Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/tA4QR6yoGWGnKrzjJY5sD7j2i-U.roa
File:                     tA4QR6yoGWGnKrzjJY5sD7j2i-U.roa (raw, json)
Hash identifier:          L/KGt2peAG1Id1pXRy9TSVjB4TccFTuFHyCVyAfhdxg=
Subject key identifier:   B4:0E:10:47:AC:A8:19:61:A7:2A:BC:E3:25:8E:6C:0F:B8:F6:8B:E5
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C737911623CC120CCAE636F1A6CE9
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/tA4QR6yoGWGnKrzjJY5sD7j2i-U.roa
Signing time:             Wed 01 Jan 2025 01:48:05 +0000
ROA not before:           Wed 01 Jan 2025 01:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215791
IP address blocks:        2a12:bec0:630::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:73:79:11:62:3c:c1:20:cc:ae:63:6f:1a:6c:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b40e1047aca81961a72abce3258e6c0fb8f68be5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ec:c9:8d:87:5a:71:a0:0d:41:fa:2d:e1:40:
                    b8:ff:3f:6e:c4:a1:18:aa:26:09:70:01:0a:9f:f7:
                    60:0b:00:e9:92:f6:91:16:4c:a7:61:7f:fc:a1:47:
                    93:d1:7a:18:9b:72:d7:da:3c:bc:4e:5a:f6:b3:d8:
                    65:57:44:6a:8b:c9:d4:ff:e9:9f:8e:95:02:07:54:
                    c3:72:bd:fb:1a:a0:0e:ee:0b:fc:1b:15:63:32:fb:
                    6a:3c:1c:5d:ff:a9:a8:49:50:5e:3a:36:f7:8b:c2:
                    2e:68:d7:2b:36:03:24:9c:33:ea:7d:39:b8:d3:4f:
                    71:52:fe:3e:4c:44:77:1d:64:25:73:e3:73:04:73:
                    e8:db:b0:a8:fa:40:9f:5c:88:70:04:92:6b:10:a3:
                    14:48:c2:7c:83:e1:47:28:b5:8d:20:99:ec:d1:ed:
                    09:ba:48:cd:bb:d1:d6:84:b1:d0:2f:2c:a2:71:2e:
                    a5:75:d5:5b:40:5f:b4:54:12:c0:b5:e2:ac:60:9b:
                    67:50:0a:cf:03:3f:d2:2c:85:66:7b:76:9a:71:ba:
                    50:01:a6:91:47:c1:bc:3e:ca:50:a5:63:89:ef:47:
                    22:ee:a8:01:6d:15:c1:3a:c8:29:ef:56:2d:46:cd:
                    ab:93:f0:29:92:b7:21:bf:64:83:13:b0:9d:0f:c2:
                    a1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:0E:10:47:AC:A8:19:61:A7:2A:BC:E3:25:8E:6C:0F:B8:F6:8B:E5
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/tA4QR6yoGWGnKrzjJY5sD7j2i-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:630::/44

    Signature Algorithm: sha256WithRSAEncryption
         01:bc:26:91:b8:0f:18:75:40:cf:0b:33:77:50:65:4c:de:d8:
         d2:2c:80:a7:73:0c:82:ca:dc:db:b6:45:d0:db:c8:c5:ce:bb:
         0c:c4:b1:28:50:10:54:4f:2b:4a:aa:74:8f:e3:ea:53:2e:2c:
         97:0b:a3:de:df:0e:81:13:6b:a2:5e:7e:09:56:af:3a:4a:6a:
         6a:20:65:a0:42:a7:bd:21:60:4f:65:e5:7e:3b:a8:3d:2a:e0:
         16:3e:75:a2:9e:51:27:df:67:e7:d0:89:89:6a:cd:1f:3f:8a:
         2f:ba:ed:e4:0d:18:a9:d7:24:dc:b0:70:98:14:4d:8a:ca:af:
         cc:60:82:5f:21:d9:0b:b9:b0:8a:97:7a:65:62:cc:d9:c6:ce:
         22:cf:02:51:07:1c:ec:64:b3:fe:fe:81:99:81:f3:fa:04:e1:
         b1:65:23:0a:af:57:f3:7f:ad:77:80:0f:31:84:e6:35:09:19:
         47:b1:1a:d6:70:db:19:f6:b7:a1:d5:5b:77:be:47:b8:1f:e1:
         0a:93:cc:af:c4:ba:43:8e:20:11:f4:94:89:1d:58:50:29:a8:
         ff:b4:b9:0b:4e:cf:23:0b:bf:54:53:f5:0f:e7:34:e5:fd:50:
         20:a8:ce:fe:f1:2b:e1:ae:27:82:c4:02:38:fa:9b:ae:e6:2c:
         d0:26:79:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHN5EWI8wSDMrmNvGmzpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDBlMTA0N2FjYTgxOTYxYTcyYWJjZTMyNThlNmMwZmI4ZjY4YmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+zJjYdacaANQfot4UC4/z9uxKEY
qiYJcAEKn/dgCwDpkvaRFkynYX/8oUeT0XoYm3LX2jy8Tlr2s9hlV0Rqi8nU/+mf
jpUCB1TDcr37GqAO7gv8GxVjMvtqPBxd/6moSVBeOjb3i8IuaNcrNgMknDPqfTm4
009xUv4+TER3HWQlc+NzBHPo27Co+kCfXIhwBJJrEKMUSMJ8g+FHKLWNIJns0e0J
ukjNu9HWhLHQLyyicS6lddVbQF+0VBLAteKsYJtnUArPAz/SLIVme3aacbpQAaaR
R8G8PspQpWOJ70ci7qgBbRXBOsgp71YtRs2rk/Apkrchv2SDE7CdD8KhfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLQOEEesqBlhpyq84yWObA+49ovlMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvdEE0UVI2eW9HV0duS3J6akpZNXNEN2oyaS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAYw
MA0GCSqGSIb3DQEBCwUAA4IBAQABvCaRuA8YdUDPCzN3UGVM3tjSLICncwyCytzb
tkXQ28jFzrsMxLEoUBBUTytKqnSP4+pTLiyXC6Pe3w6BE2uiXn4JVq86SmpqIGWg
Qqe9IWBPZeV+O6g9KuAWPnWinlEn32fn0ImJas0fP4ovuu3kDRip1yTcsHCYFE2K
yq/MYIJfIdkLubCKl3plYszZxs4izwJRBxzsZLP+/oGZgfP6BOGxZSMKr1fzf613
gA8xhOY1CRlHsRrWcNsZ9reh1Vt3vke4H+EKk8yvxLpDjiAR9JSJHVhQKaj/tLkL
Ts8jC79UU/UP5zTl/VAgqM7+8SvhrieCxAI4+puu5izQJnl2
-----END CERTIFICATE-----