Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dBxbPC3JLkpp_6KKIUV0iUQn_ag.roa
File:                     dBxbPC3JLkpp_6KKIUV0iUQn_ag.roa (raw, json)
Hash identifier:          rQWsc1t+QpjtcQ3D2Tz0mq0LBdTbGdixEWJoZhjdoBQ=
Subject key identifier:   74:1C:5B:3C:2D:C9:2E:4A:69:FF:A2:8A:21:45:74:89:44:27:FD:A8
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0194A7B4A168015EB57453F8134417907774
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dBxbPC3JLkpp_6KKIUV0iUQn_ag.roa
Signing time:             Mon 27 Jan 2025 12:20:20 +0000
ROA not before:           Mon 27 Jan 2025 12:20:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212396
IP address blocks:        2a12:bec0:24f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a7:b4:a1:68:01:5e:b5:74:53:f8:13:44:17:90:77:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan 27 12:20:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=741c5b3c2dc92e4a69ffa28a214574894427fda8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:df:d2:53:63:7b:c9:fe:45:48:ea:1e:2a:73:
                    a9:b8:d6:ce:11:81:f0:83:f1:ef:05:ae:27:f8:05:
                    c4:83:37:b0:7b:f6:7f:86:3f:2b:cb:ac:9f:94:ca:
                    2c:be:ea:bc:65:13:f8:4b:46:4d:2a:3d:4f:b7:5c:
                    fd:b0:5f:c7:b5:ec:88:2b:52:01:f5:89:00:09:5f:
                    09:4d:01:34:64:f5:93:93:e2:a9:be:5c:1c:59:6b:
                    45:c2:60:dd:3a:37:20:69:9b:f7:30:fe:7e:5e:ab:
                    82:fe:48:3a:6c:e8:43:30:97:04:18:f5:28:a5:db:
                    d3:03:6b:70:73:f2:1f:52:75:37:8b:60:31:68:96:
                    9b:73:7d:4d:f3:ff:8e:90:d0:c4:d8:05:e6:e1:b0:
                    2a:8e:0f:0d:e1:2d:c9:ac:03:b9:33:b0:1a:d2:b9:
                    17:7f:20:b7:95:d8:7e:34:81:9f:be:c9:c1:27:67:
                    fd:ec:12:5c:b7:ad:e1:af:4f:74:a2:ef:ac:51:57:
                    ae:0a:8b:2f:4f:09:04:50:7a:8e:d9:67:cf:c7:6f:
                    6e:a7:71:62:2e:a6:54:a9:6e:06:fd:54:0d:e7:85:
                    25:9b:d9:dd:1e:04:36:1d:43:b1:15:b2:b4:c7:33:
                    50:a4:7e:97:04:4d:d9:53:44:15:d6:ea:c2:98:46:
                    9f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:1C:5B:3C:2D:C9:2E:4A:69:FF:A2:8A:21:45:74:89:44:27:FD:A8
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dBxbPC3JLkpp_6KKIUV0iUQn_ag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:24f::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:29:59:71:03:82:c0:87:36:88:35:b0:fc:53:e9:ea:ab:71:
         c8:ac:d5:bf:42:d4:78:02:9d:a7:10:67:0e:11:ae:99:6b:e6:
         b2:3d:a9:8a:b6:35:07:b3:88:d6:f4:6c:7c:81:0d:1f:01:e4:
         df:86:da:d3:62:7d:81:32:b9:e0:d7:66:76:94:d2:aa:ba:dd:
         76:4e:0b:d6:bc:55:b0:0c:1a:81:e3:0d:52:09:f8:36:44:c2:
         1e:81:fc:19:5f:79:9f:dd:c0:75:c2:71:e8:0d:bd:af:cb:92:
         75:15:df:4b:5e:8a:43:82:96:02:c3:83:e2:22:cf:22:ed:e2:
         b2:b0:8b:28:e5:15:c0:c6:eb:f5:95:f6:76:ba:2d:b2:d4:a8:
         3f:c8:cd:30:9a:61:28:62:36:f7:88:18:5d:86:c1:23:45:6c:
         1f:53:f9:8c:cd:11:95:2c:a7:00:5a:e7:c8:ab:c9:3c:b9:1a:
         05:55:89:e8:67:cc:82:51:84:36:2b:cb:e0:42:c9:46:89:21:
         db:41:14:1b:af:b9:32:68:dd:21:84:9d:36:c2:1b:bb:d7:2c:
         89:1c:0d:4f:0c:83:c4:d3:62:d8:c1:0e:f1:9b:d2:f2:af:10:
         ae:b3:e3:1e:1d:47:1b:1d:7a:c1:ee:04:af:36:a3:b2:b6:f1:
         74:da:5c:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZSntKFoAV61dFP4E0QXkHd0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTI3MTIyMDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDFjNWIzYzJkYzkyZTRhNjlmZmEyOGEyMTQ1NzQ4OTQ0MjdmZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN/SU2N7yf5FSOoeKnOpuNbOEYHw
g/HvBa4n+AXEgzewe/Z/hj8ry6yflMosvuq8ZRP4S0ZNKj1Pt1z9sF/HteyIK1IB
9YkACV8JTQE0ZPWTk+KpvlwcWWtFwmDdOjcgaZv3MP5+XquC/kg6bOhDMJcEGPUo
pdvTA2twc/IfUnU3i2AxaJabc31N8/+OkNDE2AXm4bAqjg8N4S3JrAO5M7Aa0rkX
fyC3ldh+NIGfvsnBJ2f97BJct63hr090ou+sUVeuCosvTwkEUHqO2WfPx29up3Fi
LqZUqW4G/VQN54Ulm9ndHgQ2HUOxFbK0xzNQpH6XBE3ZU0QV1urCmEafJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHQcWzwtyS5Kaf+iiiFFdIlEJ/2oMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvZEJ4YlBDM0pMa3BwXzZLS0lVVjBpVVFuX2FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+wAJP
MA0GCSqGSIb3DQEBCwUAA4IBAQAfKVlxA4LAhzaINbD8U+nqq3HIrNW/QtR4Ap2n
EGcOEa6Za+ayPamKtjUHs4jW9Gx8gQ0fAeTfhtrTYn2BMrng12Z2lNKqut12TgvW
vFWwDBqB4w1SCfg2RMIegfwZX3mf3cB1wnHoDb2vy5J1Fd9LXopDgpYCw4PiIs8i
7eKysIso5RXAxuv1lfZ2ui2y1Kg/yM0wmmEoYjb3iBhdhsEjRWwfU/mMzRGVLKcA
WufIq8k8uRoFVYnoZ8yCUYQ2K8vgQslGiSHbQRQbr7kyaN0hhJ02whu71yyJHA1P
DIPE02LYwQ7xm9LyrxCus+MeHUcbHXrB7gSvNqOytvF02lw4
-----END CERTIFICATE-----