Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/sPMkm-HN0b1QgvdhQgyKy2MlLCs.roa
File:                     sPMkm-HN0b1QgvdhQgyKy2MlLCs.roa (raw, json)
Hash identifier:          QHX5vM36CX+tpoXgSvdMGxBtsPrsApJ8r00v+rfBSUA=
Subject key identifier:   B0:F3:24:9B:E1:CD:D1:BD:50:82:F7:61:42:0C:8A:CB:63:25:2C:2B
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C504BBE029BC19745F99ABF92E4C6
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/sPMkm-HN0b1QgvdhQgyKy2MlLCs.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198699
IP address blocks:        2a12:bec0:320::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:50:4b:be:02:9b:c1:97:45:f9:9a:bf:92:e4:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0f3249be1cdd1bd5082f761420c8acb63252c2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1a:c0:13:49:fa:f2:e3:15:90:71:95:19:60:
                    95:fc:37:1c:dd:06:b6:0d:71:cc:8a:b7:15:db:eb:
                    58:4b:33:e8:cc:0f:e7:37:0f:d6:31:06:19:73:1e:
                    77:fc:a3:2c:d1:4f:9f:95:8e:e6:b3:26:e1:8a:a1:
                    6f:87:bb:f9:21:04:30:bb:87:56:82:1f:bb:cc:20:
                    27:2c:71:ca:4b:e7:21:53:44:51:30:76:d6:c5:58:
                    4b:8e:15:7a:56:04:e7:f3:31:66:b7:cc:82:5a:51:
                    54:bf:1b:16:eb:e8:29:cb:46:18:76:fc:0f:32:f6:
                    34:c2:c6:9c:25:1d:14:b1:01:a6:42:1d:b3:5f:3d:
                    06:57:1c:d4:4d:8d:eb:06:ef:ec:df:6a:18:67:b9:
                    22:3a:05:d5:47:33:fd:21:f6:b8:9b:be:d3:03:ef:
                    a2:ab:4a:01:6d:05:b8:ef:ee:4c:4c:39:ad:55:bb:
                    8d:ae:3e:72:71:c8:4a:63:9b:7a:b8:b0:7b:0e:61:
                    8b:de:c7:6b:0c:30:ee:85:7a:33:c1:47:9b:ef:eb:
                    11:d2:58:e2:f5:f0:1a:00:3a:bf:98:3f:a2:8a:71:
                    b9:8f:6c:51:9b:84:0c:ba:8a:23:b4:4f:88:c0:2d:
                    59:23:8d:ba:f1:57:d8:43:37:af:fc:34:f1:03:4e:
                    8e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F3:24:9B:E1:CD:D1:BD:50:82:F7:61:42:0C:8A:CB:63:25:2C:2B
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/sPMkm-HN0b1QgvdhQgyKy2MlLCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:320::/44

    Signature Algorithm: sha256WithRSAEncryption
         c3:2f:b2:b3:f3:3d:93:f5:14:62:a1:b0:84:f8:cd:32:e9:e7:
         7b:31:e0:0e:c7:f9:e5:d0:ac:91:03:fb:90:0a:fc:1b:45:53:
         23:ea:62:f8:be:7e:60:d4:f0:d1:48:27:78:45:ea:44:7c:51:
         b6:d9:40:aa:5d:e2:42:1a:62:90:9b:c5:67:6b:14:d0:de:f4:
         75:46:f5:a8:0b:85:d4:08:36:b4:c6:40:00:10:db:11:c6:ec:
         27:3e:e3:40:94:d7:03:09:b9:96:08:6d:03:3c:d6:55:fd:73:
         2d:e9:07:23:2d:7c:b6:39:fb:74:bd:d7:7e:fc:be:86:36:7c:
         39:2e:ea:f9:0c:e5:ad:8f:71:fa:49:27:c4:c6:36:ba:b8:b1:
         20:08:07:b0:40:4d:28:0b:20:1d:1a:ce:76:5e:b5:ab:2a:16:
         a6:ea:b5:9d:99:a6:ca:85:e0:6d:5b:26:24:fc:3f:48:f6:04:
         a5:56:19:fc:3e:47:e4:41:b7:78:53:b7:83:58:ee:5e:8b:3a:
         a3:0d:8e:b6:1b:89:55:3b:1c:38:70:68:8b:19:6d:a6:a2:b7:
         70:62:43:77:9b:28:11:73:1e:32:a5:f1:d0:4c:55:89:87:e6:
         c0:05:bb:fd:24:24:ec:73:42:24:f6:d7:7e:90:73:f3:14:a5:
         4e:44:c1:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjFBLvgKbwZdF+Zq/kuTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGYzMjQ5YmUxY2RkMWJkNTA4MmY3NjE0MjBjOGFjYjYzMjUyYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhrAE0n68uMVkHGVGWCV/Dcc3Qa2
DXHMircV2+tYSzPozA/nNw/WMQYZcx53/KMs0U+flY7msybhiqFvh7v5IQQwu4dW
gh+7zCAnLHHKS+chU0RRMHbWxVhLjhV6VgTn8zFmt8yCWlFUvxsW6+gpy0YYdvwP
MvY0wsacJR0UsQGmQh2zXz0GVxzUTY3rBu/s32oYZ7kiOgXVRzP9Ifa4m77TA++i
q0oBbQW47+5MTDmtVbuNrj5ycchKY5t6uLB7DmGL3sdrDDDuhXozwUeb7+sR0lji
9fAaADq/mD+iinG5j2xRm4QMuoojtE+IwC1ZI4268VfYQzev/DTxA06OyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLDzJJvhzdG9UIL3YUIMistjJSwrMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvc1BNa20tSE4wYjFRZ3ZkaFFneUt5Mk1sTENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAMg
MA0GCSqGSIb3DQEBCwUAA4IBAQDDL7Kz8z2T9RRiobCE+M0y6ed7MeAOx/nl0KyR
A/uQCvwbRVMj6mL4vn5g1PDRSCd4RepEfFG22UCqXeJCGmKQm8VnaxTQ3vR1RvWo
C4XUCDa0xkAAENsRxuwnPuNAlNcDCbmWCG0DPNZV/XMt6QcjLXy2Oft0vdd+/L6G
Nnw5Lur5DOWtj3H6SSfExja6uLEgCAewQE0oCyAdGs52XrWrKham6rWdmabKheBt
WyYk/D9I9gSlVhn8PkfkQbd4U7eDWO5eizqjDY62G4lVOxw4cGiLGW2mordwYkN3
mygRcx4ypfHQTFWJh+bABbv9JCTsc0Ik9td+kHPzFKVORMFS
-----END CERTIFICATE-----