Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QL6O077zqByKTiOH3uWknZ04ZPg.roa
File:                     QL6O077zqByKTiOH3uWknZ04ZPg.roa (raw, json)
Hash identifier:          9XDkUei+RUxzB72ehlfwx12kSeHNnUm69tmnX9Bk7lI=
Subject key identifier:   40:BE:8E:D3:BE:F3:A8:1C:8A:4E:23:87:DE:E5:A4:9D:9D:38:64:F8
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C4F0F6FF158163873435C926B1424
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QL6O077zqByKTiOH3uWknZ04ZPg.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198366
IP address blocks:        2a12:bec0:350::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4f:0f:6f:f1:58:16:38:73:43:5c:92:6b:14:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40be8ed3bef3a81c8a4e2387dee5a49d9d3864f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:09:34:88:f2:77:fd:2c:89:5f:ad:6a:49:99:
                    d2:8c:15:b2:c9:06:d6:60:99:c5:e3:33:6a:e3:60:
                    d1:a0:0d:e8:4b:1f:df:7b:82:ad:ec:0d:f8:d0:2d:
                    59:cf:43:7f:f4:11:e3:91:ea:79:ce:19:15:56:81:
                    7b:51:26:4f:28:f0:32:c1:55:34:81:4f:37:f9:ea:
                    9b:06:6f:99:35:dc:4b:65:36:98:87:c5:57:b6:b5:
                    38:f2:7b:43:ce:4a:82:b4:1e:54:86:1b:a4:8c:06:
                    30:1e:54:a2:82:c8:e8:03:75:1f:bf:db:9f:11:05:
                    2f:d8:6d:3c:2c:bd:e7:d4:29:56:b8:04:d8:57:31:
                    1a:c9:6e:69:bf:54:b0:77:cb:8e:af:64:05:4f:8e:
                    25:bb:73:1e:ed:d0:ed:cb:c7:f1:c8:c7:70:8c:ee:
                    d6:d7:72:58:bd:98:21:85:8d:b1:69:a0:5d:49:b5:
                    54:23:92:59:3b:42:bb:06:58:d0:4b:05:e5:c2:b4:
                    8b:23:4d:e3:54:6d:a3:5d:bf:f8:fb:4f:ec:00:e5:
                    72:c9:2a:fe:3c:3b:51:61:4f:26:df:48:b2:05:6e:
                    40:57:65:fe:15:28:f5:1c:db:fc:bd:c7:65:9c:ab:
                    48:7c:ad:5c:1c:e7:6d:26:a1:08:a8:45:76:b6:fc:
                    a4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:BE:8E:D3:BE:F3:A8:1C:8A:4E:23:87:DE:E5:A4:9D:9D:38:64:F8
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QL6O077zqByKTiOH3uWknZ04ZPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:350::/44

    Signature Algorithm: sha256WithRSAEncryption
         63:9a:fb:7a:da:37:2b:d4:06:65:7c:91:48:53:ee:d8:61:56:
         b2:5c:5d:d4:42:2f:8c:68:7b:e0:9b:9b:8d:c2:43:55:30:10:
         56:0d:cb:fb:34:19:6d:02:1f:f4:e6:01:6f:9c:2e:b8:ff:41:
         98:e8:43:db:21:07:83:7b:22:5a:a3:d0:06:96:4c:a9:2c:33:
         01:d6:e8:8f:76:f1:6c:9c:09:b2:d4:9e:b7:f3:cc:75:e5:13:
         92:1f:14:fe:7c:15:fd:8b:81:89:ef:34:db:aa:ac:eb:4d:64:
         62:96:07:95:c9:2c:67:7a:d3:5f:8a:6d:41:dc:82:07:28:c5:
         9e:85:14:4b:62:56:c3:5f:33:a2:41:80:49:19:23:bc:d1:df:
         e2:ed:d7:0b:f4:99:03:fc:0c:79:3a:f6:0c:93:1d:98:91:8f:
         43:72:51:30:be:38:81:a0:15:41:aa:61:32:df:b4:7b:7a:de:
         45:89:a8:03:60:b2:e0:f9:83:ad:86:3d:75:68:7b:45:8a:1a:
         92:d3:71:67:bf:be:2c:1e:82:a3:8f:f3:66:2f:14:4d:c1:e9:
         15:c1:e9:26:2f:a2:77:7e:bd:93:b8:28:4d:be:c6:78:ca:43:
         a2:aa:c8:62:e3:3f:ac:f9:d9:24:c1:43:e8:8c:b9:bb:21:6f:
         a3:58:81:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjE8Pb/FYFjhzQ1ySaxQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGJlOGVkM2JlZjNhODFjOGE0ZTIzODdkZWU1YTQ5ZDlkMzg2NGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQk0iPJ3/SyJX61qSZnSjBWyyQbW
YJnF4zNq42DRoA3oSx/fe4Kt7A340C1Zz0N/9BHjkep5zhkVVoF7USZPKPAywVU0
gU83+eqbBm+ZNdxLZTaYh8VXtrU48ntDzkqCtB5UhhukjAYwHlSigsjoA3Ufv9uf
EQUv2G08LL3n1ClWuATYVzEayW5pv1Swd8uOr2QFT44lu3Me7dDty8fxyMdwjO7W
13JYvZghhY2xaaBdSbVUI5JZO0K7BljQSwXlwrSLI03jVG2jXb/4+0/sAOVyySr+
PDtRYU8m30iyBW5AV2X+FSj1HNv8vcdlnKtIfK1cHOdtJqEIqEV2tvykmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEC+jtO+86gcik4jh97lpJ2dOGT4MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvUUw2TzA3N3pxQnlLVGlPSDN1V2tuWjA0WlBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wANQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBjmvt62jcr1AZlfJFIU+7YYVayXF3UQi+MaHvg
m5uNwkNVMBBWDcv7NBltAh/05gFvnC64/0GY6EPbIQeDeyJao9AGlkypLDMB1uiP
dvFsnAmy1J6388x15ROSHxT+fBX9i4GJ7zTbqqzrTWRilgeVySxnetNfim1B3IIH
KMWehRRLYlbDXzOiQYBJGSO80d/i7dcL9JkD/Ax5OvYMkx2YkY9DclEwvjiBoBVB
qmEy37R7et5FiagDYLLg+YOthj11aHtFihqS03Fnv74sHoKjj/NmLxRNwekVwekm
L6J3fr2TuChNvsZ4ykOiqshi4z+s+dkkwUPojLm7IW+jWIEf
-----END CERTIFICATE-----