Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/T2U5NdKGiS0M3VcJNdRWn0s6Gow.roa
File:                     T2U5NdKGiS0M3VcJNdRWn0s6Gow.roa (raw, json)
Hash identifier:          M5pJwmwa+dpL9jmNca9dqlOHXpytEhbVIjZNvOd4ASE=
Subject key identifier:   4F:65:39:35:D2:86:89:2D:0C:DD:57:09:35:D4:56:9F:4B:3A:1A:8C
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C693176083A18F6087A4878139195
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/T2U5NdKGiS0M3VcJNdRWn0s6Gow.roa
Signing time:             Wed 01 Jan 2025 01:48:03 +0000
ROA not before:           Wed 01 Jan 2025 01:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214828
IP address blocks:        2a12:bec4:12b0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:69:31:76:08:3a:18:f6:08:7a:48:78:13:91:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f653935d286892d0cdd570935d4569f4b3a1a8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:ce:37:dd:82:e1:f3:d2:c3:35:fb:3c:08:6b:
                    e2:53:3e:c2:18:f6:7b:2e:70:08:b2:bb:d3:e9:1b:
                    be:5a:13:0e:2b:5a:13:97:4d:71:80:e7:25:65:6f:
                    d0:c7:15:44:bd:08:3a:6f:a4:ac:cf:b1:0e:a4:99:
                    19:cb:74:34:e8:5b:d6:d5:67:83:cd:67:a4:f7:b0:
                    c3:19:af:f3:99:0a:04:c0:01:db:87:2f:91:bd:09:
                    c9:20:04:c8:02:2a:98:c8:90:00:19:5e:ec:50:d6:
                    54:e0:68:90:6b:15:a1:54:c4:41:a9:8b:11:0d:79:
                    44:db:1e:82:98:c9:fa:85:66:2e:94:48:7d:4e:7a:
                    10:dc:5e:91:89:90:2d:62:17:07:92:88:29:0b:36:
                    63:57:16:a6:84:60:ee:d7:89:ef:25:7f:c4:08:7f:
                    81:16:67:ae:df:0e:de:20:bc:c9:f7:c6:76:c1:bf:
                    1a:da:8a:86:65:67:6d:b1:dc:70:73:31:6e:f9:33:
                    01:5a:ec:0c:33:e4:da:e5:30:5f:0c:87:a2:a5:4d:
                    c5:cf:94:dd:a1:d6:4f:e9:6e:48:90:52:c0:ee:bb:
                    27:af:89:1f:08:7d:ec:63:a6:fe:24:4a:d5:77:1f:
                    d2:48:a2:ed:9b:87:eb:f6:58:71:ab:79:e4:08:f6:
                    5c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:65:39:35:D2:86:89:2D:0C:DD:57:09:35:D4:56:9F:4B:3A:1A:8C
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/T2U5NdKGiS0M3VcJNdRWn0s6Gow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:12b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a0:a0:c4:14:c3:55:e8:8d:5d:de:8a:6c:00:e9:a0:d4:22:ef:
         e6:f9:79:b0:6f:6f:4e:0f:14:a8:c2:4b:6b:62:6a:d9:23:c1:
         ae:ee:be:5d:51:62:47:b8:04:c6:04:42:69:5a:f5:94:e9:cc:
         c6:e6:8a:aa:00:3d:da:46:df:d1:19:5d:d0:20:f4:02:8f:37:
         b8:3c:60:53:dc:ad:32:ce:b4:ea:0a:77:fb:a1:79:2a:e0:c5:
         b8:85:d6:bd:cd:4b:6d:c8:83:44:9b:b0:6f:84:f0:e7:4b:4b:
         89:9a:a3:17:43:b3:28:81:52:c0:99:14:32:ed:1a:13:04:28:
         f3:87:06:22:82:3e:2c:a5:1d:4c:bc:9a:1b:89:36:8a:80:28:
         d6:a9:e0:2a:aa:b0:86:76:cf:ea:91:55:16:9c:7c:7d:9e:f1:
         45:e5:02:d6:10:47:c8:22:05:f4:5d:69:57:b5:95:ff:cf:87:
         52:53:40:17:f3:48:d3:63:04:40:82:bb:e1:0f:4e:e3:18:40:
         22:2d:f5:10:c7:69:cc:8f:71:6d:3b:74:ff:8d:64:ff:8c:bf:
         fb:13:61:0d:23:d4:3d:cc:4e:aa:e8:f2:41:e2:5c:d3:bd:b3:
         e0:6d:89:ce:5f:c1:55:fa:9c:77:ae:66:c2:ed:71:a7:59:69:
         18:79:df:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjGkxdgg6GPYIekh4E5GVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjY1MzkzNWQyODY4OTJkMGNkZDU3MDkzNWQ0NTY5ZjRiM2ExYThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA78433YLh89LDNfs8CGviUz7CGPZ7
LnAIsrvT6Ru+WhMOK1oTl01xgOclZW/QxxVEvQg6b6Ssz7EOpJkZy3Q06FvW1WeD
zWek97DDGa/zmQoEwAHbhy+RvQnJIATIAiqYyJAAGV7sUNZU4GiQaxWhVMRBqYsR
DXlE2x6CmMn6hWYulEh9TnoQ3F6RiZAtYhcHkogpCzZjVxamhGDu14nvJX/ECH+B
Fmeu3w7eILzJ98Z2wb8a2oqGZWdtsdxwczFu+TMBWuwMM+Ta5TBfDIeipU3Fz5Td
odZP6W5IkFLA7rsnr4kfCH3sY6b+JErVdx/SSKLtm4fr9lhxq3nkCPZcJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE9lOTXShoktDN1XCTXUVp9LOhqMMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVDJVNU5kS0dpUzBNM1ZjSk5kUlduMHM2R293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBKw
MA0GCSqGSIb3DQEBCwUAA4IBAQCgoMQUw1XojV3eimwA6aDUIu/m+Xmwb29ODxSo
wktrYmrZI8Gu7r5dUWJHuATGBEJpWvWU6czG5oqqAD3aRt/RGV3QIPQCjze4PGBT
3K0yzrTqCnf7oXkq4MW4hda9zUttyINEm7BvhPDnS0uJmqMXQ7MogVLAmRQy7RoT
BCjzhwYigj4spR1MvJobiTaKgCjWqeAqqrCGds/qkVUWnHx9nvFF5QLWEEfIIgX0
XWlXtZX/z4dSU0AX80jTYwRAgrvhD07jGEAiLfUQx2nMj3FtO3T/jWT/jL/7E2EN
I9Q9zE6q6PJB4lzTvbPgbYnOX8FV+px3rmbC7XGnWWkYed+E
-----END CERTIFICATE-----