Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/89GdubVoBt1O0l5OX5xr-lEXmWE.roa
File:                     89GdubVoBt1O0l5OX5xr-lEXmWE.roa (raw, json)
Hash identifier:          vOFiyfeqtfZ2a6GKS+PSR96XLBIHTgpu3z9Ut8kg+Zk=
Subject key identifier:   F3:D1:9D:B9:B5:68:06:DD:4E:D2:5E:4E:5F:9C:6B:FA:51:17:99:61
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0199A389D3551C9A0BEA20E9CFB74A563EAA
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/89GdubVoBt1O0l5OX5xr-lEXmWE.roa
Signing time:             Thu 02 Oct 2025 06:09:02 +0000
ROA not before:           Thu 02 Oct 2025 06:09:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214079
IP address blocks:        2a12:bec4:1570::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a3:89:d3:55:1c:9a:0b:ea:20:e9:cf:b7:4a:56:3e:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Oct  2 06:09:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3d19db9b56806dd4ed25e4e5f9c6bfa51179961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:6e:77:f5:d7:24:b8:4b:a7:c1:19:2e:ed:7e:
                    50:db:ee:d6:8d:d9:cd:54:92:12:3e:28:9e:d4:33:
                    41:c4:bf:0a:96:26:38:38:11:29:a7:dc:24:6c:66:
                    91:75:18:39:e6:fd:a6:d4:03:62:b2:11:e1:c4:44:
                    73:60:88:a5:4f:6e:35:3c:32:0b:9b:33:8a:f9:83:
                    d5:80:da:dd:9e:30:c5:a0:94:a6:36:d3:62:c9:c9:
                    b2:c0:ca:16:d9:b8:41:ab:2c:01:55:78:35:1c:82:
                    a2:24:b5:66:7a:41:91:fa:70:c5:49:12:10:c6:f2:
                    dc:24:47:25:6c:11:04:7c:28:12:9f:3a:99:8b:d5:
                    1e:19:24:e4:19:79:45:dd:b7:45:8a:d2:1d:f3:15:
                    cb:30:18:58:0a:f9:ab:9e:6e:90:20:7f:a4:73:4e:
                    95:95:f7:a7:6a:dc:89:01:ed:c0:cd:85:21:ed:77:
                    51:78:b2:8f:f7:49:9c:69:62:82:7f:c5:e7:a8:f7:
                    63:95:21:66:43:eb:d3:3f:2a:c7:8c:6a:11:3b:32:
                    8f:58:49:cd:3e:45:a0:c2:f6:a8:eb:88:04:32:43:
                    f0:9e:c9:53:c6:0f:66:89:e5:62:54:ff:10:b6:9d:
                    66:b2:1e:10:18:d0:79:e3:78:d8:e6:18:1a:f6:3d:
                    ba:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:D1:9D:B9:B5:68:06:DD:4E:D2:5E:4E:5F:9C:6B:FA:51:17:99:61
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/89GdubVoBt1O0l5OX5xr-lEXmWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1570::/44

    Signature Algorithm: sha256WithRSAEncryption
         3f:61:7f:f5:29:0e:7d:f7:da:fb:d4:a0:ae:88:be:53:32:68:
         26:db:72:d8:3c:84:f2:ef:fe:4c:fd:3f:5d:88:e4:a6:a1:02:
         5b:1b:36:8c:4f:2e:04:e2:f8:ca:3c:02:67:c9:80:f7:a1:3b:
         30:e8:00:54:01:02:7b:b6:ce:6e:35:fb:12:06:39:b3:02:b0:
         67:be:8d:20:c0:5e:45:27:4d:2b:f6:14:b4:87:dc:79:54:54:
         a6:9b:69:d9:50:f1:c6:c9:5d:63:20:5c:45:49:0c:b9:6a:db:
         c2:d0:0d:0b:91:d9:d6:48:f6:45:13:1d:1a:69:6c:0f:0f:51:
         2e:f6:cb:20:4e:2a:ed:da:86:c4:10:d6:35:57:87:e8:60:02:
         22:82:36:ca:a2:e9:3e:6f:8f:e7:b7:ba:80:e0:0b:35:93:29:
         e7:5d:2e:ec:d1:32:b0:cb:05:d0:30:69:fa:ef:ee:5a:98:d7:
         33:24:95:cc:50:8d:1d:fb:53:3e:c4:cb:6a:79:4b:ad:58:a9:
         f8:f3:25:65:06:60:0c:d0:4b:a1:f9:58:14:56:4c:d2:19:89:
         ed:e1:b6:36:90:b0:d9:a0:ce:aa:e2:76:25:93:c2:a3:76:ee:
         c1:8d:91:ca:33:90:6a:ec:71:1b:23:c6:10:ad:3d:5d:d1:aa:
         3c:fb:c5:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZmjidNVHJoL6iDpz7dKVj6qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUxMDAyMDYwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2QxOWRiOWI1NjgwNmRkNGVkMjVlNGU1ZjljNmJmYTUxMTc5OTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2539dckuEunwRku7X5Q2+7WjdnN
VJISPiie1DNBxL8KliY4OBEpp9wkbGaRdRg55v2m1ANishHhxERzYIilT241PDIL
mzOK+YPVgNrdnjDFoJSmNtNiycmywMoW2bhBqywBVXg1HIKiJLVmekGR+nDFSRIQ
xvLcJEclbBEEfCgSnzqZi9UeGSTkGXlF3bdFitId8xXLMBhYCvmrnm6QIH+kc06V
lfenatyJAe3AzYUh7XdReLKP90mcaWKCf8XnqPdjlSFmQ+vTPyrHjGoROzKPWEnN
PkWgwvao64gEMkPwnslTxg9mieViVP8Qtp1msh4QGNB543jY5hga9j26VwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPPRnbm1aAbdTtJeTl+ca/pRF5lhMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvODlHZHViVm9CdDFPMGw1T1g1eHItbEVYbVdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBVw
MA0GCSqGSIb3DQEBCwUAA4IBAQA/YX/1KQ5999r71KCuiL5TMmgm23LYPITy7/5M
/T9diOSmoQJbGzaMTy4E4vjKPAJnyYD3oTsw6ABUAQJ7ts5uNfsSBjmzArBnvo0g
wF5FJ00r9hS0h9x5VFSmm2nZUPHGyV1jIFxFSQy5atvC0A0LkdnWSPZFEx0aaWwP
D1Eu9ssgTirt2obEENY1V4foYAIigjbKouk+b4/nt7qA4As1kynnXS7s0TKwywXQ
MGn67+5amNczJJXMUI0d+1M+xMtqeUutWKn48yVlBmAM0Euh+VgUVkzSGYnt4bY2
kLDZoM6q4nYlk8Kjdu7BjZHKM5Bq7HEbI8YQrT1d0ao8+8WY
-----END CERTIFICATE-----