Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/nTultqMCmlhPBWwMPBt0ENfJbcE.roa
File:                     nTultqMCmlhPBWwMPBt0ENfJbcE.roa (raw, json)
Hash identifier:          MDelqZsjJCKC++LDtYmEjj+2V40CyZzSqzW7x0tmfvY=
Subject key identifier:   9D:3B:A5:B6:A3:02:9A:58:4F:05:6C:0C:3C:1B:74:10:D7:C9:6D:C1
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       01988BB5CFE39B31D551DE22FAAE8B445FDF
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/nTultqMCmlhPBWwMPBt0ENfJbcE.roa
Signing time:             Fri 08 Aug 2025 22:03:24 +0000
ROA not before:           Fri 08 Aug 2025 22:03:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213026
IP address blocks:        2a12:bec0:6b0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8b:b5:cf:e3:9b:31:d5:51:de:22:fa:ae:8b:44:5f:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Aug  8 22:03:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d3ba5b6a3029a584f056c0c3c1b7410d7c96dc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:42:0f:df:96:63:dd:33:2a:44:26:c6:12:7a:
                    76:2e:7b:b9:b2:e7:e1:48:26:37:a9:e8:ea:02:f1:
                    80:f6:5f:83:bd:b9:09:18:39:ce:b2:c0:06:d7:58:
                    35:e8:ac:73:74:ad:c0:c7:ef:73:58:0a:5a:f3:f2:
                    39:d5:09:82:f5:df:65:f0:93:fa:30:f5:15:57:1e:
                    7d:00:18:cf:6c:07:ea:73:da:30:57:4d:29:db:cb:
                    a3:38:5e:42:7f:77:ff:7a:af:c9:83:f7:ed:a3:90:
                    fa:14:67:7e:6a:42:c0:85:17:b2:9b:8f:dd:b6:a5:
                    99:76:a3:04:47:ff:7c:07:32:78:35:35:ff:02:11:
                    58:cb:3d:7a:c9:a5:c9:dd:77:11:8f:af:bc:cf:24:
                    d3:44:d1:4b:34:76:5c:7f:95:4b:0f:1e:5f:9a:ff:
                    d2:45:9e:be:a6:47:2e:64:08:8b:cf:c3:fc:13:67:
                    ed:a8:98:14:76:fd:c7:9d:a6:76:aa:f0:1c:5b:dd:
                    b9:15:a5:2c:39:fa:a2:bf:4d:84:87:6c:86:26:f4:
                    cf:47:b1:38:50:bb:bf:09:9c:c3:4e:63:28:e1:21:
                    35:0d:61:6d:65:4c:3e:65:7d:81:58:8c:de:0e:55:
                    36:11:11:b9:fb:18:76:85:38:fa:09:6e:e6:77:a1:
                    47:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3B:A5:B6:A3:02:9A:58:4F:05:6C:0C:3C:1B:74:10:D7:C9:6D:C1
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/nTultqMCmlhPBWwMPBt0ENfJbcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:6b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         26:40:52:2e:1b:1e:02:c0:b8:e2:54:5c:5a:92:3b:3d:a3:41:
         eb:3e:f8:0c:c3:23:01:be:e4:8f:fd:de:cd:3c:fb:b3:f9:67:
         aa:ae:67:26:48:be:34:72:0e:0f:73:59:7c:06:50:a1:c5:31:
         7a:56:c7:05:1a:b7:3e:0d:b3:34:da:24:94:12:f9:9d:e3:88:
         54:3a:b0:3d:76:fd:93:56:e9:55:49:89:40:1c:c3:df:da:85:
         5d:58:cb:e1:4e:7b:25:b6:24:4b:df:dc:0a:70:b5:83:c3:a4:
         de:0a:de:ad:6d:03:ee:c2:c7:25:7e:8d:43:9c:6e:ef:98:19:
         46:8f:82:a5:d7:fa:4a:23:74:38:4b:86:57:e8:ec:ae:92:ec:
         ea:a0:52:77:ec:da:e4:60:e7:38:b2:5b:9b:ea:e2:eb:ec:41:
         8c:05:5b:60:03:8b:27:92:d9:e7:10:cb:2c:a5:97:c4:5e:f7:
         29:3f:d0:08:f0:1e:7c:3f:42:62:eb:55:b9:2c:c3:c9:46:d2:
         0e:4e:ee:42:2b:99:ea:ae:dc:8b:0a:85:82:16:32:bc:73:33:
         9a:1d:d4:ce:fe:25:7d:0d:09:ab:25:2b:91:42:f3:6c:3f:1a:
         67:3a:37:e0:13:cf:2a:d9:d6:55:71:3f:f0:68:a0:2d:d7:b9:
         d5:d5:ce:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZiLtc/jmzHVUd4i+q6LRF/fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwODA4MjIwMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDNiYTViNmEzMDI5YTU4NGYwNTZjMGMzYzFiNzQxMGQ3Yzk2ZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkIP35Zj3TMqRCbGEnp2Lnu5sufh
SCY3qejqAvGA9l+DvbkJGDnOssAG11g16KxzdK3Ax+9zWApa8/I51QmC9d9l8JP6
MPUVVx59ABjPbAfqc9owV00p28ujOF5Cf3f/eq/Jg/fto5D6FGd+akLAhReym4/d
tqWZdqMER/98BzJ4NTX/AhFYyz16yaXJ3XcRj6+8zyTTRNFLNHZcf5VLDx5fmv/S
RZ6+pkcuZAiLz8P8E2ftqJgUdv3HnaZ2qvAcW925FaUsOfqiv02Eh2yGJvTPR7E4
ULu/CZzDTmMo4SE1DWFtZUw+ZX2BWIzeDlU2ERG5+xh2hTj6CW7md6FHfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ07pbajAppYTwVsDDwbdBDXyW3BMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvblR1bHRxTUNtbGhQQld3TVBCdDBFTmZKYmNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAaw
MA0GCSqGSIb3DQEBCwUAA4IBAQAmQFIuGx4CwLjiVFxakjs9o0HrPvgMwyMBvuSP
/d7NPPuz+WeqrmcmSL40cg4Pc1l8BlChxTF6VscFGrc+DbM02iSUEvmd44hUOrA9
dv2TVulVSYlAHMPf2oVdWMvhTnsltiRL39wKcLWDw6TeCt6tbQPuwsclfo1DnG7v
mBlGj4Kl1/pKI3Q4S4ZX6OyukuzqoFJ37NrkYOc4slub6uLr7EGMBVtgA4snktnn
EMsspZfEXvcpP9AI8B58P0Ji61W5LMPJRtIOTu5CK5nqrtyLCoWCFjK8czOaHdTO
/iV9DQmrJSuRQvNsPxpnOjfgE88q2dZVcT/waKAt17nV1c4g
-----END CERTIFICATE-----