Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/X01FobtuTX3ON4Xqg6fkorh0zLI.roa
File:                     X01FobtuTX3ON4Xqg6fkorh0zLI.roa (raw, json)
Hash identifier:          Fb0xWd/rFyvNO0iAl6nyFn3Poeh+ityBpfbbqx/5pXU=
Subject key identifier:   5F:4D:45:A1:BB:6E:4D:7D:CE:37:85:EA:83:A7:E4:A2:B8:74:CC:B2
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C7C8F26D368DC942D238570848184
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/X01FobtuTX3ON4Xqg6fkorh0zLI.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216330
IP address blocks:        2a12:bec0:df0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7c:8f:26:d3:68:dc:94:2d:23:85:70:84:81:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f4d45a1bb6e4d7dce3785ea83a7e4a2b874ccb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f8:e9:60:35:91:03:0a:c1:34:62:85:55:87:
                    55:e2:9e:0a:20:cd:b8:5a:ee:44:91:31:4e:e0:23:
                    86:49:9b:ce:cf:20:f4:6b:91:25:7e:e4:5d:ab:d1:
                    20:1f:61:9a:d6:ba:6e:be:b6:99:47:a2:99:b5:1c:
                    e2:22:51:dd:f3:19:9b:45:b5:1a:f0:93:2a:8e:53:
                    09:c1:08:8f:37:a4:82:0c:ba:fa:fc:fd:25:43:eb:
                    3b:f3:2e:74:ee:b6:79:ff:fa:90:81:8c:a6:b9:5a:
                    f4:b8:eb:0e:17:e4:d6:3e:4f:0f:c4:25:de:e2:2c:
                    4b:71:31:ee:6f:69:7b:7c:f3:e7:e7:b2:63:ec:82:
                    e7:71:65:16:1f:61:bf:18:1b:94:56:07:d5:31:b3:
                    d5:dd:09:b4:61:1f:c1:3c:21:33:e4:d8:9a:58:d9:
                    8f:00:fb:71:52:12:16:2c:89:03:a2:c4:28:c1:85:
                    b6:4d:c1:46:47:b0:1f:ce:e0:91:e0:ba:f0:71:e2:
                    de:76:2d:01:3b:b2:b8:65:3a:8d:a9:68:17:65:2a:
                    83:19:fc:6e:26:8a:20:68:28:fc:89:66:93:19:9b:
                    bb:77:78:96:27:32:7a:05:4b:83:f9:46:cd:6a:b1:
                    69:de:50:22:b3:2e:a0:65:56:ea:31:a5:ab:7d:24:
                    a8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:4D:45:A1:BB:6E:4D:7D:CE:37:85:EA:83:A7:E4:A2:B8:74:CC:B2
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/X01FobtuTX3ON4Xqg6fkorh0zLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:df0::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:9a:f6:1a:7b:b0:dd:6a:ea:72:5e:97:31:02:fd:68:b9:ad:
         30:38:5f:df:5e:01:cf:12:7c:91:64:00:d9:52:59:1f:1b:fb:
         3c:89:02:d1:96:70:f9:e4:9d:f3:8e:aa:8b:eb:4b:4d:50:74:
         70:47:ee:8a:ff:01:26:32:cb:d6:b3:9f:cd:98:27:58:56:7f:
         a5:96:38:72:9d:61:66:fd:9c:7b:73:97:be:17:2c:5b:e6:48:
         0e:2a:51:7f:f0:c0:b5:a5:09:ba:4f:a6:f3:b6:26:27:10:36:
         9e:2b:58:6c:c7:87:22:a6:2e:a0:b5:88:38:cc:27:81:50:e8:
         f6:36:85:eb:83:b5:96:82:8e:84:1a:f8:3c:9c:ff:00:3e:95:
         49:af:18:c5:1e:7a:48:a3:10:7c:9f:54:a3:62:53:34:44:a3:
         bc:26:1c:27:5d:28:da:40:aa:9b:aa:bf:20:73:21:9c:b9:5c:
         a9:b4:e0:5c:a6:1c:e0:e6:af:48:b0:14:cf:7d:50:79:14:04:
         0c:d3:bc:72:8d:de:a1:07:ce:0c:f6:d2:7e:1b:79:8e:8b:11:
         9e:23:7b:76:8c:f4:83:e0:3a:b0:ef:74:84:20:58:06:e7:5a:
         53:89:8d:e5:24:d1:21:aa:44:0f:60:ab:ba:48:c2:82:ee:a7:
         21:ee:ca:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHyPJtNo3JQtI4VwhIGEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjRkNDVhMWJiNmU0ZDdkY2UzNzg1ZWE4M2E3ZTRhMmI4NzRjY2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPjpYDWRAwrBNGKFVYdV4p4KIM24
Wu5EkTFO4COGSZvOzyD0a5ElfuRdq9EgH2Ga1rpuvraZR6KZtRziIlHd8xmbRbUa
8JMqjlMJwQiPN6SCDLr6/P0lQ+s78y507rZ5//qQgYymuVr0uOsOF+TWPk8PxCXe
4ixLcTHub2l7fPPn57Jj7ILncWUWH2G/GBuUVgfVMbPV3Qm0YR/BPCEz5NiaWNmP
APtxUhIWLIkDosQowYW2TcFGR7AfzuCR4LrwceLedi0BO7K4ZTqNqWgXZSqDGfxu
JoogaCj8iWaTGZu7d3iWJzJ6BUuD+UbNarFp3lAisy6gZVbqMaWrfSSonwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF9NRaG7bk19zjeF6oOn5KK4dMyyMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvWDAxRm9idHVUWDNPTjRYcWc2ZmtvcmgwekxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wA3w
MA0GCSqGSIb3DQEBCwUAA4IBAQCUmvYae7DdaupyXpcxAv1oua0wOF/fXgHPEnyR
ZADZUlkfG/s8iQLRlnD55J3zjqqL60tNUHRwR+6K/wEmMsvWs5/NmCdYVn+lljhy
nWFm/Zx7c5e+Fyxb5kgOKlF/8MC1pQm6T6bztiYnEDaeK1hsx4cipi6gtYg4zCeB
UOj2NoXrg7WWgo6EGvg8nP8APpVJrxjFHnpIoxB8n1SjYlM0RKO8JhwnXSjaQKqb
qr8gcyGcuVyptOBcphzg5q9IsBTPfVB5FAQM07xyjd6hB84M9tJ+G3mOixGeI3t2
jPSD4Dqw73SEIFgG51pTiY3lJNEhqkQPYKu6SMKC7qch7sqs
-----END CERTIFICATE-----