Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/_09r1dSjeXEEk0oSB3VCZTwMU6s.roa
File:                     _09r1dSjeXEEk0oSB3VCZTwMU6s.roa (raw, json)
Hash identifier:          wv4GSFUoz0X7g8aoxV4aIKvGLp0k90ZdU5CO7DImxW0=
Subject key identifier:   FF:4F:6B:D5:D4:A3:79:71:04:93:4A:12:07:75:42:65:3C:0C:53:AB
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C607652A771B30CBC38B2836E53B7
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/_09r1dSjeXEEk0oSB3VCZTwMU6s.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208328
IP address blocks:        2a12:bec0:fc0::/42 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 17:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:60:76:52:a7:71:b3:0c:bc:38:b2:83:6e:53:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff4f6bd5d4a3797104934a12077542653c0c53ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:30:67:5c:ee:02:a0:8b:85:9c:ae:d5:96:1d:
                    99:a0:58:a0:72:bc:2d:bb:6a:dc:d6:69:db:26:0e:
                    ef:da:19:f2:50:17:db:6c:8a:0f:b0:94:e8:f3:bf:
                    61:de:6b:a1:51:e0:c6:a4:d3:f1:0e:86:ba:81:94:
                    42:52:16:f7:fa:fd:20:7c:f9:d1:f3:05:6c:b3:23:
                    27:cc:6a:a2:39:85:dc:0c:ad:bb:df:28:68:86:29:
                    3a:3c:d5:1a:f2:e6:bf:cb:e0:7c:e5:4d:aa:c3:a4:
                    b4:6a:cb:1f:19:35:ba:70:7a:35:0f:96:a3:f8:2a:
                    1c:63:79:13:e0:18:c2:3b:60:be:b2:0d:19:84:b1:
                    ad:51:dd:06:17:06:b8:2d:f7:c7:a1:5a:5e:b1:1f:
                    96:1a:3b:93:ff:f0:dc:7a:37:74:6c:2b:aa:d4:e6:
                    10:eb:81:fe:5b:58:c5:a1:db:ac:d0:ed:7b:b4:8f:
                    3a:cc:00:ca:c7:e7:a1:54:fe:eb:3e:14:9e:1b:56:
                    5c:0a:30:2c:2f:80:4b:54:ec:06:a4:09:20:da:cf:
                    eb:59:56:bb:fb:69:73:dd:3e:2b:b6:e0:62:8c:7d:
                    61:e8:c7:1c:54:b8:99:d0:ad:78:bb:dc:5f:02:18:
                    93:1e:a3:27:44:45:5b:14:38:8f:af:0d:1c:fa:99:
                    dd:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:4F:6B:D5:D4:A3:79:71:04:93:4A:12:07:75:42:65:3C:0C:53:AB
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/_09r1dSjeXEEk0oSB3VCZTwMU6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:fc0::/42

    Signature Algorithm: sha256WithRSAEncryption
         bb:2d:cf:a3:b6:b0:d1:f1:db:fe:03:64:35:9f:77:ac:60:c5:
         5d:0b:5d:7b:08:d0:cc:d4:c0:b4:51:64:cc:a0:32:f9:b4:f1:
         e2:dc:e6:80:5a:36:9b:5a:41:0e:51:86:bb:49:d9:b5:54:6d:
         ac:25:67:13:35:47:2b:4b:48:04:8f:1a:80:fb:6f:06:38:a4:
         0d:db:f6:10:cb:ed:0c:eb:71:f5:5e:ee:1a:29:c3:7a:f3:dc:
         5e:67:91:11:0e:ad:95:b1:80:36:ef:f2:3d:ff:6d:cc:ba:4f:
         15:28:48:06:8b:2c:06:0e:95:03:98:97:35:99:6d:74:56:b6:
         55:d6:68:83:38:e2:0c:41:d5:02:bd:48:ef:c0:27:8a:cf:b2:
         ab:dd:77:4c:e0:0c:d8:61:9e:95:16:42:6e:6a:12:5c:34:10:
         33:2a:4f:dc:7b:0a:8e:7b:28:6e:0d:a8:03:74:08:ef:0e:8c:
         88:13:0f:6e:25:15:4d:22:ad:48:0f:ae:77:bd:41:6e:56:57:
         ee:eb:71:be:3b:bb:b7:aa:5a:55:33:a3:69:b9:68:98:d9:0b:
         4e:3a:ea:b8:1f:c7:37:a8:b9:9d:eb:a3:b0:b2:03:39:3c:42:
         77:44:55:ee:bb:c1:e5:8a:28:93:37:3d:81:11:0b:3a:c9:7c:
         1f:68:06:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjGB2Uqdxswy8OLKDblO3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjRmNmJkNWQ0YTM3OTcxMDQ5MzRhMTIwNzc1NDI2NTNjMGM1M2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDBnXO4CoIuFnK7Vlh2ZoFigcrwt
u2rc1mnbJg7v2hnyUBfbbIoPsJTo879h3muhUeDGpNPxDoa6gZRCUhb3+v0gfPnR
8wVssyMnzGqiOYXcDK273yhohik6PNUa8ua/y+B85U2qw6S0assfGTW6cHo1D5aj
+CocY3kT4BjCO2C+sg0ZhLGtUd0GFwa4LffHoVpesR+WGjuT//Dcejd0bCuq1OYQ
64H+W1jFodus0O17tI86zADKx+ehVP7rPhSeG1ZcCjAsL4BLVOwGpAkg2s/rWVa7
+2lz3T4rtuBijH1h6MccVLiZ0K14u9xfAhiTHqMnREVbFDiPrw0c+pndeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP9Pa9XUo3lxBJNKEgd1QmU8DFOrMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvXzA5cjFkU2plWEVFazBvU0IzVkNaVHdNVTZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKhK+wA/A
MA0GCSqGSIb3DQEBCwUAA4IBAQC7Lc+jtrDR8dv+A2Q1n3esYMVdC117CNDM1MC0
UWTMoDL5tPHi3OaAWjabWkEOUYa7Sdm1VG2sJWcTNUcrS0gEjxqA+28GOKQN2/YQ
y+0M63H1Xu4aKcN689xeZ5ERDq2VsYA27/I9/23Muk8VKEgGiywGDpUDmJc1mW10
VrZV1miDOOIMQdUCvUjvwCeKz7Kr3XdM4AzYYZ6VFkJuahJcNBAzKk/cewqOeyhu
DagDdAjvDoyIEw9uJRVNIq1ID653vUFuVlfu63G+O7u3qlpVM6NpuWiY2QtOOuq4
H8c3qLmd66OwsgM5PEJ3RFXuu8HliiiTNz2BEQs6yXwfaAaD
-----END CERTIFICATE-----