Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LIqcQY55R_ebfPAKVEd2OzAgDr8.roa
File:                     LIqcQY55R_ebfPAKVEd2OzAgDr8.roa (raw, json)
Hash identifier:          MnZv6XbFBnZrU01AAutxsDweo2VCmrlz9XKUCu96byw=
Subject key identifier:   2C:8A:9C:41:8E:79:47:F7:9B:7C:F0:0A:54:47:76:3B:30:20:0E:BF
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019925F4801CDA36DEF0BABA69CC3ACE84CD
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LIqcQY55R_ebfPAKVEd2OzAgDr8.roa
Signing time:             Sun 07 Sep 2025 20:53:24 +0000
ROA not before:           Sun 07 Sep 2025 20:53:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213482
IP address blocks:        2a12:bec4:1780::/44 maxlen: 44
                          2a12:bec4:1c50::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:25:f4:80:1c:da:36:de:f0:ba:ba:69:cc:3a:ce:84:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Sep  7 20:53:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c8a9c418e7947f79b7cf00a5447763b30200ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e8:85:b1:a0:e5:31:4d:34:4f:4c:83:4a:88:
                    f9:9e:da:6b:dc:ae:42:71:5d:f7:08:f9:db:ca:cf:
                    2f:aa:4f:d5:62:4a:c9:40:cc:94:ec:5d:a8:44:aa:
                    26:cb:b6:fa:db:75:6b:27:e1:72:b7:46:8b:d4:c6:
                    13:2b:cc:a0:9e:97:b8:cb:27:61:f3:1a:1f:36:1c:
                    59:4d:4d:4a:66:1f:34:c9:3a:ab:66:6d:5e:83:7f:
                    9c:72:63:ac:57:e0:61:92:1b:ce:11:74:0a:61:46:
                    12:29:96:e6:67:bb:27:08:91:fc:e4:43:38:53:8a:
                    58:85:f3:70:f7:f3:b3:bc:5c:f4:63:27:c9:c5:94:
                    43:33:3d:a7:df:f4:66:17:1a:aa:34:95:c1:cb:1b:
                    0a:e1:af:eb:c0:9d:aa:82:73:50:83:98:79:c2:69:
                    aa:46:29:54:85:98:96:1b:87:8e:56:85:73:c7:8b:
                    12:86:9e:34:03:e4:25:7b:10:38:c6:f9:25:f7:18:
                    2c:0d:c2:32:51:ec:c7:5a:a1:33:13:63:44:54:17:
                    4e:c6:3f:23:de:04:1a:8e:34:0c:38:e1:b1:a7:0c:
                    10:de:b4:2f:cd:d6:f6:a3:f3:e3:36:e4:3f:60:63:
                    ae:bd:34:4f:56:10:fc:cd:7b:47:a4:ab:1d:a5:ed:
                    b2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:8A:9C:41:8E:79:47:F7:9B:7C:F0:0A:54:47:76:3B:30:20:0E:BF
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/LIqcQY55R_ebfPAKVEd2OzAgDr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1780::/44
                  2a12:bec4:1c50::/44

    Signature Algorithm: sha256WithRSAEncryption
         68:47:4f:aa:53:e7:50:8b:51:f5:f5:35:d3:c0:01:f1:96:a1:
         fa:59:77:8f:ad:87:f8:a4:bb:24:ca:8f:62:12:f4:11:81:13:
         ed:95:8a:bc:f2:6b:5b:bc:1d:54:83:3f:49:80:1c:61:d0:85:
         ef:f2:0f:e4:ed:29:59:82:b6:54:cb:e8:b1:bd:53:da:50:0d:
         67:ed:5e:5d:59:26:4f:f8:d2:25:ce:65:18:fb:b8:a5:15:9a:
         4a:65:37:a1:58:1b:83:ae:16:de:21:e9:8e:f3:55:06:cf:7d:
         56:49:b8:e3:b2:4e:12:28:c5:1f:11:50:15:85:48:a2:fa:6f:
         37:8b:ac:60:e3:1c:0b:4a:48:19:35:1c:81:70:8b:a9:a7:7c:
         3c:c2:25:38:00:52:01:11:a7:e0:00:a0:5e:3a:01:39:cd:59:
         d1:2f:ff:f0:ff:2f:8a:8b:11:57:7a:b1:c5:c3:d5:82:41:fe:
         f6:82:06:6f:f7:cc:df:7b:fd:a2:06:2b:00:de:3a:ec:b2:9e:
         00:de:6b:0a:26:1f:4c:de:3f:49:2a:59:c4:80:b1:bb:0a:a4:
         55:30:16:3b:16:41:d1:ce:74:8e:22:2f:34:3e:f2:35:ec:d4:
         8d:82:43:b4:b4:95:db:bc:2d:21:11:e0:aa:14:2c:59:29:41:
         f5:81:ed:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkl9IAc2jbe8Lq6acw6zoTNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwOTA3MjA1MzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzhhOWM0MThlNzk0N2Y3OWI3Y2YwMGE1NDQ3NzYzYjMwMjAwZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+iFsaDlMU00T0yDSoj5ntpr3K5C
cV33CPnbys8vqk/VYkrJQMyU7F2oRKomy7b623VrJ+Fyt0aL1MYTK8ygnpe4yydh
8xofNhxZTU1KZh80yTqrZm1eg3+ccmOsV+BhkhvOEXQKYUYSKZbmZ7snCJH85EM4
U4pYhfNw9/OzvFz0YyfJxZRDMz2n3/RmFxqqNJXByxsK4a/rwJ2qgnNQg5h5wmmq
RilUhZiWG4eOVoVzx4sShp40A+QlexA4xvkl9xgsDcIyUezHWqEzE2NEVBdOxj8j
3gQajjQMOOGxpwwQ3rQvzdb2o/PjNuQ/YGOuvTRPVhD8zXtHpKsdpe2yOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCyKnEGOeUf3m3zwClRHdjswIA6/MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvTElxY1FZNTVSX2ViZlBBS1ZFZDJPekFnRHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhK+xBeA
AwcEKhK+xBxQMA0GCSqGSIb3DQEBCwUAA4IBAQBoR0+qU+dQi1H19TXTwAHxlqH6
WXePrYf4pLskyo9iEvQRgRPtlYq88mtbvB1Ugz9JgBxh0IXv8g/k7SlZgrZUy+ix
vVPaUA1n7V5dWSZP+NIlzmUY+7ilFZpKZTehWBuDrhbeIemO81UGz31WSbjjsk4S
KMUfEVAVhUii+m83i6xg4xwLSkgZNRyBcIupp3w8wiU4AFIBEafgAKBeOgE5zVnR
L//w/y+KixFXerHFw9WCQf72ggZv98zfe/2iBisA3jrssp4A3msKJh9M3j9JKlnE
gLG7CqRVMBY7FkHRznSOIi80PvI17NSNgkO0tJXbvC0hEeCqFCxZKUH1ge0c
-----END CERTIFICATE-----