Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LzAZdLQo3IgU-xMP7iTviiMYy4g.roa
File:                     LzAZdLQo3IgU-xMP7iTviiMYy4g.roa (raw, json)
Hash identifier:          PSKaYI+bSW1hjluGm68KRkQZRtE60U96wqajlDGoCGM=
Subject key identifier:   2F:30:19:74:B4:28:DC:88:14:FB:13:0F:EE:24:EF:8A:23:18:CB:88
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019CE264EEE49E1EA913875E495D31BC2096
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LzAZdLQo3IgU-xMP7iTviiMYy4g.roa
Signing time:             Thu 12 Mar 2026 14:13:11 +0000
ROA not before:           Thu 12 Mar 2026 14:13:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2a12:bec4:12a0::/47 maxlen: 47
                          2a12:bec4:12a4::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 21:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:64:ee:e4:9e:1e:a9:13:87:5e:49:5d:31:bc:20:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Mar 12 14:13:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f301974b428dc8814fb130fee24ef8a2318cb88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:15:18:6a:d6:da:85:e1:99:05:d0:2c:61:25:
                    4a:0d:67:49:a7:35:f8:73:8a:aa:e5:9f:18:b3:52:
                    be:56:c7:c9:c7:89:fc:2b:d4:c8:7d:ce:4f:c2:73:
                    c8:9a:07:7f:2d:44:41:a8:ed:0e:48:75:bd:4a:27:
                    06:7a:6d:d0:6a:e1:af:f3:a1:55:6b:a7:b0:6f:c0:
                    39:f0:2f:12:1b:65:47:99:ec:64:ee:26:9c:9e:15:
                    48:51:c5:f8:24:37:de:97:ed:d2:46:31:12:f9:04:
                    68:c4:ac:24:42:26:71:b3:42:85:53:d1:81:7e:21:
                    ff:a6:de:74:72:d0:45:26:05:f6:d8:44:4e:36:f4:
                    47:fa:b8:eb:f3:e6:b4:ff:0d:17:b2:6a:b5:8d:90:
                    21:d2:0d:d0:4a:b5:90:9c:4e:fb:67:96:10:71:ff:
                    42:a1:80:18:1f:f0:93:31:fc:9e:d0:3b:87:3a:58:
                    95:bd:6f:36:37:a6:5f:7d:b5:fe:ba:57:79:bc:98:
                    f2:82:da:3d:ac:35:40:4c:54:69:7b:f9:be:b4:bd:
                    6e:70:aa:ed:b2:53:fb:11:d5:ba:61:9c:ee:3d:1a:
                    ac:f5:91:f0:0c:34:c8:2d:c3:95:11:7e:ba:65:b5:
                    03:28:95:8b:d2:5f:fa:52:d3:c6:93:51:46:b9:43:
                    3e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:30:19:74:B4:28:DC:88:14:FB:13:0F:EE:24:EF:8A:23:18:CB:88
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LzAZdLQo3IgU-xMP7iTviiMYy4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:12a0::/47
                  2a12:bec4:12a4::/46

    Signature Algorithm: sha256WithRSAEncryption
         05:2b:39:69:ec:dc:75:19:ae:3a:76:22:15:d5:ca:1f:a1:24:
         7c:32:a5:b1:41:a4:69:14:ee:2d:7f:0d:df:9b:d0:d3:ec:86:
         c7:c6:9c:96:74:28:f4:c8:70:33:da:59:35:bd:77:2b:1c:82:
         26:fb:38:4c:cf:7a:8a:e0:8f:94:92:60:7d:33:21:d9:2a:e5:
         4d:39:fe:0f:b4:cd:84:68:85:8a:01:1e:ef:29:27:60:be:7a:
         4b:d4:57:15:40:3b:4f:72:87:5d:49:71:00:c4:e9:43:04:9e:
         63:25:58:a5:1b:8f:d3:1f:17:b7:0b:b9:7c:1f:ba:dd:ff:85:
         f0:4f:88:14:1a:c7:3c:61:1b:92:bb:7d:97:18:c0:5b:37:58:
         30:82:9c:86:08:de:92:0f:70:7a:96:29:b4:9e:b1:07:da:cf:
         8a:1a:51:b6:d3:4f:d5:db:47:61:cc:79:f5:44:21:d6:33:8b:
         56:8b:b8:cd:67:85:f8:8c:a6:8a:0a:e5:7b:16:5b:ea:18:40:
         f7:05:e7:17:71:4f:5d:94:57:04:1e:48:cd:ec:7a:60:7e:63:
         61:b6:47:25:01:30:18:91:01:0c:5e:56:b0:46:1a:10:ef:d7:
         db:dc:84:f0:60:37:42:87:aa:1c:98:88:47:ab:12:d8:f8:0f:
         2a:e7:a0:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZziZO7knh6pE4deSV0xvCCWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMzEyMTQxMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjMwMTk3NGI0MjhkYzg4MTRmYjEzMGZlZTI0ZWY4YTIzMThjYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBUYatbaheGZBdAsYSVKDWdJpzX4
c4qq5Z8Ys1K+VsfJx4n8K9TIfc5PwnPImgd/LURBqO0OSHW9SicGem3QauGv86FV
a6ewb8A58C8SG2VHmexk7iacnhVIUcX4JDfel+3SRjES+QRoxKwkQiZxs0KFU9GB
fiH/pt50ctBFJgX22ERONvRH+rjr8+a0/w0Xsmq1jZAh0g3QSrWQnE77Z5YQcf9C
oYAYH/CTMfye0DuHOliVvW82N6ZffbX+uld5vJjygto9rDVATFRpe/m+tL1ucKrt
slP7EdW6YZzuPRqs9ZHwDDTILcOVEX66ZbUDKJWL0l/6UtPGk1FGuUM+ewIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC8wGXS0KNyIFPsTD+4k74ojGMuIMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvTHpBWmRMUW8zSWdVLXhNUDdpVHZpaU1ZeTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKhK+xBKg
AwcCKhK+xBKkMA0GCSqGSIb3DQEBCwUAA4IBAQAFKzlp7Nx1Ga46diIV1cofoSR8
MqWxQaRpFO4tfw3fm9DT7IbHxpyWdCj0yHAz2lk1vXcrHIIm+zhMz3qK4I+UkmB9
MyHZKuVNOf4PtM2EaIWKAR7vKSdgvnpL1FcVQDtPcoddSXEAxOlDBJ5jJVilG4/T
Hxe3C7l8H7rd/4XwT4gUGsc8YRuSu32XGMBbN1gwgpyGCN6SD3B6lim0nrEH2s+K
GlG200/V20dhzHn1RCHWM4tWi7jNZ4X4jKaKCuV7FlvqGED3BecXcU9dlFcEHkjN
7HpgfmNhtkclATAYkQEMXlawRhoQ79fb3ITwYDdCh6ocmIhHqxLY+A8q56Dj
-----END CERTIFICATE-----