Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/wUNFW9g1cL__Ldxx4JCoal9ZQ9k.roa
File:                     wUNFW9g1cL__Ldxx4JCoal9ZQ9k.roa (raw, json)
Hash identifier:          QUGMKCzUBxZmv2ut4z+O6x63e4TjTeO9edvruEOZhrs=
Subject key identifier:   C1:43:45:5B:D8:35:70:BF:FF:2D:DC:71:E0:90:A8:6A:5F:59:43:D9
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01941F8C4945985F1CCEB6FD63925CE0B3C9
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/wUNFW9g1cL__Ldxx4JCoal9ZQ9k.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51308
IP address blocks:        2a12:bec0:e03::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:49:45:98:5f:1c:ce:b6:fd:63:92:5c:e0:b3:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c143455bd83570bfff2ddc71e090a86a5f5943d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:41:4c:63:ae:14:62:e7:54:03:83:86:2d:38:
                    57:d6:83:12:52:5f:90:2e:e4:0c:e8:30:6a:e3:68:
                    dc:58:38:8c:54:5b:62:46:97:53:9c:38:be:2f:c7:
                    9f:c9:b8:c8:6d:49:ba:26:9e:e3:03:25:07:99:61:
                    8f:1e:59:1f:04:fb:04:f7:57:cf:0b:10:a2:ff:76:
                    bf:be:fd:d2:1a:f5:ab:d9:e5:69:6d:f4:3b:72:af:
                    3f:36:a0:13:3c:4f:63:c6:e7:66:93:21:61:95:8b:
                    ac:ad:44:77:49:81:b1:79:2e:a4:76:ea:2d:23:99:
                    42:fa:05:ae:0c:e5:a9:a8:c1:e8:ef:46:57:30:59:
                    af:e0:f5:aa:a2:b5:34:46:1d:bf:cb:02:56:91:04:
                    bd:c1:02:2e:f6:cc:50:53:fd:e0:99:43:b8:4c:ee:
                    9d:73:de:14:3c:fa:22:ff:81:c5:8c:40:5d:c0:f6:
                    8e:15:55:c7:39:cb:60:46:35:d4:30:83:29:1c:99:
                    57:7f:b1:42:a4:47:20:4c:55:46:58:65:4e:12:4c:
                    1d:d8:b5:e7:dc:56:b5:38:af:4b:1c:4a:ef:4c:1f:
                    fd:79:dd:ee:84:bb:77:b0:25:54:87:f5:aa:a3:0a:
                    a4:bf:b2:44:2c:a3:c9:95:96:27:6b:b4:5b:53:78:
                    40:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:43:45:5B:D8:35:70:BF:FF:2D:DC:71:E0:90:A8:6A:5F:59:43:D9
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/wUNFW9g1cL__Ldxx4JCoal9ZQ9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:e03::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:e5:60:cf:1d:83:88:a9:42:ac:15:c4:29:10:2d:c5:17:e2:
         76:82:7f:6e:ff:f3:97:53:0b:2f:50:11:53:55:22:7e:fe:78:
         2d:a4:39:05:82:aa:1a:9f:1d:4e:2c:da:ce:70:e5:4f:7a:64:
         bb:7e:d2:93:65:e4:98:48:d1:18:3b:48:1a:ec:4d:87:27:b0:
         03:d8:65:03:52:41:fb:3e:01:9b:a9:45:9c:94:d4:a9:96:43:
         47:23:38:3d:ac:79:9a:07:39:62:a5:3c:3d:5d:14:b2:e5:66:
         4a:f6:61:38:4b:89:1f:46:f9:02:bc:c5:f2:56:1e:73:9d:ef:
         b3:a6:35:ac:17:70:ca:0c:12:f4:cf:e5:52:24:77:62:7f:8b:
         5d:c8:1a:52:9b:83:fd:a5:c3:8b:8a:a4:6f:ba:19:4f:63:36:
         52:d0:f5:e3:5c:d5:22:23:1c:96:40:99:2d:aa:d3:80:c4:9b:
         7f:46:98:d3:8a:11:8e:67:ad:f8:f0:31:a6:b2:23:7a:cf:f2:
         ae:22:11:cf:c9:fa:8a:ff:ab:a4:a6:35:53:2f:3b:e6:4f:e5:
         85:33:b4:ed:af:94:32:e1:eb:9a:0c:f4:0c:35:9d:dd:0f:ab:
         cb:f7:0b:c3:fc:13:04:25:19:da:1c:01:db:3a:55:bc:b7:59:
         62:0e:c0:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjElFmF8czrb9Y5Jc4LPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTQzNDU1YmQ4MzU3MGJmZmYyZGRjNzFlMDkwYTg2YTVmNTk0M2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8EFMY64UYudUA4OGLThX1oMSUl+Q
LuQM6DBq42jcWDiMVFtiRpdTnDi+L8efybjIbUm6Jp7jAyUHmWGPHlkfBPsE91fP
CxCi/3a/vv3SGvWr2eVpbfQ7cq8/NqATPE9jxudmkyFhlYusrUR3SYGxeS6kduot
I5lC+gWuDOWpqMHo70ZXMFmv4PWqorU0Rh2/ywJWkQS9wQIu9sxQU/3gmUO4TO6d
c94UPPoi/4HFjEBdwPaOFVXHOctgRjXUMIMpHJlXf7FCpEcgTFVGWGVOEkwd2LXn
3Fa1OK9LHErvTB/9ed3uhLt3sCVUh/Wqowqkv7JELKPJlZYna7RbU3hA9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMFDRVvYNXC//y3cceCQqGpfWUPZMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvd1VORlc5ZzFjTF9fTGR4eDRKQ29hbDlaUTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+wA4D
MA0GCSqGSIb3DQEBCwUAA4IBAQCV5WDPHYOIqUKsFcQpEC3FF+J2gn9u//OXUwsv
UBFTVSJ+/ngtpDkFgqoanx1OLNrOcOVPemS7ftKTZeSYSNEYO0ga7E2HJ7AD2GUD
UkH7PgGbqUWclNSplkNHIzg9rHmaBzlipTw9XRSy5WZK9mE4S4kfRvkCvMXyVh5z
ne+zpjWsF3DKDBL0z+VSJHdif4tdyBpSm4P9pcOLiqRvuhlPYzZS0PXjXNUiIxyW
QJktqtOAxJt/RpjTihGOZ6348DGmsiN6z/KuIhHPyfqK/6ukpjVTLzvmT+WFM7Tt
r5Qy4euaDPQMNZ3dD6vL9wvD/BMEJRnaHAHbOlW8t1liDsC5
-----END CERTIFICATE-----