Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/SVCA6d7p1PS0F0FjCUAHYWu0dRU.roa
File:                     SVCA6d7p1PS0F0FjCUAHYWu0dRU.roa (raw, json)
Hash identifier:          k3XcA3WDi01ljiF4jlaAYnA9DVSvutSARp0/YJUEUv0=
Subject key identifier:   49:50:80:E9:DE:E9:D4:F4:B4:17:41:63:09:40:07:61:6B:B4:75:15
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0198A0101407C69E658EE7E5A00FAAFB5F95
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/SVCA6d7p1PS0F0FjCUAHYWu0dRU.roa
Signing time:             Tue 12 Aug 2025 20:54:24 +0000
ROA not before:           Tue 12 Aug 2025 20:54:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206715
IP address blocks:        2a12:bec4:1c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a0:10:14:07:c6:9e:65:8e:e7:e5:a0:0f:aa:fb:5f:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Aug 12 20:54:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=495080e9dee9d4f4b4174163094007616bb47515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:56:19:7f:11:d3:a4:70:06:3f:fb:df:49:2c:
                    8c:51:3e:1d:31:ee:75:d4:33:ba:55:35:70:99:88:
                    73:ff:60:56:d6:46:2c:11:4f:36:3f:4e:22:01:e8:
                    24:da:32:38:98:24:44:54:3d:d9:8a:6c:81:44:12:
                    83:59:b0:35:b0:39:e5:76:c7:e0:86:36:ac:66:ad:
                    49:73:40:2e:d3:af:69:6d:17:dc:6f:2a:33:35:34:
                    65:b8:85:ed:50:2a:d9:f3:4f:64:21:d6:e8:b1:6f:
                    87:1f:fe:cc:1a:65:39:d9:18:8d:d7:94:9c:3d:92:
                    e8:a2:b8:44:e9:bd:78:f6:17:5f:c2:e1:df:9c:91:
                    5e:04:df:5e:96:bd:c2:87:ce:7f:86:a0:f4:a4:72:
                    49:00:16:4a:d9:84:f1:22:3c:27:61:25:43:42:57:
                    fa:65:20:ae:e8:39:18:aa:91:30:e9:6c:1e:ff:28:
                    51:82:52:0f:0c:5b:cd:41:75:62:a9:90:97:6f:59:
                    50:b5:9f:2b:e3:92:6f:2b:05:2e:d6:98:38:8a:9b:
                    62:07:d8:63:1b:8a:88:3e:14:7f:80:da:e0:14:b4:
                    db:54:73:09:1e:d1:24:09:95:8d:44:00:03:8e:79:
                    79:52:2b:15:60:e7:1c:c3:ad:02:54:f6:98:31:89:
                    59:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:50:80:E9:DE:E9:D4:F4:B4:17:41:63:09:40:07:61:6B:B4:75:15
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/SVCA6d7p1PS0F0FjCUAHYWu0dRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         37:1f:18:71:bb:06:2b:60:fe:5c:cb:0f:2d:1b:31:a0:4c:55:
         e7:8c:4d:d5:bf:f9:ca:ba:66:38:15:bd:4e:73:72:c7:80:77:
         fd:ec:6e:e2:45:83:93:a2:f9:fa:a9:cf:c6:18:92:d4:39:5f:
         12:f9:75:43:3d:de:4c:59:5a:2d:16:15:0c:4d:55:0b:dc:46:
         bb:f7:0b:8d:ee:85:95:99:ce:86:c4:72:2f:f6:f2:9e:f6:23:
         95:49:e4:9d:e5:70:4e:ad:b2:7d:a8:c5:9c:f0:46:f0:7c:b7:
         88:53:ed:74:d2:7e:59:e6:eb:91:91:26:ff:41:21:1b:ae:42:
         b5:9e:57:ce:ed:17:48:cd:7c:72:f9:ac:c5:09:41:31:e3:ff:
         f5:4e:46:b3:3b:3a:2b:45:13:08:e2:0c:fd:e4:51:e0:00:40:
         6e:90:96:62:1f:35:ed:cc:ac:34:8a:2e:50:2d:85:69:ed:b1:
         b2:2e:4c:61:db:ad:9c:1f:24:a0:64:cc:35:56:96:0d:f8:e5:
         b6:45:a3:0e:0e:2c:6e:93:77:4c:28:f0:96:e6:eb:e2:5a:5c:
         c2:a6:7d:8d:03:ff:59:74:d2:1b:06:3d:ab:84:44:42:c6:83:
         d7:81:f4:34:99:3d:79:72:72:b5:85:f5:53:21:da:25:bb:7b:
         7e:25:2c:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZigEBQHxp5ljufloA+q+1+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwODEyMjA1NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTUwODBlOWRlZTlkNGY0YjQxNzQxNjMwOTQwMDc2MTZiYjQ3NTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlYZfxHTpHAGP/vfSSyMUT4dMe51
1DO6VTVwmYhz/2BW1kYsEU82P04iAegk2jI4mCREVD3ZimyBRBKDWbA1sDnldsfg
hjasZq1Jc0Au069pbRfcbyozNTRluIXtUCrZ809kIdbosW+HH/7MGmU52RiN15Sc
PZLoorhE6b149hdfwuHfnJFeBN9elr3Ch85/hqD0pHJJABZK2YTxIjwnYSVDQlf6
ZSCu6DkYqpEw6Wwe/yhRglIPDFvNQXViqZCXb1lQtZ8r45JvKwUu1pg4iptiB9hj
G4qIPhR/gNrgFLTbVHMJHtEkCZWNRAADjnl5UisVYOccw60CVPaYMYlZWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFElQgOne6dT0tBdBYwlAB2FrtHUVMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvU1ZDQTZkN3AxUFMwRjBGakNVQUhZV3UwZFJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xAHA
MA0GCSqGSIb3DQEBCwUAA4IBAQA3HxhxuwYrYP5cyw8tGzGgTFXnjE3Vv/nKumY4
Fb1Oc3LHgHf97G7iRYOTovn6qc/GGJLUOV8S+XVDPd5MWVotFhUMTVUL3Ea79wuN
7oWVmc6GxHIv9vKe9iOVSeSd5XBOrbJ9qMWc8EbwfLeIU+100n5Z5uuRkSb/QSEb
rkK1nlfO7RdIzXxy+azFCUEx4//1TkazOzorRRMI4gz95FHgAEBukJZiHzXtzKw0
ii5QLYVp7bGyLkxh262cHySgZMw1VpYN+OW2RaMODixuk3dMKPCW5uviWlzCpn2N
A/9ZdNIbBj2rhERCxoPXgfQ0mT15cnK1hfVTIdolu3t+JSxC
-----END CERTIFICATE-----