash identifier:          ugYsgskoX8jUlhWrD1ZjlVUqsIIu88nDT24cb+WJFOw=
Subject key identifier:   2D:2D:EB:C9:48:E9:B7:A6:03:6A:33:79:5A:C4:26:D9:DD:49:9E:8A
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C760CAE00A056DE065A80CEF4DAEC
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LS3ryUjpt6YDajN5WsQm2d1Jnoo.roa
Signing time:             Wed 01 Jan 2025 01:48:06 +0000
ROA not before:           Wed 01 Jan 2025 01:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216047
IP address blocks:        2a12:bec0:590::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 20:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:76:0c:ae:00:a0:56:de:06:5a:80:ce:f4:da:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d2debc948e9b7a6036a33795ac426d9dd499e8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c1:dd:30:89:91:6b:20:81:77:83:7d:e7:9c:
                    8a:b7:cd:d5:1d:7a:da:29:c1:cb:7d:65:64:13:15:
                    96:db:7d:2b:db:a0:83:94:49:a1:9b:df:32:b1:60:
                    5c:8b:32:26:29:bb:ea:4e:93:26:d9:b2:5f:e4:83:
                    e6:49:3d:e1:44:08:5f:86:a2:b4:7f:fc:f8:b1:27:
                    b6:38:bf:fe:ae:08:4e:e8:83:e0:05:89:f4:c5:1e:
                    d4:d5:12:63:b4:32:7c:58:e6:2f:ac:d9:ee:52:e5:
                    5b:d1:aa:c4:b2:98:0e:e1:8f:4f:ab:26:6a:05:9f:
                    51:e3:7d:d4:18:d2:1a:de:40:c2:52:50:a9:2d:1e:
                    44:90:50:fe:da:7e:83:9c:11:e4:41:0a:d3:c3:72:
                    97:c5:51:41:95:c9:c3:5a:e1:78:eb:d5:c0:c0:db:
                    b2:c8:a8:86:9c:96:c9:1b:62:2b:dc:17:21:f5:60:
                    3b:d8:a6:93:b8:c6:41:5d:cc:a4:0e:c7:90:2e:3f:
                    1c:cf:bf:f8:bf:c3:85:fb:3b:e1:fe:33:d3:e1:eb:
                    46:c0:13:f1:7d:de:5a:2a:79:a0:d4:ed:73:b6:dc:
                    54:95:5e:09:cd:35:c2:8b:73:22:d3:32:1b:60:c1:
                    9f:0e:88:4e:55:f9:f1:c5:9c:20:50:e3:75:29:bc:
                    a7:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:2D:EB:C9:48:E9:B7:A6:03:6A:33:79:5A:C4:26:D9:DD:49:9E:8A
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LS3ryUjpt6YDajN5WsQm2d1Jnoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:590::/44

    Signature Algorithm: sha256WithRSAEncryption
         a2:48:23:8f:81:6f:fe:44:70:b9:31:fa:f3:5d:af:8a:07:51:
         5e:30:7d:eb:b2:99:ee:71:83:33:d3:4f:51:27:a4:6d:94:0e:
         cc:19:06:07:cb:59:0c:bf:35:9d:ad:c3:89:31:2c:d1:da:78:
         af:9e:1e:57:05:7a:6c:87:e1:70:74:fd:45:cd:ba:0b:96:05:
         91:86:5b:6a:0d:f2:7c:bf:d2:2b:54:ef:79:07:ed:e6:6d:0f:
         55:4b:84:18:62:5c:10:a5:c6:3b:44:71:b8:e5:19:75:06:b8:
         e2:7b:1d:43:8b:8e:45:81:61:2b:7d:55:18:fe:39:03:19:84:
         a4:b3:44:82:f0:ff:d7:03:8b:2b:40:51:e8:c9:dc:05:1b:17:
         f1:85:7c:1c:6d:a3:c7:90:58:94:66:d5:36:e3:49:28:24:f0:
         ee:aa:84:06:22:41:c5:8e:54:e1:2d:3f:0b:2d:1a:aa:05:60:
         87:6f:8e:fd:fa:be:a7:47:ec:ef:37:6c:30:5b:43:2b:7e:52:
         c9:3d:6e:62:01:9e:9f:5c:fc:ff:e0:ed:cc:cf:ea:c2:9f:d1:
         17:e7:88:82:a5:68:20:4b:3a:ac:2b:1d:18:2b:f5:ee:d0:3c:
         9e:63:db:a1:1c:ac:ab:f3:8b:20:f2:c1:d4:89:fb:a7:60:0f:
         3b:98:cd:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHYMrgCgVt4GWoDO9NrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDJkZWJjOTQ4ZTliN2E2MDM2YTMzNzk1YWM0MjZkOWRkNDk5ZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8HdMImRayCBd4N955yKt83VHXra
KcHLfWVkExWW230r26CDlEmhm98ysWBcizImKbvqTpMm2bJf5IPmST3hRAhfhqK0
f/z4sSe2OL/+rghO6IPgBYn0xR7U1RJjtDJ8WOYvrNnuUuVb0arEspgO4Y9PqyZq
BZ9R433UGNIa3kDCUlCpLR5EkFD+2n6DnBHkQQrTw3KXxVFBlcnDWuF469XAwNuy
yKiGnJbJG2Ir3Bch9WA72KaTuMZBXcykDseQLj8cz7/4v8OF+zvh/jPT4etGwBPx
fd5aKnmg1O1zttxUlV4JzTXCi3Mi0zIbYMGfDohOVfnxxZwgUON1KbynQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC0t68lI6bemA2ozeVrEJtndSZ6KMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvTFMzcnlVanB0NllEYWpONVdzUW0yZDFKbm9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAWQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCiSCOPgW/+RHC5MfrzXa+KB1FeMH3rspnucYMz
009RJ6RtlA7MGQYHy1kMvzWdrcOJMSzR2nivnh5XBXpsh+FwdP1FzboLlgWRhltq
DfJ8v9IrVO95B+3mbQ9VS4QYYlwQpcY7RHG45Rl1Brjiex1Di45FgWErfVUY/jkD
GYSks0SC8P/XA4srQFHoydwFGxfxhXwcbaPHkFiUZtU240koJPDuqoQGIkHFjlTh
LT8LLRqqBWCHb479+r6nR+zvN2wwW0MrflLJPW5iAZ6fXPz/4O3Mz+rCn9EX54iC
pWggSzqsKx0YK/Xu0DyeY9uhHKyr84sg8sHUifunYA87mM1G
-----END CERTIFICATE-----