Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/r7JaDgf71LO1lP2HxILnuj0Jo8A.roa
File:                     r7JaDgf71LO1lP2HxILnuj0Jo8A.roa (raw, json)
Hash identifier:          /0Zx3CMi5A7S3xDTnytGY3MARVJ6j9S7/GH0Yp0neME=
Subject key identifier:   AF:B2:5A:0E:07:FB:D4:B3:B5:94:FD:87:C4:82:E7:BA:3D:09:A3:C0
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C5F2F92599E58F08A15028DCE6E66
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/r7JaDgf71LO1lP2HxILnuj0Jo8A.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206444
IP address blocks:        2a12:bec1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 15:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5f:2f:92:59:9e:58:f0:8a:15:02:8d:ce:6e:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afb25a0e07fbd4b3b594fd87c482e7ba3d09a3c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fc:ff:80:72:53:68:a8:00:80:94:28:f9:bd:
                    3e:c0:61:f0:ef:09:36:25:6c:5a:30:d9:cf:7f:43:
                    0c:96:10:b4:2a:1e:ed:d0:4e:b2:ee:15:fc:6a:50:
                    f5:3e:7f:30:e3:59:5a:e8:1d:bc:ae:48:e4:ff:df:
                    15:48:41:fb:ed:29:19:9c:62:77:91:14:0c:22:38:
                    80:0d:bd:5f:85:af:ec:fc:9d:7a:12:7d:19:dd:05:
                    12:4e:c3:96:6a:d4:e5:7d:8d:64:a8:87:4c:73:22:
                    5d:51:71:80:c2:c3:0a:d4:65:12:db:67:94:4e:6e:
                    d0:2b:69:5c:c1:d5:4c:bb:d1:49:77:58:ee:0b:aa:
                    14:df:de:41:60:1a:8d:56:7b:77:cf:9e:44:62:14:
                    71:8b:e5:24:c8:53:cf:e4:33:c2:45:8d:c2:07:2d:
                    88:be:fc:03:96:ea:28:ca:3f:bb:88:1d:19:87:d7:
                    ce:45:dd:0a:d1:1d:37:87:0d:3b:d2:20:37:9f:f6:
                    6b:54:8f:4d:e3:7c:da:04:75:30:2a:c5:98:63:b6:
                    d3:48:65:19:88:2c:7f:31:a6:6e:fd:ed:75:25:8f:
                    31:fb:d1:4e:3f:9a:ca:f8:5d:b2:40:07:fc:12:c8:
                    5a:f8:e4:a6:2c:c4:20:59:7c:29:b1:4c:40:80:f6:
                    eb:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:B2:5A:0E:07:FB:D4:B3:B5:94:FD:87:C4:82:E7:BA:3D:09:A3:C0
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/r7JaDgf71LO1lP2HxILnuj0Jo8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec1::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:86:ae:3c:c7:30:c6:98:ae:8e:f1:6f:31:e7:c3:34:6b:74:
         47:af:12:9e:70:8d:09:2c:3f:f2:69:60:f2:57:3a:84:6e:eb:
         45:39:53:44:ee:ed:52:ad:60:a3:5e:17:d7:ae:d5:e3:2c:ae:
         e5:16:01:9a:83:dd:80:d8:be:c3:40:cf:99:c6:39:ea:b6:ce:
         2e:a0:13:84:fc:71:a5:aa:6a:5a:23:c5:dd:80:5b:4e:28:80:
         63:7a:11:6c:7e:9e:aa:3d:c9:8f:23:7d:a2:1e:dc:f5:41:f6:
         63:81:48:ed:8d:93:53:92:ff:44:a6:86:70:22:57:08:d0:b8:
         25:f7:47:0d:b7:e4:65:cc:c8:bc:26:f2:85:d2:4b:fa:9b:48:
         09:af:7a:a2:d3:59:0d:c8:26:63:0f:3a:79:db:b5:99:85:17:
         68:3c:a7:6b:d6:e6:74:c9:3e:3c:8a:0b:04:29:e3:16:69:72:
         ae:56:9f:7c:72:96:13:9e:99:36:23:3d:e7:64:f1:2f:cd:b1:
         61:a6:9f:e0:ce:88:ff:ee:df:9e:87:65:a1:55:46:ef:31:ef:
         08:54:24:b2:40:b0:a7:77:0c:54:dd:91:97:c3:fd:06:ba:19:
         fc:5f:03:b3:52:f8:f8:c5:85:7f:47:03:ec:d7:c0:3c:bc:4c:
         9a:cc:2b:02
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjF8vklmeWPCKFQKNzm5mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmIyNWEwZTA3ZmJkNGIzYjU5NGZkODdjNDgyZTdiYTNkMDlhM2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvz/gHJTaKgAgJQo+b0+wGHw7wk2
JWxaMNnPf0MMlhC0Kh7t0E6y7hX8alD1Pn8w41la6B28rkjk/98VSEH77SkZnGJ3
kRQMIjiADb1fha/s/J16En0Z3QUSTsOWatTlfY1kqIdMcyJdUXGAwsMK1GUS22eU
Tm7QK2lcwdVMu9FJd1juC6oU395BYBqNVnt3z55EYhRxi+UkyFPP5DPCRY3CBy2I
vvwDluooyj+7iB0Zh9fORd0K0R03hw070iA3n/ZrVI9N43zaBHUwKsWYY7bTSGUZ
iCx/MaZu/e11JY8x+9FOP5rK+F2yQAf8Esha+OSmLMQgWXwpsUxAgPbr9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK+yWg4H+9SztZT9h8SC57o9CaPAMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvcjdKYURnZjcxTE8xbFAySHhJTG51ajBKbzhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhK+wTAN
BgkqhkiG9w0BAQsFAAOCAQEARIauPMcwxpiujvFvMefDNGt0R68SnnCNCSw/8mlg
8lc6hG7rRTlTRO7tUq1go14X167V4yyu5RYBmoPdgNi+w0DPmcY56rbOLqAThPxx
papqWiPF3YBbTiiAY3oRbH6eqj3JjyN9oh7c9UH2Y4FI7Y2TU5L/RKaGcCJXCNC4
JfdHDbfkZczIvCbyhdJL+ptICa96otNZDcgmYw86edu1mYUXaDyna9bmdMk+PIoL
BCnjFmlyrlaffHKWE56ZNiM952TxL82xYaaf4M6I/+7fnodloVVG7zHvCFQkskCw
p3cMVN2Rl8P9BroZ/F8Ds1L4+MWFf0cD7NfAPLxMmswrAg==
-----END CERTIFICATE-----