Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/cg7a7BJiClf-U93p_gw2PyzkDXg.roa
File:                     cg7a7BJiClf-U93p_gw2PyzkDXg.roa (raw, json)
Hash identifier:          jgyZq+knrzZbvgDomVIpqmxtHW3cxLIGd9FuJcjIt/0=
Subject key identifier:   72:0E:DA:EC:12:62:0A:57:FE:53:DD:E9:FE:0C:36:3F:2C:E4:0D:78
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C49F0A391F19CCABB6895656B6741
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/cg7a7BJiClf-U93p_gw2PyzkDXg.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51847
IP address blocks:        2a12:bec4:13f0::/44 maxlen: 48
                          2a12:bec4:1440::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:49:f0:a3:91:f1:9c:ca:bb:68:95:65:6b:67:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=720edaec12620a57fe53dde9fe0c363f2ce40d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d0:a6:3a:85:3a:80:09:2f:84:49:f5:49:3a:
                    cf:d2:dc:e3:34:11:21:4f:ff:2d:8a:ae:0d:15:3d:
                    50:2a:54:8b:45:01:9f:3f:5e:77:20:e6:72:93:f8:
                    ee:fb:db:ae:62:62:40:9f:66:2a:c1:7a:be:a6:3a:
                    dc:9e:50:7e:77:05:af:44:ab:c3:a1:b9:45:42:4c:
                    48:6c:70:ef:0f:d9:f9:1d:ee:a0:85:12:92:84:ff:
                    49:91:d0:10:1d:c0:8a:3c:90:7d:90:84:68:82:d9:
                    b5:62:64:7d:93:9c:0b:3c:66:cc:e8:ca:7e:37:22:
                    95:01:73:26:90:66:41:f5:a7:b0:35:7b:48:69:18:
                    9d:f6:57:9f:96:de:f1:a9:a8:49:f4:a5:29:32:c1:
                    14:1b:9d:fb:b3:65:1a:cc:1a:b6:84:be:63:e5:f5:
                    a6:1e:9f:52:45:77:02:7d:51:2c:9b:83:fa:93:26:
                    e0:27:7f:97:c7:27:27:70:38:b1:de:e2:2e:53:af:
                    b9:b0:81:c3:63:b8:a0:a2:66:73:c2:8a:41:fe:34:
                    af:ca:64:a4:e8:9e:da:2c:25:5f:9a:2c:2d:83:2e:
                    28:30:86:99:58:e9:6d:fd:6f:44:65:49:31:11:6f:
                    d0:f2:42:77:26:c3:57:88:59:16:53:16:2f:01:fc:
                    b9:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0E:DA:EC:12:62:0A:57:FE:53:DD:E9:FE:0C:36:3F:2C:E4:0D:78
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/cg7a7BJiClf-U93p_gw2PyzkDXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:13f0::/44
                  2a12:bec4:1440::/44

    Signature Algorithm: sha256WithRSAEncryption
         8e:fd:b1:7d:1f:0f:6d:16:bc:84:15:b7:59:a6:c0:52:cb:82:
         13:9f:18:e4:29:8b:3c:f2:66:2f:6b:8d:03:76:6d:02:f6:b1:
         5c:de:87:39:09:f9:50:4d:cc:bc:2c:72:d6:fb:97:b6:02:27:
         03:a9:50:fa:5a:22:08:cd:b2:57:e7:d1:1d:e0:c9:8d:aa:3e:
         27:2d:46:76:dd:14:46:61:92:34:f8:95:25:fa:48:2f:3b:3f:
         8b:16:d4:7a:8d:c3:40:9b:73:7b:bd:05:27:70:e4:39:bd:f9:
         fc:30:a1:8a:39:d5:e1:c5:f9:65:03:9e:de:97:c2:02:f5:b7:
         cc:a7:36:76:4b:13:07:72:e8:d8:cf:1f:3d:9f:f3:6d:cd:8d:
         fe:e6:4c:2b:2e:cb:34:aa:c4:b7:35:94:bc:c7:42:08:48:50:
         57:2c:55:5a:8b:6b:b2:8e:a5:3d:86:2d:54:98:4e:7b:30:1e:
         af:8e:54:d7:7e:2a:60:01:c3:8d:fd:d7:b2:62:5d:93:69:49:
         98:50:e6:28:20:25:93:40:e0:1d:47:e3:c5:23:a7:46:46:85:
         7f:4d:50:12:4c:b3:22:76:fa:0f:ed:24:0e:03:b1:d5:7a:c9:
         d9:73:fa:78:3e:da:0c:b8:c0:48:a9:55:15:66:c0:e2:38:81:
         5c:a8:d0:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQfjEnwo5HxnMq7aJVla2dBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjBlZGFlYzEyNjIwYTU3ZmU1M2RkZTlmZTBjMzYzZjJjZTQwZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9CmOoU6gAkvhEn1STrP0tzjNBEh
T/8tiq4NFT1QKlSLRQGfP153IOZyk/ju+9uuYmJAn2YqwXq+pjrcnlB+dwWvRKvD
oblFQkxIbHDvD9n5He6ghRKShP9JkdAQHcCKPJB9kIRogtm1YmR9k5wLPGbM6Mp+
NyKVAXMmkGZB9aewNXtIaRid9leflt7xqahJ9KUpMsEUG537s2UazBq2hL5j5fWm
Hp9SRXcCfVEsm4P6kybgJ3+XxycncDix3uIuU6+5sIHDY7igomZzwopB/jSvymSk
6J7aLCVfmiwtgy4oMIaZWOlt/W9EZUkxEW/Q8kJ3JsNXiFkWUxYvAfy5GQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHIO2uwSYgpX/lPd6f4MNj8s5A14MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvY2c3YTdCSmlDbGYtVTkzcF9ndzJQeXprRFhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xBPw
AwcEKhK+xBRAMA0GCSqGSIb3DQEBCwUAA4IBAQCO/bF9Hw9tFryEFbdZpsBSy4IT
nxjkKYs88mYva40Ddm0C9rFc3oc5CflQTcy8LHLW+5e2AicDqVD6WiIIzbJX59Ed
4MmNqj4nLUZ23RRGYZI0+JUl+kgvOz+LFtR6jcNAm3N7vQUncOQ5vfn8MKGKOdXh
xfllA57el8IC9bfMpzZ2SxMHcujYzx89n/NtzY3+5kwrLss0qsS3NZS8x0IISFBX
LFVai2uyjqU9hi1UmE57MB6vjlTXfipgAcON/deyYl2TaUmYUOYoICWTQOAdR+PF
I6dGRoV/TVASTLMidvoP7SQOA7HVesnZc/p4PtoMuMBIqVUVZsDiOIFcqNBb
-----END CERTIFICATE-----