Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/4wDUf3AnnXwBawOYHsOFYOIa0No.roa
File:                     4wDUf3AnnXwBawOYHsOFYOIa0No.roa (raw, json)
Hash identifier:          YU2NgtxLrQ6ip9DB1MOJgdGEuuoHXksyTpH/0Oo+ibw=
Subject key identifier:   E3:00:D4:7F:70:27:9D:7C:01:6B:03:98:1E:C3:85:60:E2:1A:D0:DA
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01961A0895CEE1C9EDA53901F4E43B8DB418
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/4wDUf3AnnXwBawOYHsOFYOIa0No.roa
Signing time:             Wed 09 Apr 2025 10:11:32 +0000
ROA not before:           Wed 09 Apr 2025 10:11:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26042
IP address blocks:        2a12:bec4:1980::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 19:30:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1a:08:95:ce:e1:c9:ed:a5:39:01:f4:e4:3b:8d:b4:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Apr  9 10:11:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e300d47f70279d7c016b03981ec38560e21ad0da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3b:ce:7a:fb:0a:28:df:c5:d7:ff:4c:bc:d8:
                    3c:ef:da:95:fd:b4:8c:76:92:3e:6e:d4:46:d1:be:
                    ab:54:64:ac:1b:fa:71:11:c7:55:db:cc:93:58:de:
                    53:a6:28:69:24:ca:5e:9f:13:e6:58:27:92:2b:63:
                    ec:72:96:8c:25:63:04:72:b3:7d:d0:50:36:64:20:
                    86:b4:b1:5d:29:ce:fe:fd:f9:b2:bc:35:69:f5:14:
                    db:b6:f4:aa:9c:24:5d:e8:f3:01:df:a2:40:ba:1a:
                    a0:de:eb:0f:1c:c2:46:81:5b:03:67:63:ba:98:e2:
                    6e:eb:52:23:bd:20:f4:23:32:2f:fe:3f:b9:99:b5:
                    70:fa:ce:c3:bf:a8:06:c6:e5:e5:81:ed:b1:bf:69:
                    42:29:1d:bd:27:57:eb:01:a8:43:bc:95:ce:65:71:
                    81:f2:60:55:a6:9c:21:03:b5:f4:25:96:9d:d8:56:
                    8f:4f:1d:88:f0:f7:18:55:47:33:d7:ce:dc:9f:88:
                    00:b4:b8:70:84:44:c2:69:73:fe:59:75:95:ea:9c:
                    88:1c:a5:6d:ac:93:2d:f4:a4:28:a7:12:a6:4e:30:
                    b5:53:75:0c:b0:11:fa:7d:31:59:24:7b:88:f0:57:
                    78:00:e2:12:c1:56:88:ef:b7:83:ca:6a:a2:e9:b0:
                    b7:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:00:D4:7F:70:27:9D:7C:01:6B:03:98:1E:C3:85:60:E2:1A:D0:DA
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/4wDUf3AnnXwBawOYHsOFYOIa0No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1980::/44

    Signature Algorithm: sha256WithRSAEncryption
         03:ae:05:76:5c:bf:38:13:6c:79:7f:6f:b6:33:04:10:c1:85:
         5b:66:c5:e1:76:8d:e8:9f:e5:57:0b:ef:13:ab:8b:7a:86:39:
         a9:82:99:cc:cc:bb:75:fa:5c:9f:a0:02:ed:1b:de:c8:f6:fa:
         ec:c3:d5:49:9c:76:d2:a1:2b:64:81:29:b2:fd:39:a0:9a:f0:
         d8:f4:78:b7:1a:9b:9f:4d:47:ce:24:ce:bc:94:8c:72:6c:0f:
         6b:e3:94:f4:97:97:a9:0d:2b:ff:60:64:29:80:b5:8f:46:c4:
         77:bc:e6:b3:0b:0e:6e:4d:8e:6c:8e:04:a5:77:8c:f9:3a:2c:
         51:05:c3:76:16:64:7e:1f:8d:2a:10:31:88:25:52:ba:db:04:
         d0:da:53:05:5d:46:d1:b9:7c:74:b0:0c:85:95:4d:91:45:bf:
         6e:65:dd:65:ad:7c:2b:da:67:5d:b4:2e:79:70:6a:00:54:24:
         c8:a3:51:a0:b7:04:2c:92:f6:ac:50:54:dc:58:2a:d0:9b:11:
         24:af:fe:7f:6f:44:7a:16:04:89:07:87:29:42:43:db:93:9e:
         86:08:9c:32:0f:8e:1e:35:ac:4e:c4:49:d8:3d:9d:84:41:37:
         47:da:dc:49:1f:9c:7a:8f:c3:bd:e7:ee:90:1b:39:00:1e:21:
         b8:c9:95:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZYaCJXO4cntpTkB9OQ7jbQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNDA5MTAxMTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzAwZDQ3ZjcwMjc5ZDdjMDE2YjAzOTgxZWMzODU2MGUyMWFkMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTvOevsKKN/F1/9MvNg879qV/bSM
dpI+btRG0b6rVGSsG/pxEcdV28yTWN5TpihpJMpenxPmWCeSK2PscpaMJWMEcrN9
0FA2ZCCGtLFdKc7+/fmyvDVp9RTbtvSqnCRd6PMB36JAuhqg3usPHMJGgVsDZ2O6
mOJu61IjvSD0IzIv/j+5mbVw+s7Dv6gGxuXlge2xv2lCKR29J1frAahDvJXOZXGB
8mBVppwhA7X0JZad2FaPTx2I8PcYVUcz187cn4gAtLhwhETCaXP+WXWV6pyIHKVt
rJMt9KQopxKmTjC1U3UMsBH6fTFZJHuI8Fd4AOISwVaI77eDymqi6bC3JQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOMA1H9wJ518AWsDmB7DhWDiGtDaMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvNHdEVWYzQW5uWHdCYXdPWUhzT0ZZT0lhME5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xBmA
MA0GCSqGSIb3DQEBCwUAA4IBAQADrgV2XL84E2x5f2+2MwQQwYVbZsXhdo3on+VX
C+8Tq4t6hjmpgpnMzLt1+lyfoALtG97I9vrsw9VJnHbSoStkgSmy/TmgmvDY9Hi3
GpufTUfOJM68lIxybA9r45T0l5epDSv/YGQpgLWPRsR3vOazCw5uTY5sjgSld4z5
OixRBcN2FmR+H40qEDGIJVK62wTQ2lMFXUbRuXx0sAyFlU2RRb9uZd1lrXwr2mdd
tC55cGoAVCTIo1GgtwQskvasUFTcWCrQmxEkr/5/b0R6FgSJB4cpQkPbk56GCJwy
D44eNaxOxEnYPZ2EQTdH2txJH5x6j8O95+6QGzkAHiG4yZU9
-----END CERTIFICATE-----