Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hZf09ha9CJ_Bkq4vbuYfs0jMHSs.roa
File:                     hZf09ha9CJ_Bkq4vbuYfs0jMHSs.roa (raw, json)
Hash identifier:          wnczOOTaJJeEL3WuiumF9VQLYx7pAt2GSQS0NVil6R4=
Subject key identifier:   85:97:F4:F6:16:BD:08:9F:C1:92:AE:2F:6E:E6:1F:B3:48:CC:1D:2B
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C5F722C80A72219FA0D7FC2261B8B
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hZf09ha9CJ_Bkq4vbuYfs0jMHSs.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207304
IP address blocks:        2a12:bec0:360::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5f:72:2c:80:a7:22:19:fa:0d:7f:c2:26:1b:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8597f4f616bd089fc192ae2f6ee61fb348cc1d2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f4:96:0c:60:86:49:7b:71:86:28:71:cc:ff:
                    3c:73:0e:a2:9d:3e:39:fc:0a:4b:ac:bd:a0:cd:36:
                    d6:1e:e5:ab:db:5f:1b:32:71:ed:ab:8a:d5:8e:d7:
                    a8:a3:a2:a5:0a:37:54:14:e6:67:70:6c:54:62:f6:
                    b2:1e:5b:bf:4e:6a:c0:fe:09:f4:14:18:20:a6:59:
                    8d:9b:5a:64:09:5a:5f:3d:01:0e:0e:a8:8a:75:4c:
                    bb:e5:42:2b:ec:11:77:80:51:58:dd:6e:44:0b:16:
                    b5:92:e8:cc:15:96:b6:d1:b5:cf:3d:59:dc:13:94:
                    d1:54:14:e8:95:12:02:16:b5:c5:2c:c8:28:ff:96:
                    46:80:e0:38:86:8c:21:86:46:30:f3:d5:f1:db:eb:
                    c0:f3:6c:3e:19:06:e9:bc:35:89:ef:28:9e:de:4b:
                    d8:3f:02:f3:36:a8:87:f0:36:c7:85:5c:fd:39:91:
                    9a:bf:fd:a5:83:ff:d9:6f:b6:41:a0:71:76:a3:5e:
                    69:35:9e:b4:27:32:ff:c3:00:aa:69:62:f4:7b:e3:
                    18:e6:35:49:c0:9d:fc:ee:d1:6b:bd:a8:32:b1:bd:
                    27:53:85:4a:d3:60:80:5b:9f:94:91:86:9c:51:f8:
                    6f:d0:5d:ac:77:1d:78:b6:3a:77:11:ec:65:ef:04:
                    89:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:97:F4:F6:16:BD:08:9F:C1:92:AE:2F:6E:E6:1F:B3:48:CC:1D:2B
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hZf09ha9CJ_Bkq4vbuYfs0jMHSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:360::/44

    Signature Algorithm: sha256WithRSAEncryption
         86:27:43:d8:12:88:b8:a2:36:69:09:bc:97:c5:fc:49:1a:71:
         08:f1:e1:0b:bb:f6:b4:3d:e9:fc:38:87:25:94:e0:d4:1c:74:
         9f:ab:35:02:e3:97:5b:79:93:eb:ca:83:67:ad:dd:12:b9:9b:
         54:a2:0f:e9:78:f0:bd:66:28:6c:7a:31:51:6a:36:ad:0c:0b:
         9e:4a:5c:06:6a:65:f3:4d:bd:f5:35:1c:1b:b4:ec:6c:08:cb:
         7e:05:6d:01:e3:72:56:de:c7:93:e3:8e:58:ba:ce:3c:48:71:
         be:40:48:4a:8d:10:a7:6d:2f:3c:57:aa:a3:fd:ea:11:97:b9:
         72:b5:eb:85:20:42:37:ba:a0:d3:96:d9:28:ba:a1:ce:01:2f:
         91:5f:3d:8f:54:a5:b4:ba:db:56:b6:8e:40:e4:27:19:0d:80:
         93:0f:c2:59:34:26:0f:4f:45:a9:01:03:11:0a:db:8f:31:41:
         fc:55:70:98:ea:43:d4:77:0b:fa:63:e4:a2:f5:c5:7c:af:d6:
         87:22:2e:0b:a7:f9:e5:af:34:d0:07:c7:bd:18:a1:cc:45:20:
         cc:0e:0e:fa:b4:f9:bd:89:34:93:30:f8:60:0d:16:90:a8:c4:
         fa:fa:f6:10:4b:46:d3:a5:a0:75:2a:93:e1:86:16:f5:d1:b0:
         d1:2a:b9:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjF9yLICnIhn6DX/CJhuLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTk3ZjRmNjE2YmQwODlmYzE5MmFlMmY2ZWU2MWZiMzQ4Y2MxZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vSWDGCGSXtxhihxzP88cw6inT45
/ApLrL2gzTbWHuWr218bMnHtq4rVjteoo6KlCjdUFOZncGxUYvayHlu/TmrA/gn0
FBggplmNm1pkCVpfPQEODqiKdUy75UIr7BF3gFFY3W5ECxa1kujMFZa20bXPPVnc
E5TRVBTolRICFrXFLMgo/5ZGgOA4howhhkYw89Xx2+vA82w+GQbpvDWJ7yie3kvY
PwLzNqiH8DbHhVz9OZGav/2lg//Zb7ZBoHF2o15pNZ60JzL/wwCqaWL0e+MY5jVJ
wJ387tFrvagysb0nU4VK02CAW5+UkYacUfhv0F2sdx14tjp3Eexl7wSJcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIWX9PYWvQifwZKuL27mH7NIzB0rMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvaFpmMDloYTlDSl9Ca3E0dmJ1WWZzMGpNSFNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wANg
MA0GCSqGSIb3DQEBCwUAA4IBAQCGJ0PYEoi4ojZpCbyXxfxJGnEI8eELu/a0Pen8
OIcllODUHHSfqzUC45dbeZPryoNnrd0SuZtUog/pePC9ZihsejFRajatDAueSlwG
amXzTb31NRwbtOxsCMt+BW0B43JW3seT445Yus48SHG+QEhKjRCnbS88V6qj/eoR
l7lyteuFIEI3uqDTltkouqHOAS+RXz2PVKW0uttWto5A5CcZDYCTD8JZNCYPT0Wp
AQMRCtuPMUH8VXCY6kPUdwv6Y+Si9cV8r9aHIi4Lp/nlrzTQB8e9GKHMRSDMDg76
tPm9iTSTMPhgDRaQqMT6+vYQS0bTpaB1KpPhhhb10bDRKrlv
-----END CERTIFICATE-----