Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/pUOSqJr9rv6lwukeZSU63glqdIQ.roa
File:                     pUOSqJr9rv6lwukeZSU63glqdIQ.roa (raw, json)
Hash identifier:          gfM0lVVByjMicqu2cQw6a32hwY+uCduCISLcqr1SX2g=
Subject key identifier:   A5:43:92:A8:9A:FD:AE:FE:A5:C2:E9:1E:65:25:3A:DE:09:6A:74:84
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C749286E2491D79523BBD99B2AF92
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/pUOSqJr9rv6lwukeZSU63glqdIQ.roa
Signing time:             Wed 01 Jan 2025 01:48:06 +0000
ROA not before:           Wed 01 Jan 2025 01:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215804
IP address blocks:        2a12:bec0:610::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:74:92:86:e2:49:1d:79:52:3b:bd:99:b2:af:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a54392a89afdaefea5c2e91e65253ade096a7484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e6:61:33:c4:26:c2:2f:3c:a3:ed:b5:85:64:
                    40:b8:d5:87:b1:74:ad:ce:79:ae:0f:bc:da:19:9a:
                    0d:c3:dc:1d:ee:61:37:10:97:c0:ab:06:cf:f5:f2:
                    e3:4b:56:87:e2:af:3d:29:1a:f1:f7:09:e0:c0:aa:
                    c2:dd:02:d1:56:f4:f7:e8:a1:85:57:9a:92:1f:bc:
                    3f:2c:32:b3:92:01:43:11:ef:89:19:1f:54:ac:a1:
                    32:a3:b2:76:64:78:bd:e6:b4:f5:81:8d:65:97:17:
                    79:98:5d:bd:d0:6a:ee:c6:ab:14:5e:c6:cc:c1:8a:
                    e8:e0:4a:04:8a:c3:93:c3:3c:a0:7f:93:b4:a7:3a:
                    d1:18:59:65:7d:3d:c1:08:66:f8:81:1d:6a:f9:eb:
                    f2:8c:ed:e4:04:f2:2b:04:fd:e8:74:57:ae:62:f8:
                    70:4c:db:30:22:17:75:b2:a2:40:96:f8:ea:2d:97:
                    a3:b6:6c:dd:85:66:3a:e0:c7:58:04:08:a8:1a:0c:
                    1a:28:21:b1:ef:49:b3:de:16:b9:7d:1e:b2:b2:98:
                    72:c2:de:e0:0a:d8:33:54:b2:60:1e:57:8c:2f:32:
                    90:35:ac:da:d9:93:8f:08:ef:cc:b0:89:d6:80:a1:
                    29:e3:4f:e0:9a:8f:1e:db:79:eb:b2:b2:d8:ae:8c:
                    d5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:43:92:A8:9A:FD:AE:FE:A5:C2:E9:1E:65:25:3A:DE:09:6A:74:84
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/pUOSqJr9rv6lwukeZSU63glqdIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:610::/44

    Signature Algorithm: sha256WithRSAEncryption
         c4:fc:55:1e:18:03:4d:11:ba:49:4e:9f:6c:6c:61:48:a3:1e:
         73:ac:fc:04:c3:2d:a8:35:90:b5:e7:fd:aa:5d:c5:37:00:44:
         7e:1b:58:8c:b8:3d:1d:7c:2c:ee:aa:95:fb:1a:ab:a6:0d:b0:
         3a:d5:23:ea:6e:79:1c:1b:b7:da:2a:ff:af:44:fd:51:71:17:
         b3:1c:5a:ec:d6:42:21:eb:5c:42:c3:d7:30:98:f9:7d:3d:ad:
         65:b9:18:a0:06:c3:f5:c8:38:5e:d1:53:e7:03:37:33:77:cc:
         fd:9b:36:6e:0e:ce:f2:3b:11:41:bf:9b:74:23:db:6a:86:ee:
         2f:ff:b9:c1:5f:a9:2c:9f:aa:ab:77:62:34:7e:49:a5:f7:9e:
         d0:2c:12:6d:75:74:57:31:ff:d1:bd:c1:ff:e6:35:01:22:c6:
         61:90:b7:5d:30:f8:02:f1:a1:f9:f6:a2:ff:c7:6a:1e:a6:2b:
         cd:e8:dd:60:9f:0f:c2:51:22:2d:e3:cc:52:fa:66:ab:ec:30:
         e6:1b:46:43:c3:fb:06:69:d3:63:4f:49:a8:a1:b0:b7:43:3a:
         99:70:2a:98:15:8d:5d:29:e0:76:43:e7:9c:bd:9a:bd:a8:d9:
         5c:d3:25:83:8e:4f:23:e1:77:de:5d:5e:e1:3a:52:48:8f:38:
         c7:15:eb:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHSShuJJHXlSO72Zsq+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQzOTJhODlhZmRhZWZlYTVjMmU5MWU2NTI1M2FkZTA5NmE3NDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOZhM8Qmwi88o+21hWRAuNWHsXSt
znmuD7zaGZoNw9wd7mE3EJfAqwbP9fLjS1aH4q89KRrx9wngwKrC3QLRVvT36KGF
V5qSH7w/LDKzkgFDEe+JGR9UrKEyo7J2ZHi95rT1gY1llxd5mF290GruxqsUXsbM
wYro4EoEisOTwzygf5O0pzrRGFllfT3BCGb4gR1q+evyjO3kBPIrBP3odFeuYvhw
TNswIhd1sqJAlvjqLZejtmzdhWY64MdYBAioGgwaKCGx70mz3ha5fR6ysphywt7g
CtgzVLJgHleMLzKQNaza2ZOPCO/MsInWgKEp40/gmo8e23nrsrLYrozVRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKVDkqia/a7+pcLpHmUlOt4JanSEMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvcFVPU3FKcjlydjZsd3VrZVpTVTYzZ2xxZElRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAYQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDE/FUeGANNEbpJTp9sbGFIox5zrPwEwy2oNZC1
5/2qXcU3AER+G1iMuD0dfCzuqpX7GqumDbA61SPqbnkcG7faKv+vRP1RcRezHFrs
1kIh61xCw9cwmPl9Pa1luRigBsP1yDhe0VPnAzczd8z9mzZuDs7yOxFBv5t0I9tq
hu4v/7nBX6ksn6qrd2I0fkml957QLBJtdXRXMf/RvcH/5jUBIsZhkLddMPgC8aH5
9qL/x2oepivN6N1gnw/CUSIt48xS+mar7DDmG0ZDw/sGadNjT0moobC3QzqZcCqY
FY1dKeB2Q+ecvZq9qNlc0yWDjk8j4XfeXV7hOlJIjzjHFevu
-----END CERTIFICATE-----