Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/kktVrKnsiDUU7gNmEqeYqsq7Ios.roa
File:                     kktVrKnsiDUU7gNmEqeYqsq7Ios.roa (raw, json)
Hash identifier:          F5UKNKW8tVgaASZAalAz3fuxE+KpUqO5rqEHcmpH1bE=
Subject key identifier:   92:4B:55:AC:A9:EC:88:35:14:EE:03:66:12:A7:98:AA:CA:BB:22:8B
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C6B8808DC76B0E3236213E812E011
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/kktVrKnsiDUU7gNmEqeYqsq7Ios.roa
Signing time:             Wed 01 Jan 2025 01:48:03 +0000
ROA not before:           Wed 01 Jan 2025 01:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215052
IP address blocks:        2a12:bec4:11d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:6b:88:08:dc:76:b0:e3:23:62:13:e8:12:e0:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=924b55aca9ec883514ee036612a798aacabb228b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:62:3c:ce:49:a9:54:a5:26:cd:e6:e9:ab:21:
                    16:0f:96:2b:92:84:9f:05:ba:24:a9:0f:11:c5:bb:
                    01:e0:2e:d2:34:54:08:52:2e:6f:40:6c:97:b2:1d:
                    62:cb:31:74:3f:6b:8e:c4:c0:da:5b:ab:c1:69:dd:
                    f9:31:ea:31:7b:a0:17:98:0a:57:ef:a6:96:87:c5:
                    1a:09:03:07:01:c1:b6:41:c1:ac:91:c9:5c:4b:f8:
                    1e:e9:2c:48:86:9e:76:5f:c7:23:44:6e:bb:2c:d6:
                    da:50:e2:50:4a:33:3b:3a:de:3e:1b:83:2b:66:d4:
                    74:59:79:bd:26:17:98:19:94:b6:d3:83:fe:d7:b3:
                    70:c2:ee:de:c4:4e:b7:0d:29:4d:f6:74:25:62:e0:
                    12:7e:bc:4d:6f:bd:93:c0:89:7e:68:6c:e8:5b:f5:
                    90:38:2f:47:a6:0c:48:d7:4e:b9:ed:aa:b2:d8:5d:
                    45:c0:d1:2f:c1:46:ff:5e:cd:3b:a3:fc:50:c4:7b:
                    34:77:a0:ec:46:04:8d:b7:f7:da:63:aa:e4:2f:c2:
                    c4:10:32:af:40:59:93:e5:0a:de:4d:ff:35:f7:b0:
                    ed:d5:f5:7b:69:5e:3d:23:99:ad:6c:5f:ef:a7:57:
                    6c:3f:49:d6:1d:a5:89:6f:a3:8a:d4:da:e3:14:0c:
                    77:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:4B:55:AC:A9:EC:88:35:14:EE:03:66:12:A7:98:AA:CA:BB:22:8B
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/kktVrKnsiDUU7gNmEqeYqsq7Ios.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:11d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         2f:99:e1:4b:01:4a:ac:17:b7:ac:50:3f:bf:86:9e:d4:52:25:
         5c:48:c3:4b:f0:a4:c9:a0:ec:98:f7:32:b8:00:9f:dd:be:a5:
         10:ad:dd:11:3e:6f:8f:db:cb:03:16:2a:4b:80:dc:b0:92:b7:
         13:a8:9f:b4:82:44:9a:61:16:cf:4e:f0:7f:47:5b:65:38:73:
         36:53:4a:64:56:5b:67:38:44:47:38:1d:4d:7b:1e:a6:a2:19:
         84:80:2f:08:0c:92:e6:fc:c8:72:6a:67:f6:cc:01:e9:54:07:
         52:f9:f6:89:7f:22:cb:81:e8:54:f9:95:b8:a5:b6:62:0d:81:
         d0:bd:dd:5a:ca:50:91:a5:4c:93:9a:4b:2e:cd:bf:f8:34:62:
         ec:be:0d:e6:94:dd:36:48:5b:2c:dc:fb:42:83:e0:11:a6:7e:
         54:09:ca:d4:aa:91:d2:b6:cb:e1:a7:fb:20:c4:63:cc:64:b1:
         66:6c:47:9f:3d:f1:8f:9a:a8:25:f1:86:f1:50:6f:63:e2:31:
         49:c4:2b:e7:4e:06:a8:aa:0a:0f:b6:57:05:4c:62:3b:49:37:
         ff:74:aa:2f:64:06:a2:84:f8:f7:99:cc:0f:23:c0:78:d6:ab:
         c7:81:f4:8d:e2:4a:52:ee:7a:7d:29:c8:17:a7:ad:94:8a:4d:
         2d:ec:38:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjGuICNx2sOMjYhPoEuARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjRiNTVhY2E5ZWM4ODM1MTRlZTAzNjYxMmE3OThhYWNhYmIyMjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GI8zkmpVKUmzebpqyEWD5YrkoSf
BbokqQ8RxbsB4C7SNFQIUi5vQGyXsh1iyzF0P2uOxMDaW6vBad35Meoxe6AXmApX
76aWh8UaCQMHAcG2QcGskclcS/ge6SxIhp52X8cjRG67LNbaUOJQSjM7Ot4+G4Mr
ZtR0WXm9JheYGZS204P+17Nwwu7exE63DSlN9nQlYuASfrxNb72TwIl+aGzoW/WQ
OC9HpgxI10657aqy2F1FwNEvwUb/Xs07o/xQxHs0d6DsRgSNt/faY6rkL8LEEDKv
QFmT5QreTf8197Dt1fV7aV49I5mtbF/vp1dsP0nWHaWJb6OK1NrjFAx3yQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJJLVayp7Ig1FO4DZhKnmKrKuyKLMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEva2t0VnJLbnNpRFVVN2dObUVxZVlxc3E3SW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAvmeFLAUqsF7esUD+/hp7UUiVcSMNL8KTJoOyY
9zK4AJ/dvqUQrd0RPm+P28sDFipLgNywkrcTqJ+0gkSaYRbPTvB/R1tlOHM2U0pk
VltnOERHOB1Nex6mohmEgC8IDJLm/Mhyamf2zAHpVAdS+faJfyLLgehU+ZW4pbZi
DYHQvd1aylCRpUyTmksuzb/4NGLsvg3mlN02SFss3PtCg+ARpn5UCcrUqpHStsvh
p/sgxGPMZLFmbEefPfGPmqgl8YbxUG9j4jFJxCvnTgaoqgoPtlcFTGI7STf/dKov
ZAaihPj3mcwPI8B41qvHgfSN4kpS7np9KcgXp62Uik0t7DjE
-----END CERTIFICATE-----