Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/D1jqA42CGtF7X-Q11IMe51WG-r8.roa
File:                     D1jqA42CGtF7X-Q11IMe51WG-r8.roa (raw, json)
Hash identifier:          OsipncbFVTspodkTZl0bN69HAbYo64VA7VFVvUEdoPE=
Subject key identifier:   0F:58:EA:03:8D:82:1A:D1:7B:5F:E4:35:D4:83:1E:E7:55:86:FA:BF
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0196861E3BE92015470D019828726BED1191
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/D1jqA42CGtF7X-Q11IMe51WG-r8.roa
Signing time:             Wed 30 Apr 2025 09:54:10 +0000
ROA not before:           Wed 30 Apr 2025 09:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197860
IP address blocks:        2a12:bec0:390::/44 maxlen: 48
                          2a12:bec4:1010::/44 maxlen: 48
                          2a12:bec4:2020::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 07:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:1e:3b:e9:20:15:47:0d:01:98:28:72:6b:ed:11:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Apr 30 09:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f58ea038d821ad17b5fe435d4831ee75586fabf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:6c:c3:1c:4d:b4:3b:c5:88:21:e9:3a:90:5b:
                    8f:65:57:e7:f0:e3:e6:10:64:33:34:43:cf:e9:c7:
                    e3:ae:34:29:eb:e8:00:d5:e9:b4:c6:19:04:01:f6:
                    30:63:96:87:66:28:ff:9c:68:0f:6b:1b:77:17:e0:
                    0a:b4:7a:98:f8:e9:64:e2:ba:16:f7:1b:a3:dc:9d:
                    21:e2:c3:f5:df:cf:ec:52:37:3a:c3:4c:12:51:6d:
                    e8:39:e0:59:38:ac:69:38:0e:0a:d7:17:45:ba:97:
                    93:19:7a:bb:89:38:ff:29:d9:37:43:7b:90:b9:2c:
                    79:28:6c:d4:f3:87:93:3c:cb:fa:f3:35:18:ca:c2:
                    97:56:49:df:54:2f:41:33:46:31:a8:a8:66:5d:99:
                    bc:85:15:44:fa:bc:78:a7:22:9c:86:3e:0f:06:d3:
                    5d:d9:46:81:50:09:19:0a:00:87:80:a8:d7:3a:57:
                    87:23:74:f0:97:97:06:eb:64:d5:b4:d6:1f:60:ed:
                    55:c0:a5:95:70:0f:a8:a4:eb:83:6f:c1:d1:5b:23:
                    04:af:01:6a:9f:f1:7f:40:d5:5f:86:c1:45:3b:6f:
                    a5:72:d3:55:83:53:4d:bf:17:f3:4f:71:3d:77:c1:
                    80:18:68:9b:7f:32:31:94:9a:54:ad:87:82:1f:6c:
                    d0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:58:EA:03:8D:82:1A:D1:7B:5F:E4:35:D4:83:1E:E7:55:86:FA:BF
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/D1jqA42CGtF7X-Q11IMe51WG-r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:390::/44
                  2a12:bec4:1010::/44
                  2a12:bec4:2020::/44

    Signature Algorithm: sha256WithRSAEncryption
         7a:14:a0:a0:78:9e:ea:d3:2e:2b:09:a4:43:74:61:79:2d:92:
         9f:8e:98:6e:84:44:8a:5d:54:b7:05:4e:50:fa:f7:6f:62:36:
         d5:34:61:24:37:42:00:47:a2:dc:83:d0:2b:ad:ee:da:da:e1:
         d3:7f:c6:ce:44:a5:e8:2e:7e:69:5b:a8:b7:da:83:0d:c6:1f:
         47:42:f9:1c:c1:4b:ed:9f:78:f6:d6:b4:f2:06:3f:67:58:94:
         52:50:40:9b:70:5d:e4:7e:9f:5c:4f:4d:5a:ba:15:ba:83:0a:
         31:9f:d2:c9:80:9d:0e:9f:bb:b5:70:10:86:d2:0f:d9:c2:51:
         8d:d4:c3:92:f3:f4:fe:4d:f8:96:26:63:09:d2:65:70:f5:15:
         69:56:f1:b2:d9:e1:fb:c8:8b:a3:d0:69:ac:fd:41:d3:8b:40:
         e6:c3:00:ae:45:9b:67:65:3b:6c:5e:4c:a0:37:71:78:d5:96:
         dd:40:44:c8:a8:24:08:9f:5b:de:bf:76:b7:a1:02:f6:6e:bd:
         64:83:2a:e9:bd:4d:10:9b:13:3a:99:8e:4e:fc:2e:40:ab:10:
         e0:bf:98:b7:ff:cf:f9:41:ce:db:81:a7:d3:20:08:df:21:0d:
         6b:01:7b:62:ca:ed:a8:30:85:54:c3:71:6d:16:3d:b9:4e:0a:
         40:a3:50:00
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZaGHjvpIBVHDQGYKHJr7RGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNDMwMDk1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjU4ZWEwMzhkODIxYWQxN2I1ZmU0MzVkNDgzMWVlNzU1ODZmYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8mzDHE20O8WIIek6kFuPZVfn8OPm
EGQzNEPP6cfjrjQp6+gA1em0xhkEAfYwY5aHZij/nGgPaxt3F+AKtHqY+Olk4roW
9xuj3J0h4sP138/sUjc6w0wSUW3oOeBZOKxpOA4K1xdFupeTGXq7iTj/Kdk3Q3uQ
uSx5KGzU84eTPMv68zUYysKXVknfVC9BM0YxqKhmXZm8hRVE+rx4pyKchj4PBtNd
2UaBUAkZCgCHgKjXOleHI3Twl5cG62TVtNYfYO1VwKWVcA+opOuDb8HRWyMErwFq
n/F/QNVfhsFFO2+lctNVg1NNvxfzT3E9d8GAGGibfzIxlJpUrYeCH2zQmQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFA9Y6gONghrRe1/kNdSDHudVhvq/MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRDFqcUE0MkNHdEY3WC1RMTFJTWU1MVdHLXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKhK+wAOQ
AwcEKhK+xBAQAwcEKhK+xCAgMA0GCSqGSIb3DQEBCwUAA4IBAQB6FKCgeJ7q0y4r
CaRDdGF5LZKfjphuhESKXVS3BU5Q+vdvYjbVNGEkN0IAR6Lcg9Arre7a2uHTf8bO
RKXoLn5pW6i32oMNxh9HQvkcwUvtn3j21rTyBj9nWJRSUECbcF3kfp9cT01auhW6
gwoxn9LJgJ0On7u1cBCG0g/ZwlGN1MOS8/T+TfiWJmMJ0mVw9RVpVvGy2eH7yIuj
0Gms/UHTi0DmwwCuRZtnZTtsXkygN3F41ZbdQETIqCQIn1vev3a3oQL2br1kgyrp
vU0QmxM6mY5O/C5AqxDgv5i3/8/5Qc7bgafTIAjfIQ1rAXtiyu2oMIVUw3FtFj25
TgpAo1AA
-----END CERTIFICATE-----