Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/veH2ObQxMwayfvErABH8fABfZfs.roa
File:                     veH2ObQxMwayfvErABH8fABfZfs.roa (raw, json)
Hash identifier:          gCdYbQ/G+Ux+wkKWxeDccprCpcMVLOX8ZfByUpdbiNc=
Subject key identifier:   BD:E1:F6:39:B4:31:33:06:B2:7E:F1:2B:00:11:FC:7C:00:5F:65:FB
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0197986CE810C9B2BE43177CABC3605EA260
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/veH2ObQxMwayfvErABH8fABfZfs.roa
Signing time:             Sun 22 Jun 2025 16:16:03 +0000
ROA not before:           Sun 22 Jun 2025 16:16:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207513
IP address blocks:        2a12:bec4:1ac0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:98:6c:e8:10:c9:b2:be:43:17:7c:ab:c3:60:5e:a2:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jun 22 16:16:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bde1f639b4313306b27ef12b0011fc7c005f65fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b8:e0:60:d8:2a:73:7a:3d:48:cd:cc:90:3c:
                    b2:fa:ba:bb:bb:c4:62:55:e2:23:79:13:73:67:59:
                    26:1b:df:51:6e:e7:b6:f7:25:43:a4:e9:bb:d7:1f:
                    e5:37:7c:f1:69:db:df:64:61:92:f1:a8:24:f3:f2:
                    2f:76:6c:75:ed:a6:98:f4:cd:44:d1:47:99:b6:fc:
                    ee:d2:02:38:e4:24:7f:8b:a7:93:0f:9f:78:6b:fd:
                    7a:2c:33:a0:35:58:55:1b:c6:7d:cc:68:53:84:03:
                    89:f4:69:f3:7b:ff:62:a9:bc:70:96:90:23:4c:e1:
                    69:7d:56:d9:15:e4:44:dc:45:11:49:2d:dc:5b:e9:
                    81:86:55:5f:e0:3a:cc:82:65:5d:ae:80:ba:6a:bb:
                    b0:e5:8f:35:34:10:5f:20:3f:de:52:f0:14:78:a4:
                    33:f5:70:91:85:dc:70:98:0b:c2:49:e5:42:d4:07:
                    08:7d:05:2a:f2:ef:a3:9e:56:e9:3a:b2:97:b5:44:
                    ba:ce:6e:65:63:e7:d3:2e:40:7b:f8:ee:5e:57:73:
                    d6:44:bc:8b:c2:1b:91:2d:e4:02:6a:e0:e3:f3:27:
                    aa:87:e9:5f:84:23:e2:e6:ab:5f:4e:33:f9:97:f3:
                    9b:0e:29:88:b9:f9:70:6c:6e:b8:95:45:4f:f1:73:
                    49:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:E1:F6:39:B4:31:33:06:B2:7E:F1:2B:00:11:FC:7C:00:5F:65:FB
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/veH2ObQxMwayfvErABH8fABfZfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1ac0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b3:34:9f:7a:70:8a:00:78:eb:61:8c:5c:d6:a5:08:b4:2d:6a:
         23:40:29:71:80:7e:48:fe:19:e5:b7:7a:a9:f4:c5:c7:82:d8:
         b4:9f:f9:cd:27:eb:26:65:68:d2:37:33:19:3e:e5:6a:f2:9d:
         59:b9:43:79:46:fc:3c:ac:c4:6f:7f:44:75:92:c7:ce:90:06:
         0a:de:d1:39:8a:78:b8:ce:54:bd:40:84:57:b7:6a:38:dc:fb:
         55:c4:e3:ce:b2:fe:69:41:87:9a:7c:1a:c2:4c:34:29:0e:2a:
         4b:ba:b0:0e:48:af:6e:c0:57:e7:53:39:70:05:b0:a4:79:bc:
         85:b0:0e:cf:7f:b1:b0:d9:69:d7:ac:31:86:e3:c9:bc:0f:9b:
         82:7a:5c:81:f3:bf:69:8d:47:d4:08:b3:92:f1:23:74:47:21:
         e3:16:da:0e:3e:4f:4a:a2:51:5a:1f:2f:a6:bb:e5:82:18:25:
         96:01:09:ac:97:6c:28:e9:8a:ee:46:51:d7:ee:09:40:31:15:
         37:4d:71:ce:f1:00:75:b1:24:a2:b2:82:9f:2d:47:2e:c6:9f:
         41:8d:a0:a7:fd:d9:ce:32:38:b4:7f:58:b6:27:be:dc:54:5f:
         cd:db:87:58:0d:c5:18:80:72:01:45:0c:dc:b0:9b:48:63:f7:
         53:a9:cd:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZeYbOgQybK+Qxd8q8NgXqJgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNjIyMTYxNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGUxZjYzOWI0MzEzMzA2YjI3ZWYxMmIwMDExZmM3YzAwNWY2NWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLjgYNgqc3o9SM3MkDyy+rq7u8Ri
VeIjeRNzZ1kmG99Rbue29yVDpOm71x/lN3zxadvfZGGS8agk8/Ivdmx17aaY9M1E
0UeZtvzu0gI45CR/i6eTD594a/16LDOgNVhVG8Z9zGhThAOJ9Gnze/9iqbxwlpAj
TOFpfVbZFeRE3EURSS3cW+mBhlVf4DrMgmVdroC6aruw5Y81NBBfID/eUvAUeKQz
9XCRhdxwmAvCSeVC1AcIfQUq8u+jnlbpOrKXtUS6zm5lY+fTLkB7+O5eV3PWRLyL
whuRLeQCauDj8yeqh+lfhCPi5qtfTjP5l/ObDimIuflwbG64lUVP8XNJ0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL3h9jm0MTMGsn7xKwAR/HwAX2X7MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvdmVIMk9iUXhNd2F5ZnZFckFCSDhmQUJmWmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBrA
MA0GCSqGSIb3DQEBCwUAA4IBAQCzNJ96cIoAeOthjFzWpQi0LWojQClxgH5I/hnl
t3qp9MXHgti0n/nNJ+smZWjSNzMZPuVq8p1ZuUN5Rvw8rMRvf0R1ksfOkAYK3tE5
ini4zlS9QIRXt2o43PtVxOPOsv5pQYeafBrCTDQpDipLurAOSK9uwFfnUzlwBbCk
ebyFsA7Pf7Gw2WnXrDGG48m8D5uCelyB879pjUfUCLOS8SN0RyHjFtoOPk9KolFa
Hy+mu+WCGCWWAQmsl2wo6YruRlHX7glAMRU3TXHO8QB1sSSisoKfLUcuxp9BjaCn
/dnOMji0f1i2J77cVF/N24dYDcUYgHIBRQzcsJtIY/dTqc3d
-----END CERTIFICATE-----