Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dkQw-kth4zsV_fYVDZPUaXN8Psg.roa
File:                     dkQw-kth4zsV_fYVDZPUaXN8Psg.roa (raw, json)
Hash identifier:          ktAwPSwnnkNhi4/EjfbDRo142D88edXHhvXZ1RG+P1w=
Subject key identifier:   76:44:30:FA:4B:61:E3:3B:15:FD:F6:15:0D:93:D4:69:73:7C:3E:C8
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C703ECEE6528E233FA5F3F2E8771C
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dkQw-kth4zsV_fYVDZPUaXN8Psg.roa
Signing time:             Wed 01 Jan 2025 01:48:04 +0000
ROA not before:           Wed 01 Jan 2025 01:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215472
IP address blocks:        2a12:bec4:1040::/48 maxlen: 48
                          2a12:bec4:1041::/48 maxlen: 48
                          2a12:bec4:1042::/48 maxlen: 48
                          2a12:bec4:1043::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 21:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:70:3e:ce:e6:52:8e:23:3f:a5:f3:f2:e8:77:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=764430fa4b61e33b15fdf6150d93d469737c3ec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8c:9d:44:49:6b:58:f9:e9:a4:9f:e3:51:30:
                    e4:ce:5d:a9:f9:c4:ec:c4:4b:b9:e7:31:1c:d8:56:
                    e0:15:f5:8a:01:70:d2:9d:f2:0b:0a:7f:77:d5:37:
                    40:b5:a5:d6:e8:dd:91:43:ce:10:f9:c5:d7:fb:d9:
                    a1:f3:cf:c2:fb:d1:1c:35:1c:45:16:10:6b:10:cc:
                    61:68:25:34:d1:07:a1:4a:50:b9:5c:c8:c4:6c:6c:
                    7c:d0:83:68:58:60:ec:0e:ef:cd:75:89:6f:e9:c0:
                    e5:66:9b:a1:fb:28:b0:65:f4:3d:be:84:bb:f6:ec:
                    19:ec:63:11:d3:02:7b:d2:a3:7b:74:cd:f9:19:bf:
                    e2:76:e1:f3:de:bb:7f:87:c1:c6:9c:c5:3a:7e:1d:
                    20:75:60:77:fa:9d:72:dc:a1:2f:5b:5f:ac:54:92:
                    54:11:3c:30:f9:dc:48:f4:56:b4:90:8e:78:e9:40:
                    a3:b7:13:1f:4d:a9:e6:2e:36:91:cc:28:71:10:c1:
                    74:5a:98:33:be:72:01:69:23:80:f1:89:9c:f1:2a:
                    1a:ae:c5:c0:01:d2:46:12:e2:b4:63:29:63:cc:36:
                    b2:a9:e6:80:df:63:bc:61:46:7d:8e:4a:b5:19:d0:
                    24:61:c0:66:8e:b1:fa:bc:07:41:0e:40:06:ab:9a:
                    ee:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:44:30:FA:4B:61:E3:3B:15:FD:F6:15:0D:93:D4:69:73:7C:3E:C8
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/dkQw-kth4zsV_fYVDZPUaXN8Psg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1040::/46

    Signature Algorithm: sha256WithRSAEncryption
         a9:5e:8f:69:29:46:c0:90:3e:39:bc:86:ad:ae:2c:fb:42:82:
         59:7b:89:90:ce:7b:7f:b0:04:a5:e8:81:85:f5:87:0a:92:25:
         66:5a:00:1a:07:c0:d7:9c:0a:47:45:45:ca:5f:a8:ea:0f:fb:
         0c:a8:72:9d:c2:b1:2c:42:73:94:bd:7b:cb:c0:76:7b:fc:35:
         4c:a5:15:5f:53:2b:4e:69:3a:4f:d2:8d:a2:59:f0:95:a4:93:
         90:7f:53:d1:3b:37:d0:86:eb:70:0a:de:e2:e2:ca:98:f3:33:
         6f:95:a0:31:c1:82:f5:4c:68:b6:76:66:6e:e6:62:bc:f2:bd:
         ad:48:68:06:51:1d:2b:d6:62:aa:f9:56:28:e2:7a:e2:d3:d4:
         75:2e:2a:f8:e3:ea:8a:a7:1c:e9:ec:f5:6f:73:29:e8:a7:11:
         5b:ec:42:37:fa:b6:03:56:1f:23:b6:6c:42:07:bd:32:49:e4:
         6e:03:6b:f9:0c:90:1c:50:fb:48:f6:f0:a2:2f:1d:0c:40:cb:
         a1:1b:2c:4e:f4:da:10:62:9c:50:52:34:e5:53:95:81:66:ba:
         e6:ef:e2:95:4b:dc:18:23:74:2f:f1:5d:37:85:71:01:cd:04:
         01:d8:ce:39:c7:93:b2:e7:6b:58:a5:ef:71:2a:33:63:a4:f4:
         4d:e5:f1:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHA+zuZSjiM/pfPy6HccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjQ0MzBmYTRiNjFlMzNiMTVmZGY2MTUwZDkzZDQ2OTczN2MzZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIydRElrWPnppJ/jUTDkzl2p+cTs
xEu55zEc2FbgFfWKAXDSnfILCn931TdAtaXW6N2RQ84Q+cXX+9mh88/C+9EcNRxF
FhBrEMxhaCU00QehSlC5XMjEbGx80INoWGDsDu/NdYlv6cDlZpuh+yiwZfQ9voS7
9uwZ7GMR0wJ70qN7dM35Gb/iduHz3rt/h8HGnMU6fh0gdWB3+p1y3KEvW1+sVJJU
ETww+dxI9Fa0kI546UCjtxMfTanmLjaRzChxEMF0WpgzvnIBaSOA8Ymc8SoarsXA
AdJGEuK0YyljzDayqeaA32O8YUZ9jkq1GdAkYcBmjrH6vAdBDkAGq5ruRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHZEMPpLYeM7Ff32FQ2T1GlzfD7IMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvZGtRdy1rdGg0enNWX2ZZVkRaUFVhWE44UHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhK+xBBA
MA0GCSqGSIb3DQEBCwUAA4IBAQCpXo9pKUbAkD45vIatriz7QoJZe4mQznt/sASl
6IGF9YcKkiVmWgAaB8DXnApHRUXKX6jqD/sMqHKdwrEsQnOUvXvLwHZ7/DVMpRVf
UytOaTpP0o2iWfCVpJOQf1PROzfQhutwCt7i4sqY8zNvlaAxwYL1TGi2dmZu5mK8
8r2tSGgGUR0r1mKq+VYo4nri09R1Lir44+qKpxzp7PVvcynopxFb7EI3+rYDVh8j
tmxCB70ySeRuA2v5DJAcUPtI9vCiLx0MQMuhGyxO9NoQYpxQUjTlU5WBZrrm7+KV
S9wYI3Qv8V03hXEBzQQB2M45x5Oy52tYpe9xKjNjpPRN5fFr
-----END CERTIFICATE-----