Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/W5M15vHKMPwXJ5dmEqlOzSbaRKQ.roa
File:                     W5M15vHKMPwXJ5dmEqlOzSbaRKQ.roa (raw, json)
Hash identifier:          NL1KMkUFueIGKTFNl0dk4dGyxGv1KMEYfLKYTCLuubo=
Subject key identifier:   5B:93:35:E6:F1:CA:30:FC:17:27:97:66:12:A9:4E:CD:26:DA:44:A4
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C7C1F4AFDCC56E2B99B45B47BD947
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/W5M15vHKMPwXJ5dmEqlOzSbaRKQ.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216327
IP address blocks:        2a12:bec0:450::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7c:1f:4a:fd:cc:56:e2:b9:9b:45:b4:7b:d9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b9335e6f1ca30fc1727976612a94ecd26da44a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5a:ed:3d:0f:db:a9:f5:e0:8d:da:71:d6:ec:
                    95:66:b5:3b:0b:a2:43:62:82:30:47:ec:f1:b1:3c:
                    8f:e5:c2:2a:ff:07:d9:5f:cc:c2:83:45:b5:e1:b4:
                    60:fd:0d:21:b6:ef:76:83:27:b6:9e:39:6a:77:fe:
                    d0:c4:80:4e:03:71:dd:4f:c3:cb:00:08:74:18:1d:
                    92:ec:1e:7e:ab:4e:74:c3:45:1f:e5:91:a5:16:2e:
                    50:9d:7c:11:10:f0:83:a4:7f:92:cf:06:15:50:79:
                    db:5e:50:0a:38:27:78:d2:1b:57:72:29:6b:cd:3c:
                    27:d6:a6:3c:d6:aa:a5:c3:dc:62:68:5b:8e:da:da:
                    13:86:7b:20:ad:41:1d:78:43:ec:83:e5:36:76:dc:
                    b9:8e:a3:43:53:4a:aa:b2:6b:88:a4:bf:10:b2:e6:
                    e8:88:f9:32:7b:2a:b3:ec:1d:7d:9a:51:34:ec:a9:
                    72:1f:58:ac:28:6e:88:0f:64:99:db:55:84:76:92:
                    dc:00:af:3e:e1:01:4c:f8:4b:8b:82:69:2f:3c:22:
                    98:45:48:87:7a:4f:a1:32:6d:95:f3:a7:15:dc:c7:
                    82:b8:a2:be:a3:e8:93:a3:e0:e5:2c:1f:e6:ce:43:
                    de:18:f8:e3:79:86:77:9a:8c:e1:72:06:8e:26:fc:
                    83:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:93:35:E6:F1:CA:30:FC:17:27:97:66:12:A9:4E:CD:26:DA:44:A4
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/W5M15vHKMPwXJ5dmEqlOzSbaRKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:450::/44

    Signature Algorithm: sha256WithRSAEncryption
         10:c8:ed:5c:a0:f4:13:c5:b9:85:18:ba:49:3e:cd:96:3c:a9:
         80:f0:a3:79:ca:54:e9:88:ff:bd:87:77:87:58:be:26:c2:89:
         31:c1:30:0f:ce:11:94:b2:18:de:f1:c0:80:01:e2:ff:ff:fa:
         ef:e5:bf:9a:cc:a6:57:ff:3e:ca:90:85:0e:45:e5:00:7d:70:
         4d:c0:8d:0c:c8:80:c8:87:c6:26:63:3b:aa:dd:48:ff:00:f5:
         61:ab:ca:4c:d7:71:ab:8b:7a:6a:ea:c9:e9:ad:97:2a:3b:7b:
         52:b2:a4:e9:cc:27:49:1b:18:a3:f7:4b:b6:a2:41:5a:c0:5b:
         82:b7:dd:f6:18:e7:f8:3d:80:b9:a3:d8:40:cd:fc:19:8d:45:
         28:bf:af:c1:9a:14:e7:12:96:49:9a:6b:7a:9e:86:43:0a:41:
         fc:4e:87:a1:79:80:fc:0f:cf:ea:ab:f9:c8:9b:03:8a:3f:df:
         46:3c:0a:b0:7c:5c:52:2b:bc:de:9a:65:a0:5c:b7:69:41:4d:
         3f:c0:e9:5e:bd:87:c9:17:ee:08:7b:f1:d5:f7:e5:c0:10:f9:
         1a:f8:cc:56:64:4f:74:f8:8d:e5:91:86:de:f1:94:57:93:9e:
         b0:99:3d:18:4a:b9:4e:17:8e:d7:54:dc:74:b9:cb:36:31:b1:
         8b:0c:95:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHwfSv3MVuK5m0W0e9lHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjkzMzVlNmYxY2EzMGZjMTcyNzk3NjYxMmE5NGVjZDI2ZGE0NGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlrtPQ/bqfXgjdpx1uyVZrU7C6JD
YoIwR+zxsTyP5cIq/wfZX8zCg0W14bRg/Q0htu92gye2njlqd/7QxIBOA3HdT8PL
AAh0GB2S7B5+q050w0Uf5ZGlFi5QnXwREPCDpH+SzwYVUHnbXlAKOCd40htXcilr
zTwn1qY81qqlw9xiaFuO2toThnsgrUEdeEPsg+U2dty5jqNDU0qqsmuIpL8Qsubo
iPkyeyqz7B19mlE07KlyH1isKG6ID2SZ21WEdpLcAK8+4QFM+EuLgmkvPCKYRUiH
ek+hMm2V86cV3MeCuKK+o+iTo+DlLB/mzkPeGPjjeYZ3mozhcgaOJvyDSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFuTNebxyjD8FyeXZhKpTs0m2kSkMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVzVNMTV2SEtNUHdYSjVkbUVxbE96U2JhUktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wARQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAQyO1coPQTxbmFGLpJPs2WPKmA8KN5ylTpiP+9
h3eHWL4mwokxwTAPzhGUshje8cCAAeL///rv5b+azKZX/z7KkIUOReUAfXBNwI0M
yIDIh8YmYzuq3Uj/APVhq8pM13Gri3pq6snprZcqO3tSsqTpzCdJGxij90u2okFa
wFuCt932GOf4PYC5o9hAzfwZjUUov6/BmhTnEpZJmmt6noZDCkH8ToeheYD8D8/q
q/nImwOKP99GPAqwfFxSK7zemmWgXLdpQU0/wOlevYfJF+4Ie/HV9+XAEPka+MxW
ZE90+I3lkYbe8ZRXk56wmT0YSrlOF47XVNx0ucs2MbGLDJXV
-----END CERTIFICATE-----