Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Qzch73eMQ4Sf2gHU3S8NYTOc28c.roa
File:                     Qzch73eMQ4Sf2gHU3S8NYTOc28c.roa (raw, json)
Hash identifier:          ND0Q0wPmJed4QI2URCiLSXKBJChM0u1FS10iPz5oQZc=
Subject key identifier:   43:37:21:EF:77:8C:43:84:9F:DA:01:D4:DD:2F:0D:61:33:9C:DB:C7
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01954759C4903425CE00F3BC3C04E193824C
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Qzch73eMQ4Sf2gHU3S8NYTOc28c.roa
Signing time:             Thu 27 Feb 2025 12:20:20 +0000
ROA not before:           Thu 27 Feb 2025 12:20:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214481
IP address blocks:        2a12:bec4:12a2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:47:59:c4:90:34:25:ce:00:f3:bc:3c:04:e1:93:82:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Feb 27 12:20:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=433721ef778c43849fda01d4dd2f0d61339cdbc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:cf:66:bd:27:42:e7:e2:d0:0e:6f:4f:be:d3:
                    5d:a9:bd:b3:0d:eb:60:e0:f8:22:05:43:65:41:22:
                    d2:26:53:23:ce:1c:84:7d:1f:81:b1:67:cf:13:6d:
                    16:ea:18:75:07:00:e9:a5:dc:37:5d:2a:3d:4d:21:
                    26:82:1c:3a:08:42:8b:ef:a9:2b:f4:6f:c5:d1:f8:
                    8e:7e:07:6f:4c:d8:f0:df:e0:ae:e2:2f:51:7e:c9:
                    7e:b1:81:b5:4b:c3:ac:f7:e4:12:c8:a4:47:98:48:
                    d4:c8:e7:a1:5c:86:88:e8:62:c5:c7:fe:6a:c9:71:
                    f2:d9:7d:fd:2e:95:b1:15:fc:83:81:6f:79:13:33:
                    dd:be:28:d7:f0:a9:90:99:90:a5:b2:5f:ed:ea:00:
                    87:0e:51:75:99:25:8e:f0:b4:e1:14:43:6c:d8:69:
                    d9:98:46:34:c7:85:d6:a7:86:51:51:d6:fd:59:bd:
                    e0:2c:c1:6e:dc:c8:7a:21:aa:f8:08:3a:25:9f:ec:
                    2e:f9:99:a1:8f:dc:8f:7b:28:bb:fc:eb:4a:04:f7:
                    9d:70:53:4e:33:83:85:d5:c9:0e:16:8a:b1:6b:12:
                    5c:1e:52:f4:bd:34:ef:b7:9f:70:a8:f9:f6:b2:aa:
                    17:0f:9a:b4:57:36:89:9c:51:b2:37:77:13:9c:be:
                    2e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:37:21:EF:77:8C:43:84:9F:DA:01:D4:DD:2F:0D:61:33:9C:DB:C7
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Qzch73eMQ4Sf2gHU3S8NYTOc28c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:12a2::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:a2:fc:19:54:66:60:95:97:70:b7:db:ba:c8:aa:eb:73:c7:
         ca:80:c8:ad:59:10:71:11:66:cd:c4:2c:56:36:98:c2:b2:bf:
         f0:76:84:22:c3:2d:04:51:d0:2a:2f:4c:99:a4:b8:1b:d9:3d:
         20:38:b7:f4:14:3f:c1:cd:34:80:bf:8d:44:73:ed:0f:62:d2:
         9e:d8:90:56:98:7c:e2:06:fc:4e:67:57:01:ac:04:14:89:d4:
         82:e4:79:2b:10:a5:97:4a:94:5d:34:c9:67:0d:2c:30:ab:a5:
         68:4d:fa:64:03:d3:8f:26:17:7f:1d:74:9a:37:4c:3a:39:96:
         89:63:28:5b:5b:16:de:21:21:ee:d5:3c:7c:be:6c:3b:57:76:
         98:bc:51:d8:eb:c1:17:3a:e6:50:ea:bb:9b:86:45:70:21:40:
         28:04:34:04:a1:7c:c8:02:b9:6b:8c:4c:3a:5c:bf:b3:a2:99:
         31:5f:78:a2:02:c3:eb:1e:4e:96:54:77:4e:ba:fe:1f:69:c7:
         3b:12:35:18:dc:b5:63:b4:be:74:4b:51:fd:b7:6b:7b:13:8e:
         72:d6:63:ae:e5:1b:00:fa:9c:08:eb:44:2a:05:bf:f9:aa:fa:
         95:bc:98:13:9a:9d:7b:28:d1:10:78:fb:a7:22:c2:a1:53:0b:
         c0:2f:36:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZVHWcSQNCXOAPO8PAThk4JMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMjI3MTIyMDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzM3MjFlZjc3OGM0Mzg0OWZkYTAxZDRkZDJmMGQ2MTMzOWNkYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqs9mvSdC5+LQDm9PvtNdqb2zDetg
4PgiBUNlQSLSJlMjzhyEfR+BsWfPE20W6hh1BwDppdw3XSo9TSEmghw6CEKL76kr
9G/F0fiOfgdvTNjw3+Cu4i9Rfsl+sYG1S8Os9+QSyKRHmEjUyOehXIaI6GLFx/5q
yXHy2X39LpWxFfyDgW95EzPdvijX8KmQmZClsl/t6gCHDlF1mSWO8LThFENs2GnZ
mEY0x4XWp4ZRUdb9Wb3gLMFu3Mh6Iar4CDoln+wu+Zmhj9yPeyi7/OtKBPedcFNO
M4OF1ckOFoqxaxJcHlL0vTTvt59wqPn2sqoXD5q0VzaJnFGyN3cTnL4u9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEM3Ie93jEOEn9oB1N0vDWEznNvHMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvUXpjaDczZU1RNFNmMmdIVTNTOE5ZVE9jMjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+xBKi
MA0GCSqGSIb3DQEBCwUAA4IBAQBxovwZVGZglZdwt9u6yKrrc8fKgMitWRBxEWbN
xCxWNpjCsr/wdoQiwy0EUdAqL0yZpLgb2T0gOLf0FD/BzTSAv41Ec+0PYtKe2JBW
mHziBvxOZ1cBrAQUidSC5HkrEKWXSpRdNMlnDSwwq6VoTfpkA9OPJhd/HXSaN0w6
OZaJYyhbWxbeISHu1Tx8vmw7V3aYvFHY68EXOuZQ6rubhkVwIUAoBDQEoXzIArlr
jEw6XL+zopkxX3iiAsPrHk6WVHdOuv4facc7EjUY3LVjtL50S1H9t2t7E45y1mOu
5RsA+pwI60QqBb/5qvqVvJgTmp17KNEQePunIsKhUwvALzaH
-----END CERTIFICATE-----