Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ZWlYljnWtaQDn9ZHpl4UPUeyBi8.roa
File:                     ZWlYljnWtaQDn9ZHpl4UPUeyBi8.roa (raw, json)
Hash identifier:          wNspHi4HgvkJQx+t6uvbDQBquzan+kGqR/Iuy49ghZQ=
Subject key identifier:   65:69:58:96:39:D6:B5:A4:03:9F:D6:47:A6:5E:14:3D:47:B2:06:2F
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       0196C69672E0B2A03E8EDAF74DB42BB22FEA
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ZWlYljnWtaQDn9ZHpl4UPUeyBi8.roa
Signing time:             Mon 12 May 2025 22:21:10 +0000
ROA not before:           Mon 12 May 2025 22:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214417
IP address blocks:        2a12:bec4:1280::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 10:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c6:96:72:e0:b2:a0:3e:8e:da:f7:4d:b4:2b:b2:2f:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: May 12 22:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6569589639d6b5a4039fd647a65e143d47b2062f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4a:b2:d7:b8:fd:09:85:2f:75:49:b6:d5:71:
                    be:82:15:1e:26:16:65:3c:bf:73:e0:ae:ca:dd:aa:
                    87:11:ed:26:f6:41:68:8e:8b:bd:67:ea:12:e3:59:
                    36:f0:a6:aa:30:9e:bf:60:e0:21:bc:ee:50:e7:88:
                    78:46:04:f6:ae:27:10:22:06:53:fc:b0:8e:64:91:
                    73:68:9a:53:e2:28:cc:87:32:a4:50:74:21:db:62:
                    7c:62:d4:fc:06:2e:c9:3c:20:87:7f:00:c4:03:14:
                    d1:b8:3c:8f:76:61:7e:76:09:e8:c4:d5:d9:15:04:
                    0e:b0:71:23:8d:18:7f:de:8e:a4:26:47:c2:95:b3:
                    79:d5:83:50:e5:1b:0d:63:c3:e0:e5:dc:b3:1c:df:
                    30:a9:3c:6e:30:d5:36:18:93:9d:ed:fc:d4:80:c2:
                    94:b6:23:38:b5:2d:fc:9f:cf:96:3f:c1:89:b5:2a:
                    4d:0c:76:cd:3a:92:2f:f4:49:1a:6d:c5:4c:da:f2:
                    d0:8d:6b:74:15:c7:5c:bb:e8:6a:cb:4f:f9:20:fd:
                    d1:e6:c1:b5:b8:ec:dd:66:7a:aa:c8:c8:e9:de:8b:
                    49:41:64:b7:6f:14:22:91:6c:e2:d3:8a:6d:de:85:
                    00:0d:f2:b2:92:db:40:2b:1b:d5:68:c0:c3:e2:2b:
                    58:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:69:58:96:39:D6:B5:A4:03:9F:D6:47:A6:5E:14:3D:47:B2:06:2F
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/ZWlYljnWtaQDn9ZHpl4UPUeyBi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1280::/44

    Signature Algorithm: sha256WithRSAEncryption
         a9:cc:b8:68:f1:f5:44:d3:a5:a1:8c:4a:dd:e9:01:5c:5d:97:
         b7:81:34:37:7b:eb:eb:5a:ca:9d:56:8c:73:c4:2a:43:ca:c5:
         44:5d:83:a0:27:79:5c:9f:4b:38:b4:8d:7d:92:04:58:86:f4:
         85:5f:63:1c:4a:ea:d9:18:10:5c:67:07:60:61:0d:37:f0:a0:
         c2:bb:57:c8:a4:f1:6d:70:12:7f:99:4f:0d:37:df:58:85:55:
         61:14:00:7d:77:0b:e4:e8:9d:b2:eb:a6:9f:45:15:f4:ca:00:
         df:b0:b3:ce:84:65:06:d5:3c:cb:82:e3:a7:db:a9:e4:e3:d5:
         b1:a2:ca:6c:2a:da:c2:a5:9d:77:07:ec:94:2e:f3:85:cf:15:
         1b:07:28:fb:4d:fc:38:9c:bd:63:5e:0f:c7:47:1f:b1:4d:e9:
         e5:52:8d:47:0b:d2:df:eb:42:10:9b:d2:8c:e5:d7:74:4f:e4:
         31:69:d1:64:dc:a3:c6:b9:83:47:2d:1e:e8:15:de:52:58:ff:
         f5:15:0c:a9:f3:d2:85:b3:57:59:5e:aa:ed:82:06:5e:c5:c4:
         f9:a5:de:95:7e:8c:51:59:c0:e2:92:07:13:3e:f0:2d:2f:c0:
         63:9a:1a:80:48:d6:06:47:99:39:04:ae:08:a0:9c:d9:82:92:
         18:7c:5d:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbGlnLgsqA+jtr3TbQrsi/qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNTEyMjIyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTY5NTg5NjM5ZDZiNWE0MDM5ZmQ2NDdhNjVlMTQzZDQ3YjIwNjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEqy17j9CYUvdUm21XG+ghUeJhZl
PL9z4K7K3aqHEe0m9kFojou9Z+oS41k28KaqMJ6/YOAhvO5Q54h4RgT2ricQIgZT
/LCOZJFzaJpT4ijMhzKkUHQh22J8YtT8Bi7JPCCHfwDEAxTRuDyPdmF+dgnoxNXZ
FQQOsHEjjRh/3o6kJkfClbN51YNQ5RsNY8Pg5dyzHN8wqTxuMNU2GJOd7fzUgMKU
tiM4tS38n8+WP8GJtSpNDHbNOpIv9EkabcVM2vLQjWt0Fcdcu+hqy0/5IP3R5sG1
uOzdZnqqyMjp3otJQWS3bxQikWzi04pt3oUADfKykttAKxvVaMDD4itYNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGVpWJY51rWkA5/WR6ZeFD1HsgYvMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvWldsWWxqbld0YVFEbjlaSHBsNFVQVWV5Qmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBKA
MA0GCSqGSIb3DQEBCwUAA4IBAQCpzLho8fVE06WhjErd6QFcXZe3gTQ3e+vrWsqd
VoxzxCpDysVEXYOgJ3lcn0s4tI19kgRYhvSFX2McSurZGBBcZwdgYQ038KDCu1fI
pPFtcBJ/mU8NN99YhVVhFAB9dwvk6J2y66afRRX0ygDfsLPOhGUG1TzLguOn26nk
49WxospsKtrCpZ13B+yULvOFzxUbByj7Tfw4nL1jXg/HRx+xTenlUo1HC9Lf60IQ
m9KM5dd0T+QxadFk3KPGuYNHLR7oFd5SWP/1FQyp89KFs1dZXqrtggZexcT5pd6V
foxRWcDikgcTPvAtL8BjmhqASNYGR5k5BK4IoJzZgpIYfF3U
-----END CERTIFICATE-----