Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/EsuocKFvmkH8qyInPmeh4Cit2TU.roa
File:                     EsuocKFvmkH8qyInPmeh4Cit2TU.roa (raw, json)
Hash identifier:          9OsTb0RilZVGNJ8xEqrVwxSt9gv2u6q/yZxoLcFksow=
Subject key identifier:   12:CB:A8:70:A1:6F:9A:41:FC:AB:22:27:3E:67:A1:E0:28:AD:D9:35
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0199CE902935F519B9B8CC136FCC0E17C81C
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/EsuocKFvmkH8qyInPmeh4Cit2TU.roa
Signing time:             Fri 10 Oct 2025 14:39:38 +0000
ROA not before:           Fri 10 Oct 2025 14:39:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214677
IP address blocks:        2a12:bec4:1820::/44 maxlen: 48
                          2a12:bec4:1da0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:90:29:35:f5:19:b9:b8:cc:13:6f:cc:0e:17:c8:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Oct 10 14:39:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12cba870a16f9a41fcab22273e67a1e028add935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7e:0f:81:cb:cc:43:b5:aa:89:a3:3a:ab:6f:
                    f6:01:99:e4:0a:dd:f3:35:ed:62:c6:71:5e:ab:80:
                    bc:20:0f:52:81:5d:d8:76:80:d5:47:58:1a:d6:8d:
                    72:b7:27:eb:91:f2:b5:a9:52:ad:62:b0:66:5c:08:
                    4e:98:4f:4f:74:fa:bf:c1:37:95:bc:db:01:f6:0f:
                    6a:67:a1:bc:10:bb:ba:1d:62:3b:ad:eb:8d:26:ee:
                    f1:e1:a1:0b:e2:65:0e:f3:0f:69:80:5b:88:71:ff:
                    5c:05:f0:9d:af:1e:e5:8a:1b:0a:3a:07:7f:0a:4b:
                    a1:12:bb:87:15:44:f8:22:26:65:da:77:19:f3:f5:
                    d7:df:5e:58:4b:08:e8:d9:61:9b:f9:5b:d3:bb:81:
                    f7:3d:5d:e8:51:ca:4b:71:67:75:a1:a3:db:0c:47:
                    b7:0d:88:38:7a:79:af:ba:37:a8:a3:c8:6a:1e:0d:
                    73:6c:e4:34:b5:5f:c9:52:d8:7f:3c:51:f8:ab:18:
                    94:1c:8d:ba:10:20:d6:d8:78:96:6a:fc:be:00:0e:
                    c6:23:06:b6:13:b0:f4:56:98:0e:cb:fe:22:17:c7:
                    a6:a1:14:15:74:fe:be:74:a4:55:c0:55:18:21:b7:
                    33:3f:8d:24:12:2c:70:c2:62:22:c7:dc:09:eb:ed:
                    42:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:CB:A8:70:A1:6F:9A:41:FC:AB:22:27:3E:67:A1:E0:28:AD:D9:35
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/EsuocKFvmkH8qyInPmeh4Cit2TU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1820::/44
                  2a12:bec4:1da0::/44

    Signature Algorithm: sha256WithRSAEncryption
         07:f6:71:f8:1f:d7:0f:a9:9e:f9:42:ba:2a:e0:6c:c3:b0:7f:
         ce:c8:63:28:63:94:6d:3a:35:85:ef:c9:22:56:56:b5:58:f5:
         36:dc:5b:08:0e:1b:72:c5:34:92:ad:5a:76:24:a2:fb:ce:7e:
         03:9d:4b:b9:3e:c7:32:34:0b:d5:d0:cd:e1:09:2b:9c:56:80:
         60:34:f5:b0:f6:b3:6a:86:2e:06:ed:24:af:f5:53:ba:09:db:
         35:9a:f7:52:a5:d5:84:07:c5:f3:6f:6d:91:bd:3d:d8:4d:01:
         91:9a:23:76:27:ac:11:c9:94:32:b4:a0:b7:b2:21:07:cd:91:
         27:c7:36:79:87:c4:bb:8f:ee:cf:83:d1:ff:e6:8f:ab:e5:98:
         71:06:be:77:54:c0:39:b9:0a:8e:d0:f6:a9:49:44:dd:83:14:
         eb:71:71:3b:cb:18:e8:3a:57:1b:8a:d1:4a:5c:c3:d6:10:4e:
         f7:b2:95:c1:ca:df:ac:e7:13:bd:0e:10:de:45:c2:dc:e4:40:
         09:33:b3:c6:84:a3:ca:eb:65:19:71:6e:a4:d2:f8:61:92:9e:
         ab:7d:db:be:c9:09:1e:2a:94:66:7a:9e:70:f9:07:d6:1e:b7:
         c4:a0:fd:be:1c:f7:3a:39:b0:5d:b4:fe:7e:eb:0c:e2:af:a5:
         21:82:26:c2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnOkCk19Rm5uMwTb8wOF8gcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUxMDEwMTQzOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmNiYTg3MGExNmY5YTQxZmNhYjIyMjczZTY3YTFlMDI4YWRkOTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkX4PgcvMQ7WqiaM6q2/2AZnkCt3z
Ne1ixnFeq4C8IA9SgV3YdoDVR1ga1o1ytyfrkfK1qVKtYrBmXAhOmE9PdPq/wTeV
vNsB9g9qZ6G8ELu6HWI7reuNJu7x4aEL4mUO8w9pgFuIcf9cBfCdrx7lihsKOgd/
CkuhEruHFUT4IiZl2ncZ8/XX315YSwjo2WGb+VvTu4H3PV3oUcpLcWd1oaPbDEe3
DYg4enmvujeoo8hqHg1zbOQ0tV/JUth/PFH4qxiUHI26ECDW2HiWavy+AA7GIwa2
E7D0VpgOy/4iF8emoRQVdP6+dKRVwFUYIbczP40kEixwwmIix9wJ6+1CDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBLLqHChb5pB/KsiJz5noeAordk1MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvRXN1b2NLRnZta0g4cXlJblBtZWg0Q2l0MlRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xBgg
AwcEKhK+xB2gMA0GCSqGSIb3DQEBCwUAA4IBAQAH9nH4H9cPqZ75Qroq4GzDsH/O
yGMoY5RtOjWF78kiVla1WPU23FsIDhtyxTSSrVp2JKL7zn4DnUu5PscyNAvV0M3h
CSucVoBgNPWw9rNqhi4G7SSv9VO6Cds1mvdSpdWEB8Xzb22RvT3YTQGRmiN2J6wR
yZQytKC3siEHzZEnxzZ5h8S7j+7Pg9H/5o+r5ZhxBr53VMA5uQqO0PapSUTdgxTr
cXE7yxjoOlcbitFKXMPWEE73spXByt+s5xO9DhDeRcLc5EAJM7PGhKPK62UZcW6k
0vhhkp6rfdu+yQkeKpRmep5w+QfWHrfEoP2+HPc6ObBdtP5+6wzir6UhgibC
-----END CERTIFICATE-----