Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1QDFYb-Vh9sgbzcMo2I2SCnosTc.roa
File:                     1QDFYb-Vh9sgbzcMo2I2SCnosTc.roa (raw, json)
Hash identifier:          eTopMTj7eitERbpDtmX5ajVoQejuauiY0guXK4GhdtI=
Subject key identifier:   D5:00:C5:61:BF:95:87:DB:20:6F:37:0C:A3:62:36:48:29:E8:B1:37
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0196A4A26DC0D444258F9CBB04F7C066487D
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1QDFYb-Vh9sgbzcMo2I2SCnosTc.roa
Signing time:             Tue 06 May 2025 08:07:10 +0000
ROA not before:           Tue 06 May 2025 08:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209414
IP address blocks:        2a12:bec4:19d0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 20:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a4:a2:6d:c0:d4:44:25:8f:9c:bb:04:f7:c0:66:48:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: May  6 08:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d500c561bf9587db206f370ca362364829e8b137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:57:ed:0c:77:44:f2:f2:b6:0c:33:2a:e8:6b:
                    ee:a8:fc:8e:76:dd:82:d1:36:ad:56:a0:e2:0c:8d:
                    37:70:27:aa:c5:e4:b4:18:81:d4:67:dd:14:38:1d:
                    06:5a:45:07:b6:ae:69:d8:96:2d:19:b3:8e:d1:94:
                    c7:b9:4f:d4:0f:5f:1d:72:b4:21:f4:4e:91:46:56:
                    d3:e3:bb:4d:4d:a8:20:47:fd:57:89:fa:0b:28:c2:
                    20:5c:4a:2b:2a:e9:35:7a:bb:43:73:58:49:6f:32:
                    5c:a4:ad:c0:71:21:1b:91:38:0a:ee:0b:34:68:a7:
                    32:c4:62:3b:8a:76:be:ab:e1:c5:7a:83:e5:55:7b:
                    9e:bb:61:fa:fc:99:94:82:e0:67:52:02:6b:18:8d:
                    0a:6d:0c:91:e9:da:b2:ca:07:75:1b:c8:df:65:ea:
                    4d:b0:d1:3d:f2:03:d4:34:bd:8c:4a:a1:d6:b6:3f:
                    cd:b6:a9:db:97:8c:87:61:7b:b7:25:13:e7:e7:9a:
                    32:29:28:a0:bf:65:d7:44:16:48:82:70:39:f0:40:
                    da:fc:d8:bc:c3:10:05:0f:79:d0:60:5a:f5:4c:87:
                    1d:bb:51:5d:ce:5d:5e:f2:4f:37:38:b5:27:98:59:
                    b6:ab:a1:8c:f5:8b:44:a5:75:43:de:d7:91:a3:76:
                    d0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:00:C5:61:BF:95:87:DB:20:6F:37:0C:A3:62:36:48:29:E8:B1:37
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/1QDFYb-Vh9sgbzcMo2I2SCnosTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:19d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         60:0d:31:5a:9d:43:e1:6f:02:c9:93:8c:d6:06:4f:2e:57:05:
         c8:c9:f2:24:fd:97:7b:d5:4d:80:79:3a:f5:ea:e1:80:8c:88:
         fb:3a:41:36:aa:95:d5:0c:6d:68:26:98:5b:d7:94:78:c2:be:
         c4:0e:a9:53:b6:58:05:ca:00:ef:74:64:fe:80:0b:57:36:89:
         4e:da:89:01:68:ad:15:dd:21:98:06:d9:07:ad:27:d5:08:37:
         19:c2:6a:23:13:9e:e0:5c:2a:19:f5:15:5d:21:73:96:71:ca:
         16:ca:ea:20:a6:64:7f:10:58:d0:ff:85:cd:4f:b7:75:e9:fb:
         3b:4c:a3:84:fc:60:50:08:29:9e:21:88:5a:4f:44:a0:71:18:
         c7:4a:c1:a7:3d:74:5c:33:38:82:58:a3:4e:5c:e5:98:83:c0:
         25:91:30:e5:dc:6d:36:b2:99:91:a8:6c:42:6a:e7:8c:92:50:
         4e:6b:72:a1:f5:36:1a:77:3f:3c:9d:be:4e:ef:50:3a:df:ea:
         f0:97:43:cd:27:1c:c2:17:08:a6:27:e2:05:24:c3:f3:33:07:
         ff:2f:bb:2b:b2:2e:79:71:da:c1:56:30:11:10:4a:6c:d5:d2:
         fb:58:22:71:5e:20:e8:44:a8:fa:60:a7:9f:c4:fa:7a:a6:c4:
         b3:2f:f5:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZakom3A1EQlj5y7BPfAZkh9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNTA2MDgwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTAwYzU2MWJmOTU4N2RiMjA2ZjM3MGNhMzYyMzY0ODI5ZThiMTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVftDHdE8vK2DDMq6GvuqPyOdt2C
0TatVqDiDI03cCeqxeS0GIHUZ90UOB0GWkUHtq5p2JYtGbOO0ZTHuU/UD18dcrQh
9E6RRlbT47tNTaggR/1XifoLKMIgXEorKuk1ertDc1hJbzJcpK3AcSEbkTgK7gs0
aKcyxGI7ina+q+HFeoPlVXueu2H6/JmUguBnUgJrGI0KbQyR6dqyygd1G8jfZepN
sNE98gPUNL2MSqHWtj/Ntqnbl4yHYXu3JRPn55oyKSigv2XXRBZIgnA58EDa/Ni8
wxAFD3nQYFr1TIcdu1Fdzl1e8k83OLUnmFm2q6GM9YtEpXVD3teRo3bQ5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNUAxWG/lYfbIG83DKNiNkgp6LE3MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvMVFERlliLVZoOXNnYnpjTW8ySTJTQ25vc1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBnQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBgDTFanUPhbwLJk4zWBk8uVwXIyfIk/Zd71U2A
eTr16uGAjIj7OkE2qpXVDG1oJphb15R4wr7EDqlTtlgFygDvdGT+gAtXNolO2okB
aK0V3SGYBtkHrSfVCDcZwmojE57gXCoZ9RVdIXOWccoWyuogpmR/EFjQ/4XNT7d1
6fs7TKOE/GBQCCmeIYhaT0SgcRjHSsGnPXRcMziCWKNOXOWYg8AlkTDl3G02spmR
qGxCaueMklBOa3Kh9TYadz88nb5O71A63+rwl0PNJxzCFwimJ+IFJMPzMwf/L7sr
si55cdrBVjAREEps1dL7WCJxXiDoRKj6YKefxPp6psSzL/XX
-----END CERTIFICATE-----