Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/cgoMZ88XMEvXT8CKoZo7vHW5NOo.roa
File:                     cgoMZ88XMEvXT8CKoZo7vHW5NOo.roa (raw, json)
Hash identifier:          czeWdwQWdrE/Wq4UoiwyeTxZX2314fmkUjIqmkbcaZ8=
Subject key identifier:   72:0A:0C:67:CF:17:30:4B:D7:4F:C0:8A:A1:9A:3B:BC:75:B9:34:EA
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C52D5EEEAF467618C894FEC9CFC24
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/cgoMZ88XMEvXT8CKoZo7vHW5NOo.roa
Signing time:             Wed 01 Jan 2025 01:47:57 +0000
ROA not before:           Wed 01 Jan 2025 01:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199406
IP address blocks:        2a12:bec0:1a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:52:d5:ee:ea:f4:67:61:8c:89:4f:ec:9c:fc:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=720a0c67cf17304bd74fc08aa19a3bbc75b934ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7a:ab:7b:1b:0e:8d:b3:bc:18:b1:e5:b7:d0:
                    90:94:72:59:82:a1:a7:24:cf:5a:e0:22:34:8d:ea:
                    fa:96:4e:9a:25:3b:76:c6:55:d5:04:14:b8:eb:5c:
                    0f:bc:8b:fc:b7:d7:7e:58:4f:cf:62:b2:c3:05:ab:
                    79:85:03:3f:3b:51:49:88:8f:69:95:3a:7c:be:22:
                    71:8f:9d:63:54:ab:90:a1:bd:48:e3:1a:58:0b:42:
                    91:72:5e:7e:a9:f4:04:a5:e4:28:d3:38:e2:dc:b2:
                    37:65:43:80:0e:aa:28:f8:2c:f5:a3:7b:b2:00:d6:
                    f5:ee:f7:48:95:a0:6b:62:b2:87:9b:ec:f9:ed:7e:
                    1b:5d:bb:a3:c6:7f:e6:de:4f:6f:2a:19:ce:a7:fe:
                    0d:3e:0d:6e:09:54:ba:a8:4e:ee:b6:86:3d:cd:86:
                    3a:3c:da:51:38:96:b1:9d:be:6c:57:2a:be:65:5c:
                    ac:55:3c:87:c3:38:b0:dd:5c:8a:eb:e4:63:41:28:
                    fd:d1:c0:10:12:2b:8c:11:19:55:b4:87:68:e5:d6:
                    91:9d:b8:e7:b4:48:a2:ee:70:46:2f:ff:bd:e2:29:
                    e9:f9:75:13:f5:fc:14:d3:94:67:11:1d:d9:11:ba:
                    85:02:8a:95:1b:b2:87:fc:75:0a:27:73:6d:e6:f5:
                    66:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0A:0C:67:CF:17:30:4B:D7:4F:C0:8A:A1:9A:3B:BC:75:B9:34:EA
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/cgoMZ88XMEvXT8CKoZo7vHW5NOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:1a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b2:1d:c7:8d:7e:ba:a4:2f:bb:87:29:d8:67:31:b9:bd:90:3f:
         20:ae:28:48:f9:1d:b1:8a:db:15:da:b6:12:60:48:9d:0d:47:
         8f:56:a6:ad:3f:dd:a1:16:5c:6f:79:30:1b:c6:60:00:2c:5b:
         d5:0e:7f:54:45:14:3b:61:bd:30:c2:4b:38:49:81:a5:0a:c0:
         85:ca:b7:c9:c3:25:22:2b:3b:7e:ef:94:35:8a:d2:dd:65:fd:
         aa:5c:c5:03:9a:7d:52:a3:c9:0c:5e:d8:b4:28:dd:f9:44:c8:
         78:5c:86:0a:12:bf:50:39:a1:7d:b7:f9:51:79:77:cd:2a:e9:
         46:14:6e:ee:98:1a:ae:d6:d2:d6:bf:d2:63:2b:a9:98:29:53:
         31:67:af:c5:ef:22:7f:de:43:12:8e:5e:d3:db:ad:8d:f9:94:
         73:6a:b8:36:7f:56:1e:48:e4:80:0c:4a:5e:cb:55:ba:61:28:
         3a:ec:7d:85:db:eb:6c:a4:0e:4b:42:39:9a:21:26:f0:48:ef:
         24:1b:bd:46:91:87:16:93:c9:18:31:9b:95:14:1f:c5:45:75:
         f7:f9:67:8e:69:7b:8c:6a:26:ca:7e:1d:6c:be:e1:64:01:dc:
         01:06:c1:63:20:3d:e2:84:65:4f:a5:4d:58:91:90:21:3d:67:
         bd:93:8d:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjFLV7ur0Z2GMiU/snPwkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjBhMGM2N2NmMTczMDRiZDc0ZmMwOGFhMTlhM2JiYzc1YjkzNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXqrexsOjbO8GLHlt9CQlHJZgqGn
JM9a4CI0jer6lk6aJTt2xlXVBBS461wPvIv8t9d+WE/PYrLDBat5hQM/O1FJiI9p
lTp8viJxj51jVKuQob1I4xpYC0KRcl5+qfQEpeQo0zji3LI3ZUOADqoo+Cz1o3uy
ANb17vdIlaBrYrKHm+z57X4bXbujxn/m3k9vKhnOp/4NPg1uCVS6qE7utoY9zYY6
PNpROJaxnb5sVyq+ZVysVTyHwziw3VyK6+RjQSj90cAQEiuMERlVtIdo5daRnbjn
tEii7nBGL/+94inp+XUT9fwU05RnER3ZEbqFAoqVG7KH/HUKJ3Nt5vVmxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHIKDGfPFzBL10/AiqGaO7x1uTTqMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvY2dvTVo4OFhNRXZYVDhDS29abzd2SFc1Tk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAGg
MA0GCSqGSIb3DQEBCwUAA4IBAQCyHceNfrqkL7uHKdhnMbm9kD8grihI+R2xitsV
2rYSYEidDUePVqatP92hFlxveTAbxmAALFvVDn9URRQ7Yb0wwks4SYGlCsCFyrfJ
wyUiKzt+75Q1itLdZf2qXMUDmn1So8kMXti0KN35RMh4XIYKEr9QOaF9t/lReXfN
KulGFG7umBqu1tLWv9JjK6mYKVMxZ6/F7yJ/3kMSjl7T262N+ZRzarg2f1YeSOSA
DEpey1W6YSg67H2F2+tspA5LQjmaISbwSO8kG71GkYcWk8kYMZuVFB/FRXX3+WeO
aXuMaibKfh1svuFkAdwBBsFjID3ihGVPpU1YkZAhPWe9k404
-----END CERTIFICATE-----