Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/TkxxO32KQFN7AZw78w5l8CM74-8.roa
File:                     TkxxO32KQFN7AZw78w5l8CM74-8.roa (raw, json)
Hash identifier:          CfnUlJCYWdASm6RaYR1ZnRty5SKdMkv3lWeT8ykwvr4=
Subject key identifier:   4E:4C:71:3B:7D:8A:40:53:7B:01:9C:3B:F3:0E:65:F0:23:3B:E3:EF
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0194FBC3D65636610900D400612EB605E41A
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/TkxxO32KQFN7AZw78w5l8CM74-8.roa
Signing time:             Wed 12 Feb 2025 20:05:02 +0000
ROA not before:           Wed 12 Feb 2025 20:05:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216382
IP address blocks:        2a12:bec4:12a3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fb:c3:d6:56:36:61:09:00:d4:00:61:2e:b6:05:e4:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Feb 12 20:05:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e4c713b7d8a40537b019c3bf30e65f0233be3ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:19:19:73:98:0a:ca:dd:80:6e:19:47:cb:4a:
                    0d:e2:72:25:67:8f:c6:8b:41:4a:33:5d:aa:0d:65:
                    b8:9b:70:01:28:25:21:73:74:f9:07:5a:cb:4c:79:
                    41:7f:8a:53:8a:85:60:9a:01:b2:d9:54:ff:f0:75:
                    27:d6:ee:3f:91:2b:34:01:5a:85:9d:44:1a:1a:db:
                    1c:4b:1a:9f:6e:65:36:04:75:7d:c7:9b:10:bc:78:
                    96:69:83:0c:09:72:40:ff:16:a5:b1:aa:c2:35:78:
                    95:e0:db:ca:b5:43:12:fc:e4:0b:7e:0a:e8:9b:a8:
                    95:47:28:75:24:19:af:9c:97:8d:b3:20:1d:ad:a2:
                    d2:19:19:2e:c7:f6:dd:74:c5:7e:0a:29:de:68:0e:
                    0c:f3:ce:b6:6d:0a:ed:a5:74:e7:3d:0a:f1:f5:bb:
                    ab:16:d6:e1:cf:08:6a:c4:c8:ff:c3:a6:8e:fb:09:
                    5a:ab:4d:da:0d:67:a9:00:71:16:13:18:ff:73:e3:
                    65:c1:ae:d4:35:ce:39:f6:5c:0e:8b:20:0b:56:68:
                    4d:dd:ab:28:ba:65:fe:6c:44:ba:1f:be:3e:57:ae:
                    df:e2:d7:cf:11:0f:f2:68:53:07:a8:af:b6:7c:12:
                    0c:cc:d5:06:63:10:da:d8:7f:27:05:7c:77:e7:7e:
                    33:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:4C:71:3B:7D:8A:40:53:7B:01:9C:3B:F3:0E:65:F0:23:3B:E3:EF
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/TkxxO32KQFN7AZw78w5l8CM74-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:12a3::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:33:79:ad:d9:f5:c6:3f:da:46:77:95:12:85:b3:fb:a9:64:
         2c:7c:61:65:4a:48:3a:46:f0:6d:72:d6:e6:bd:de:74:ef:ef:
         3f:3f:da:ad:99:07:c3:4a:5f:bb:18:0b:a3:ff:1c:45:7d:5f:
         52:b5:9e:ad:5d:f7:1d:7a:09:bd:c5:e0:b2:cf:b3:46:f4:b2:
         3c:d3:ef:14:1b:d7:75:14:fb:df:41:a9:5f:f5:91:5e:f4:a4:
         9f:08:a8:7c:b6:62:66:52:65:71:ff:a3:69:23:f5:bb:16:97:
         0c:7a:55:bb:14:34:4e:9f:fb:86:82:63:33:21:7b:0f:fd:0a:
         43:49:8e:4e:d1:ba:ce:e1:7f:72:94:b6:5c:25:3c:1a:9c:b9:
         05:bf:41:92:c2:7b:05:08:41:eb:92:f1:e4:14:19:7f:26:32:
         3b:19:f2:cf:43:67:b8:f1:0d:32:e1:2d:ed:44:4a:11:a3:44:
         38:9c:ce:06:60:43:1a:95:39:bb:7c:75:2b:e7:04:69:6b:82:
         ff:31:41:94:0b:cb:3e:5e:71:b7:64:1b:11:1a:46:3f:56:c7:
         cf:13:b8:40:95:b7:be:1a:a3:32:83:d8:d3:35:b5:83:70:26:
         fd:58:71:1c:9a:9e:34:9e:89:26:47:65:1c:15:62:12:4b:e1:
         4a:97:01:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZT7w9ZWNmEJANQAYS62BeQaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMjEyMjAwNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTRjNzEzYjdkOGE0MDUzN2IwMTljM2JmMzBlNjVmMDIzM2JlM2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBkZc5gKyt2AbhlHy0oN4nIlZ4/G
i0FKM12qDWW4m3ABKCUhc3T5B1rLTHlBf4pTioVgmgGy2VT/8HUn1u4/kSs0AVqF
nUQaGtscSxqfbmU2BHV9x5sQvHiWaYMMCXJA/xalsarCNXiV4NvKtUMS/OQLfgro
m6iVRyh1JBmvnJeNsyAdraLSGRkux/bddMV+CineaA4M8862bQrtpXTnPQrx9bur
FtbhzwhqxMj/w6aO+wlaq03aDWepAHEWExj/c+Nlwa7UNc459lwOiyALVmhN3aso
umX+bES6H74+V67f4tfPEQ/yaFMHqK+2fBIMzNUGYxDa2H8nBXx3534zswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE5McTt9ikBTewGcO/MOZfAjO+PvMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVGt4eE8zMktRRk43QVp3Nzh3NWw4Q003NC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+xBKj
MA0GCSqGSIb3DQEBCwUAA4IBAQCwM3mt2fXGP9pGd5UShbP7qWQsfGFlSkg6RvBt
ctbmvd507+8/P9qtmQfDSl+7GAuj/xxFfV9StZ6tXfcdegm9xeCyz7NG9LI80+8U
G9d1FPvfQalf9ZFe9KSfCKh8tmJmUmVx/6NpI/W7FpcMelW7FDROn/uGgmMzIXsP
/QpDSY5O0brO4X9ylLZcJTwanLkFv0GSwnsFCEHrkvHkFBl/JjI7GfLPQ2e48Q0y
4S3tREoRo0Q4nM4GYEMalTm7fHUr5wRpa4L/MUGUC8s+XnG3ZBsRGkY/VsfPE7hA
lbe+GqMyg9jTNbWDcCb9WHEcmp40nokmR2UcFWISS+FKlwHA
-----END CERTIFICATE-----