Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Oytnf1KRRpU3SXzA8XVLv9bvigI.roa
File:                     Oytnf1KRRpU3SXzA8XVLv9bvigI.roa (raw, json)
Hash identifier:          I14yK37tJLkIYQR3/yskRlFFVSa0rXvsZoyZJn4tP4A=
Subject key identifier:   3B:2B:67:7F:52:91:46:95:37:49:7C:C0:F1:75:4B:BF:D6:EF:8A:02
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0198A4C7A8EDAF8EBF13AC09A0D546444D31
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Oytnf1KRRpU3SXzA8XVLv9bvigI.roa
Signing time:             Wed 13 Aug 2025 18:53:24 +0000
ROA not before:           Wed 13 Aug 2025 18:53:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213026
IP address blocks:        2a12:bec0:6b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 21:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a4:c7:a8:ed:af:8e:bf:13:ac:09:a0:d5:46:44:4d:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Aug 13 18:53:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b2b677f5291469537497cc0f1754bbfd6ef8a02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:62:20:ed:88:11:0f:07:64:6d:15:a1:6d:8b:
                    e1:28:f5:62:9b:6e:35:9f:92:49:be:a1:7c:df:af:
                    ba:76:a0:53:bb:ed:58:f2:59:85:2d:ad:c0:9b:99:
                    0e:f5:ba:ba:fe:e4:24:68:40:b9:c7:41:ef:5c:9e:
                    0b:c8:94:2c:6c:34:96:35:e6:27:26:cd:41:63:9d:
                    e6:33:f5:f7:95:fb:4b:52:b5:df:7d:d8:f6:2f:5c:
                    31:f8:90:a2:e6:bd:c5:bc:39:1e:82:12:7c:d1:5e:
                    9d:da:8c:38:87:8f:a7:8c:06:60:5f:cb:92:88:74:
                    f2:c2:1d:a7:f0:40:00:f5:85:f7:71:bf:20:17:18:
                    0a:9a:41:7a:87:ba:ea:84:c0:22:db:91:af:c5:dd:
                    bf:f9:8e:29:c9:51:ad:cd:0c:74:bc:11:0d:f3:4c:
                    60:f9:a1:37:9d:07:fa:62:7f:08:fa:e9:2b:bc:7a:
                    ea:21:ea:2b:c0:fc:bb:50:b4:51:71:53:30:a0:d1:
                    83:3e:a0:74:8c:45:b8:f0:60:20:17:0d:3e:d6:06:
                    94:89:d4:6e:7d:ff:ce:29:e8:d9:e5:43:7f:e0:de:
                    99:8c:69:cf:ab:73:05:9d:6f:20:43:cf:46:24:6e:
                    1c:f4:7a:77:ac:8b:9c:68:4c:b2:45:9d:ff:b3:db:
                    0b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:2B:67:7F:52:91:46:95:37:49:7C:C0:F1:75:4B:BF:D6:EF:8A:02
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Oytnf1KRRpU3SXzA8XVLv9bvigI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:6b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         66:6e:9f:a9:d7:de:c1:f0:7d:9c:b5:c8:69:9a:08:70:05:41:
         2b:e5:4d:12:1c:a3:04:62:bd:47:ae:50:be:20:95:b6:9c:65:
         eb:5e:0c:d3:ee:c3:10:c6:45:9a:23:fa:97:05:98:3a:1d:71:
         39:ea:82:2f:8e:58:b6:b0:23:aa:37:5d:25:a4:eb:5e:e8:cd:
         c6:03:20:94:b2:01:a4:82:fa:9b:b6:de:ce:c9:cc:45:15:14:
         be:a6:46:5b:d9:36:66:32:4c:72:7a:ca:8a:48:61:c0:48:99:
         64:c4:4b:0a:2b:b2:4a:77:a9:2a:0b:2e:a8:5d:ab:3c:ea:48:
         f7:b9:c0:41:ce:ac:cd:14:d4:68:e3:89:bd:26:61:a5:e4:d8:
         60:c7:9e:1c:02:5b:c1:cf:e9:09:78:5c:5f:83:65:0b:88:6b:
         27:40:2d:ee:f0:07:25:45:10:4b:78:2e:f3:5c:79:9b:74:eb:
         59:3d:e7:dc:9b:71:c3:c4:e2:63:f1:a6:4a:59:50:e7:77:51:
         a1:78:11:de:56:f0:4c:a1:d2:3b:e8:0e:8f:62:a5:b3:f2:e7:
         80:f2:1e:71:9e:11:33:fe:46:6c:5b:2c:11:4b:1b:b6:ec:bb:
         ff:d9:ab:d3:ce:f2:e3:ec:3d:c0:56:0f:ff:57:e4:8d:49:6a:
         ff:5e:45:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZikx6jtr46/E6wJoNVGRE0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwODEzMTg1MzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjJiNjc3ZjUyOTE0Njk1Mzc0OTdjYzBmMTc1NGJiZmQ2ZWY4YTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWIg7YgRDwdkbRWhbYvhKPVim241
n5JJvqF836+6dqBTu+1Y8lmFLa3Am5kO9bq6/uQkaEC5x0HvXJ4LyJQsbDSWNeYn
Js1BY53mM/X3lftLUrXffdj2L1wx+JCi5r3FvDkeghJ80V6d2ow4h4+njAZgX8uS
iHTywh2n8EAA9YX3cb8gFxgKmkF6h7rqhMAi25Gvxd2/+Y4pyVGtzQx0vBEN80xg
+aE3nQf6Yn8I+ukrvHrqIeorwPy7ULRRcVMwoNGDPqB0jEW48GAgFw0+1gaUidRu
ff/OKejZ5UN/4N6ZjGnPq3MFnW8gQ89GJG4c9Hp3rIucaEyyRZ3/s9sLvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDsrZ39SkUaVN0l8wPF1S7/W74oCMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvT3l0bmYxS1JScFUzU1h6QThYVkx2OWJ2aWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAaw
MA0GCSqGSIb3DQEBCwUAA4IBAQBmbp+p197B8H2ctchpmghwBUEr5U0SHKMEYr1H
rlC+IJW2nGXrXgzT7sMQxkWaI/qXBZg6HXE56oIvjli2sCOqN10lpOte6M3GAyCU
sgGkgvqbtt7OycxFFRS+pkZb2TZmMkxyesqKSGHASJlkxEsKK7JKd6kqCy6oXas8
6kj3ucBBzqzNFNRo44m9JmGl5Nhgx54cAlvBz+kJeFxfg2ULiGsnQC3u8AclRRBL
eC7zXHmbdOtZPefcm3HDxOJj8aZKWVDnd1GheBHeVvBModI76A6PYqWz8ueA8h5x
nhEz/kZsWywRSxu27Lv/2avTzvLj7D3AVg//V+SNSWr/XkUv
-----END CERTIFICATE-----