Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/q84dOAJDfHu9g-mB6jLpfIgc3xs.roa
File:                     q84dOAJDfHu9g-mB6jLpfIgc3xs.roa (raw, json)
Hash identifier:          XqlpRbfQoEZiibqZ6rGrPOWpMCR0JyMdG6/t2bS//Vc=
Subject key identifier:   AB:CE:1D:38:02:43:7C:7B:BD:83:E9:81:EA:32:E9:7C:88:1C:DF:1B
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C649279E4DC9D0433440559231691
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/q84dOAJDfHu9g-mB6jLpfIgc3xs.roa
Signing time:             Wed 01 Jan 2025 01:48:02 +0000
ROA not before:           Wed 01 Jan 2025 01:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214062
IP address blocks:        2a12:bec4:1580::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:64:92:79:e4:dc:9d:04:33:44:05:59:23:16:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abce1d3802437c7bbd83e981ea32e97c881cdf1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f7:4c:3a:de:65:90:4e:21:3a:cb:78:c7:35:
                    da:94:e2:f8:64:2e:d1:8c:a5:9e:e4:58:69:36:b5:
                    9b:1d:e3:3a:69:66:c6:56:0b:ed:0f:7e:db:a7:d7:
                    6c:db:e4:30:d3:aa:7c:2d:e2:28:51:70:ae:a8:a2:
                    d7:41:62:bd:f4:76:8f:fb:72:e7:85:e5:a6:76:98:
                    ef:36:57:bb:d4:4b:03:5d:01:0a:5a:32:dd:06:d6:
                    40:a5:fd:59:c2:93:7d:03:9c:f0:01:b9:17:7b:ab:
                    38:d9:44:b8:c8:07:fd:e1:93:95:3e:72:4a:51:e9:
                    cd:02:ea:44:8c:95:83:12:4f:44:e6:9c:d0:d0:82:
                    69:95:21:41:3b:86:5d:50:97:35:b1:66:49:ce:f4:
                    76:15:c7:16:1c:a7:d4:59:ca:78:cf:47:33:0e:f0:
                    0f:22:87:22:10:9b:eb:ac:98:a9:a8:ec:0d:f5:7c:
                    a2:aa:48:d6:c7:f1:ed:e7:79:1c:2b:f5:95:72:6c:
                    2a:2d:55:57:24:4f:e6:9c:49:b7:05:40:a5:b9:6e:
                    2f:e2:0c:f1:3a:8e:93:ae:74:1d:0b:52:01:cc:13:
                    f5:2a:3a:26:09:24:c8:84:d7:46:a3:18:70:c2:c3:
                    10:74:c1:e8:b1:b3:18:7b:a9:98:65:26:c6:4d:61:
                    9e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:CE:1D:38:02:43:7C:7B:BD:83:E9:81:EA:32:E9:7C:88:1C:DF:1B
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/q84dOAJDfHu9g-mB6jLpfIgc3xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1580::/44

    Signature Algorithm: sha256WithRSAEncryption
         32:4a:c9:c9:5a:3b:0f:b9:ea:f3:b7:d1:48:50:47:47:c2:2d:
         61:87:1d:69:01:59:73:b5:56:26:5c:a6:45:6b:d8:62:32:e9:
         af:15:90:34:7c:b7:f3:d5:b4:15:aa:1a:50:5f:43:2f:a8:e0:
         b5:8e:7d:8b:f7:49:1b:08:09:e0:b8:e8:fd:da:04:a5:ea:30:
         dc:19:dc:9f:8a:06:b2:13:dc:3b:3e:89:08:a8:1a:8f:c1:37:
         f7:2a:e5:23:8a:57:51:a4:68:62:df:eb:2e:3d:6a:4d:30:64:
         47:66:d6:25:f8:19:65:f8:8a:3a:3f:b7:bb:5e:19:ae:81:37:
         13:2a:ce:46:11:a5:ff:e9:df:11:20:2c:49:4d:2c:7f:88:4e:
         ae:94:cc:4f:f7:94:75:38:ee:d0:db:05:57:08:9c:ce:b5:37:
         e8:71:f1:ca:2a:da:3b:ac:9a:e4:26:cc:bc:30:f2:bf:40:13:
         d4:5c:08:82:67:87:2c:17:ec:2c:6e:72:9b:0e:48:68:cc:f1:
         f8:21:89:9c:8e:ac:b8:46:ed:d9:cb:14:de:6a:b4:04:e2:05:
         38:f7:ac:87:ab:30:88:eb:eb:8d:3a:4a:4d:cc:b2:fe:2b:cb:
         a9:10:df:fd:52:b1:80:08:cd:64:ca:8c:6f:99:50:63:7d:40:
         c3:7b:a4:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjGSSeeTcnQQzRAVZIxaRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmNlMWQzODAyNDM3YzdiYmQ4M2U5ODFlYTMyZTk3Yzg4MWNkZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfdMOt5lkE4hOst4xzXalOL4ZC7R
jKWe5FhpNrWbHeM6aWbGVgvtD37bp9ds2+Qw06p8LeIoUXCuqKLXQWK99HaP+3Ln
heWmdpjvNle71EsDXQEKWjLdBtZApf1ZwpN9A5zwAbkXe6s42US4yAf94ZOVPnJK
UenNAupEjJWDEk9E5pzQ0IJplSFBO4ZdUJc1sWZJzvR2FccWHKfUWcp4z0czDvAP
IociEJvrrJipqOwN9XyiqkjWx/Ht53kcK/WVcmwqLVVXJE/mnEm3BUCluW4v4gzx
Oo6TrnQdC1IBzBP1KjomCSTIhNdGoxhwwsMQdMHosbMYe6mYZSbGTWGeCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKvOHTgCQ3x7vYPpgeoy6XyIHN8bMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvcTg0ZE9BSkRmSHU5Zy1tQjZqTHBmSWdjM3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBWA
MA0GCSqGSIb3DQEBCwUAA4IBAQAySsnJWjsPuerzt9FIUEdHwi1hhx1pAVlztVYm
XKZFa9hiMumvFZA0fLfz1bQVqhpQX0MvqOC1jn2L90kbCAnguOj92gSl6jDcGdyf
igayE9w7PokIqBqPwTf3KuUjildRpGhi3+suPWpNMGRHZtYl+Bll+Io6P7e7Xhmu
gTcTKs5GEaX/6d8RICxJTSx/iE6ulMxP95R1OO7Q2wVXCJzOtTfocfHKKto7rJrk
Jsy8MPK/QBPUXAiCZ4csF+wsbnKbDkhozPH4IYmcjqy4Ru3ZyxTearQE4gU496yH
qzCI6+uNOkpNzLL+K8upEN/9UrGACM1kyoxvmVBjfUDDe6Qw
-----END CERTIFICATE-----