Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/UlIB99DsuMdi7UORNMd_d14OqY8.roa
File:                     UlIB99DsuMdi7UORNMd_d14OqY8.roa (raw, json)
Hash identifier:          n7u0u2lKoCHFzxNV6Pc1SadapwpTBGz8IJ40i9IrOxs=
Subject key identifier:   52:52:01:F7:D0:EC:B8:C7:62:ED:43:91:34:C7:7F:77:5E:0E:A9:8F
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C490EF11A733AC5E9696FC9CA0BF5
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/UlIB99DsuMdi7UORNMd_d14OqY8.roa
Signing time:             Wed 01 Jan 2025 01:47:54 +0000
ROA not before:           Wed 01 Jan 2025 01:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49592
IP address blocks:        2a12:bec0:340::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:49:0e:f1:1a:73:3a:c5:e9:69:6f:c9:ca:0b:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=525201f7d0ecb8c762ed439134c77f775e0ea98f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:36:e0:9e:25:1b:16:d8:cc:ff:d7:ab:df:c0:
                    1e:95:26:cc:f1:26:51:71:52:8b:50:8f:8a:c2:9e:
                    1a:c1:b6:a7:22:e5:15:25:f8:6e:cc:d7:a7:26:58:
                    5f:cd:5c:08:ae:7f:1f:7a:bf:78:4e:89:bd:eb:8f:
                    97:e2:65:fc:59:70:f5:fc:3c:d9:22:07:0e:12:aa:
                    d0:4d:be:70:cd:8c:62:7a:7e:7b:a9:88:66:1c:c7:
                    93:c9:9e:6a:3d:4a:34:6b:a4:1b:22:12:e4:27:19:
                    e4:ce:66:52:3b:8a:d7:19:1e:09:9a:f0:33:a4:6d:
                    61:95:df:0a:f0:e7:05:db:1a:e0:f6:6f:6b:3a:2c:
                    24:67:25:bf:da:5e:51:3f:dd:94:41:7b:ff:a3:5a:
                    c8:5e:1c:0e:13:4d:8e:f0:52:e4:f0:fd:e5:01:5b:
                    60:d6:8a:9f:d8:25:83:6a:a0:aa:75:ba:0b:79:b8:
                    28:48:05:19:e9:34:0d:4f:57:61:16:ad:a4:8a:84:
                    f9:94:db:20:17:07:a1:ad:c1:20:59:48:b4:74:04:
                    58:d4:aa:19:bf:7b:4c:5a:34:ec:46:1a:db:13:95:
                    18:df:ac:35:2f:97:14:0d:74:39:f4:4d:75:56:bd:
                    00:f9:c8:46:73:c5:19:72:4b:20:0b:6e:ef:2d:ba:
                    bb:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:52:01:F7:D0:EC:B8:C7:62:ED:43:91:34:C7:7F:77:5E:0E:A9:8F
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/UlIB99DsuMdi7UORNMd_d14OqY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:340::/44

    Signature Algorithm: sha256WithRSAEncryption
         af:0d:95:74:a1:6e:af:43:94:85:3d:97:c6:ad:4f:da:3a:3d:
         ea:b6:20:0c:b1:2a:f8:48:9c:8b:40:12:34:ae:80:a9:74:49:
         be:69:62:f9:b6:07:aa:30:f7:53:81:3e:84:3f:3e:4e:4c:7a:
         b9:ac:14:c2:f7:be:ad:7f:c0:c9:f9:3a:e4:7f:79:7a:f1:3c:
         16:c9:78:6a:fc:e2:00:07:bf:b7:01:90:ef:e1:56:a2:0a:b7:
         af:4c:f4:06:45:9c:33:87:dd:60:13:61:61:50:8c:e2:09:e0:
         36:dd:00:1c:cc:88:fe:20:82:9c:ae:89:df:91:d8:f7:59:d1:
         a0:a4:b8:7c:a5:84:49:6a:dd:30:34:bc:68:8c:3a:69:6b:7e:
         14:bd:4b:5d:f5:93:c4:b0:0a:d4:a1:cd:92:56:56:90:c2:d7:
         e1:36:75:06:7b:80:31:f5:90:79:ec:24:ac:7d:57:d4:58:05:
         3e:74:f5:3a:23:a2:27:00:2d:b0:17:52:44:9b:d3:64:af:5c:
         c8:c5:62:69:3f:62:56:d6:13:e0:a3:b6:6c:73:cf:d8:b3:20:
         33:7b:f8:3f:40:2d:b0:13:3f:ea:ad:be:c1:9e:fe:1d:25:a4:
         e9:49:96:c6:71:8c:f8:da:cc:66:d4:af:cf:3e:b5:2c:23:a3:
         e5:83:b3:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjEkO8RpzOsXpaW/Jygv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjUyMDFmN2QwZWNiOGM3NjJlZDQzOTEzNGM3N2Y3NzVlMGVhOThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jbgniUbFtjM/9er38AelSbM8SZR
cVKLUI+Kwp4awbanIuUVJfhuzNenJlhfzVwIrn8fer94Tom964+X4mX8WXD1/DzZ
IgcOEqrQTb5wzYxien57qYhmHMeTyZ5qPUo0a6QbIhLkJxnkzmZSO4rXGR4JmvAz
pG1hld8K8OcF2xrg9m9rOiwkZyW/2l5RP92UQXv/o1rIXhwOE02O8FLk8P3lAVtg
1oqf2CWDaqCqdboLebgoSAUZ6TQNT1dhFq2kioT5lNsgFwehrcEgWUi0dARY1KoZ
v3tMWjTsRhrbE5UY36w1L5cUDXQ59E11Vr0A+chGc8UZcksgC27vLbq7iQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFJSAffQ7LjHYu1DkTTHf3deDqmPMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVWxJQjk5RHN1TWRpN1VPUk5NZF9kMTRPcVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wANA
MA0GCSqGSIb3DQEBCwUAA4IBAQCvDZV0oW6vQ5SFPZfGrU/aOj3qtiAMsSr4SJyL
QBI0roCpdEm+aWL5tgeqMPdTgT6EPz5OTHq5rBTC976tf8DJ+Trkf3l68TwWyXhq
/OIAB7+3AZDv4VaiCrevTPQGRZwzh91gE2FhUIziCeA23QAczIj+IIKcronfkdj3
WdGgpLh8pYRJat0wNLxojDppa34UvUtd9ZPEsArUoc2SVlaQwtfhNnUGe4Ax9ZB5
7CSsfVfUWAU+dPU6I6InAC2wF1JEm9Nkr1zIxWJpP2JW1hPgo7Zsc8/YsyAze/g/
QC2wEz/qrb7Bnv4dJaTpSZbGcYz42sxm1K/PPrUsI6Plg7MU
-----END CERTIFICATE-----