Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/13bf73kjwfJvbOZ6386tpkoPxis.roa
File:                     13bf73kjwfJvbOZ6386tpkoPxis.roa (raw, json)
Hash identifier:          0zUYm9WcQE6LrWn5mnrEbKI5mifOpztoEnBvYyPuMnU=
Subject key identifier:   D7:76:DF:EF:79:23:C1:F2:6F:6C:E6:7A:DF:CE:AD:A6:4A:0F:C6:2B
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0196444EB32C100732BC09E9323E7E6334AA
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/13bf73kjwfJvbOZ6386tpkoPxis.roa
Signing time:             Thu 17 Apr 2025 15:12:10 +0000
ROA not before:           Thu 17 Apr 2025 15:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215120
IP address blocks:        2a12:bec4:19a0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:44:4e:b3:2c:10:07:32:bc:09:e9:32:3e:7e:63:34:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Apr 17 15:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d776dfef7923c1f26f6ce67adfceada64a0fc62b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:de:64:9b:e5:f2:b5:6a:3d:ce:77:57:17:a2:
                    42:d6:00:18:76:c5:84:dc:8b:8d:13:9d:dc:c7:6e:
                    33:82:fc:f4:f8:55:ac:1e:df:3d:36:ae:aa:54:ae:
                    1c:39:5c:32:1e:1c:ca:dd:e5:da:c8:2d:55:7f:28:
                    fd:f6:4a:e6:44:b8:e7:b7:53:8c:cf:e7:93:dc:b1:
                    6d:91:d7:c2:e3:52:42:49:4c:21:a5:43:57:26:c4:
                    60:35:b2:5d:26:1c:b3:0d:16:df:27:f7:42:85:45:
                    b9:1d:6b:f7:90:93:ea:91:64:f9:9a:f1:e0:ac:c3:
                    89:c6:e2:53:92:d2:d8:8e:45:ba:17:0f:5c:65:bb:
                    45:93:3f:ab:81:0c:27:3d:ed:12:4f:a2:c0:8d:f5:
                    03:85:51:6d:3c:73:cc:17:fa:35:18:ce:3f:6b:40:
                    9f:7b:62:8f:cc:ce:0f:35:7c:fa:a6:3a:a2:d1:43:
                    9e:b3:19:c0:29:19:d1:ab:37:e8:e9:ea:19:67:5e:
                    57:97:47:98:34:8c:34:8e:a0:18:ba:9a:0c:94:0c:
                    3b:40:10:8c:b9:6e:5b:66:25:fd:f5:9c:75:bb:29:
                    41:37:92:b2:7d:ef:a4:5c:8b:bb:e3:f2:13:8c:9b:
                    69:14:20:20:24:a2:03:e0:35:46:ca:ae:a8:c2:e9:
                    37:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:76:DF:EF:79:23:C1:F2:6F:6C:E6:7A:DF:CE:AD:A6:4A:0F:C6:2B
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/13bf73kjwfJvbOZ6386tpkoPxis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:19a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:ad:4e:75:95:eb:8b:04:6f:3f:8e:29:b1:6c:05:16:c1:45:
         7a:93:4d:59:50:cb:f5:bc:6d:24:f4:d8:eb:f8:3f:9c:4d:46:
         38:c9:78:25:3d:41:2d:44:80:c4:cc:a2:a4:c8:65:58:51:30:
         4e:ee:a9:42:81:79:92:9b:d1:70:0b:ff:2d:37:98:8e:5d:0d:
         df:d9:18:1e:1f:d4:ba:06:57:85:26:41:d1:60:dd:ba:67:71:
         89:7f:64:1f:ab:0a:bf:8f:4c:31:90:c9:de:82:ea:cd:14:4f:
         be:fd:21:29:8a:9d:3a:6b:61:b8:9d:ec:7f:7e:12:dc:38:d1:
         9a:28:4a:7c:d0:1a:da:53:39:ef:48:91:70:27:25:8b:64:d7:
         4e:3f:61:1c:86:ad:89:3d:26:55:cc:7d:68:ea:ac:dd:36:f6:
         0b:b5:7f:13:f0:eb:0b:f1:23:bb:6b:be:a8:2e:61:dd:e2:3f:
         fb:a0:2e:b4:42:0b:13:39:09:c8:99:85:91:5d:82:75:e7:ae:
         5b:6d:17:0d:7b:ed:a7:d9:23:7e:2c:6b:b0:21:ae:54:21:5b:
         15:da:ba:7a:36:0c:12:c8:c3:93:68:b5:ca:84:6f:25:89:8c:
         ae:45:9d:7d:44:f3:fb:28:b0:a0:cd:3f:cc:b7:92:84:3d:a7:
         fd:04:a6:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZETrMsEAcyvAnpMj5+YzSqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNDE3MTUxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzc2ZGZlZjc5MjNjMWYyNmY2Y2U2N2FkZmNlYWRhNjRhMGZjNjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5d5km+XytWo9zndXF6JC1gAYdsWE
3IuNE53cx24zgvz0+FWsHt89Nq6qVK4cOVwyHhzK3eXayC1Vfyj99krmRLjnt1OM
z+eT3LFtkdfC41JCSUwhpUNXJsRgNbJdJhyzDRbfJ/dChUW5HWv3kJPqkWT5mvHg
rMOJxuJTktLYjkW6Fw9cZbtFkz+rgQwnPe0ST6LAjfUDhVFtPHPMF/o1GM4/a0Cf
e2KPzM4PNXz6pjqi0UOesxnAKRnRqzfo6eoZZ15Xl0eYNIw0jqAYupoMlAw7QBCM
uW5bZiX99Zx1uylBN5Kyfe+kXIu74/ITjJtpFCAgJKID4DVGyq6owuk3XQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNd23+95I8Hyb2zmet/OraZKD8YrMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMTNiZjcza2p3Zkp2Yk9aNjM4NnRwa29QeGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhK+xBmg
MA0GCSqGSIb3DQEBCwUAA4IBAQCarU51leuLBG8/jimxbAUWwUV6k01ZUMv1vG0k
9Njr+D+cTUY4yXglPUEtRIDEzKKkyGVYUTBO7qlCgXmSm9FwC/8tN5iOXQ3f2Rge
H9S6BleFJkHRYN26Z3GJf2Qfqwq/j0wxkMnegurNFE++/SEpip06a2G4nex/fhLc
ONGaKEp80BraUznvSJFwJyWLZNdOP2Echq2JPSZVzH1o6qzdNvYLtX8T8OsL8SO7
a76oLmHd4j/7oC60QgsTOQnImYWRXYJ1565bbRcNe+2n2SN+LGuwIa5UIVsV2rp6
NgwSyMOTaLXKhG8liYyuRZ19RPP7KLCgzT/Mt5KEPaf9BKZI
-----END CERTIFICATE-----