Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/WzrfmwmTNVB6uRHrw-ne9ZdLki0.roa
File:                     WzrfmwmTNVB6uRHrw-ne9ZdLki0.roa (raw, json)
Hash identifier:          cTgbaAteX5wjuagd2qFvaX4ORfcHC52dMpApK36A7Lc=
Subject key identifier:   5B:3A:DF:9B:09:93:35:50:7A:B9:11:EB:C3:E9:DE:F5:97:4B:92:2D
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       01977A4F780A6A6FE69CC59765D016499EF9
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/WzrfmwmTNVB6uRHrw-ne9ZdLki0.roa
Signing time:             Mon 16 Jun 2025 19:55:17 +0000
ROA not before:           Mon 16 Jun 2025 19:55:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a12:3b40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 22:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7a:4f:78:0a:6a:6f:e6:9c:c5:97:65:d0:16:49:9e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Jun 16 19:55:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b3adf9b099335507ab911ebc3e9def5974b922d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4f:9a:72:50:89:e2:1b:6b:15:93:85:6b:1d:
                    01:50:ab:8a:1a:a9:bf:04:46:3c:f8:40:58:45:b2:
                    71:15:37:6e:15:a4:7d:26:36:ad:c4:78:86:8a:ed:
                    55:d3:96:c1:f3:fe:b8:09:1f:a3:38:ab:6f:44:f1:
                    1e:75:22:ea:45:aa:ef:62:5b:5a:04:0e:94:9b:e6:
                    88:42:09:4e:bb:90:46:73:8d:e3:60:54:4d:14:fb:
                    dc:a3:35:51:f1:0f:3f:6c:39:1d:95:e5:09:97:a9:
                    db:1f:c9:75:33:8f:e9:db:35:a9:e1:c1:4f:4e:1d:
                    0a:e5:7d:07:29:d2:4c:f6:ca:ec:65:9c:6b:ce:cf:
                    bc:30:1b:14:40:95:c8:1e:ac:ee:2b:a8:b6:14:d3:
                    e0:b5:e7:cd:9f:7c:ee:f2:cd:ea:60:cc:8b:24:0b:
                    73:3f:e9:53:3c:a5:05:4c:5a:d2:ca:89:a9:73:d2:
                    fa:e8:6d:b8:dd:5c:3d:61:3f:d3:0e:2b:69:10:9a:
                    1c:f3:a3:0c:79:1f:05:3f:a7:29:ab:9c:02:99:eb:
                    6e:dc:be:d9:59:d6:db:55:1e:f3:f3:fc:93:ca:ee:
                    34:da:ff:b2:6c:fe:34:aa:e2:47:f9:d2:85:4e:04:
                    1d:ac:5c:54:fe:ee:9b:60:75:22:08:dd:d4:1f:c4:
                    cf:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:3A:DF:9B:09:93:35:50:7A:B9:11:EB:C3:E9:DE:F5:97:4B:92:2D
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/WzrfmwmTNVB6uRHrw-ne9ZdLki0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:2f:67:f8:ab:a6:25:bc:d1:3f:be:37:ce:8f:84:9b:8d:a4:
         89:00:3d:f1:4b:18:fb:78:53:fa:92:d2:4e:bd:06:83:05:78:
         08:86:01:65:3d:cb:d9:c4:9b:83:5c:1b:b7:f0:a4:de:f2:b8:
         4c:f3:12:43:4c:63:24:11:5f:5c:2f:59:a7:1b:ee:77:53:15:
         ba:52:8d:35:93:4d:75:b3:a7:23:dd:fe:e4:7b:0c:f9:f0:56:
         42:1e:12:eb:ea:45:da:35:8a:be:93:9c:1f:a3:44:ca:99:ee:
         cb:0b:89:cb:c1:8d:16:78:4e:c8:8a:13:3b:52:c9:08:f1:41:
         c7:b6:2d:7a:91:9d:e0:45:00:c2:4f:77:01:93:b8:a0:a6:94:
         ff:1c:bb:de:7e:c1:db:d0:da:e0:de:f7:b3:01:8b:f4:06:d9:
         4f:a2:d4:d5:6a:f7:aa:a9:ea:d0:02:fe:c2:a6:8c:59:97:bd:
         83:b8:d4:7a:a1:a7:8d:75:3f:40:5a:97:31:24:57:d6:87:da:
         cf:25:4c:a4:63:38:8e:d2:dd:b1:7b:35:b8:02:c2:94:b4:35:
         e1:0d:c6:82:01:0c:52:cd:bf:c4:cd:e2:b5:3d:3f:c0:a7:d4:
         bc:dc:ee:fb:80:55:66:2e:9a:a0:10:2b:f4:f9:da:5c:50:fd:
         fb:25:2f:cc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd6T3gKam/mnMWXZdAWSZ75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNjE2MTk1NTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjNhZGY5YjA5OTMzNTUwN2FiOTExZWJjM2U5ZGVmNTk3NGI5MjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvU+aclCJ4htrFZOFax0BUKuKGqm/
BEY8+EBYRbJxFTduFaR9JjatxHiGiu1V05bB8/64CR+jOKtvRPEedSLqRarvYlta
BA6Um+aIQglOu5BGc43jYFRNFPvcozVR8Q8/bDkdleUJl6nbH8l1M4/p2zWp4cFP
Th0K5X0HKdJM9srsZZxrzs+8MBsUQJXIHqzuK6i2FNPgtefNn3zu8s3qYMyLJAtz
P+lTPKUFTFrSyompc9L66G243Vw9YT/TDitpEJoc86MMeR8FP6cpq5wCmetu3L7Z
WdbbVR7z8/yTyu402v+ybP40quJH+dKFTgQdrFxU/u6bYHUiCN3UH8TPLwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFs635sJkzVQerkR68Pp3vWXS5ItMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvV3pyZm13bVROVkI2dVJIcnctbmU5WmRMa2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhI7QDAN
BgkqhkiG9w0BAQsFAAOCAQEAGS9n+KumJbzRP743zo+Em42kiQA98UsY+3hT+pLS
Tr0GgwV4CIYBZT3L2cSbg1wbt/Ck3vK4TPMSQ0xjJBFfXC9Zpxvud1MVulKNNZNN
dbOnI93+5HsM+fBWQh4S6+pF2jWKvpOcH6NEypnuywuJy8GNFnhOyIoTO1LJCPFB
x7YtepGd4EUAwk93AZO4oKaU/xy73n7B29Da4N73swGL9AbZT6LU1Wr3qqnq0AL+
wqaMWZe9g7jUeqGnjXU/QFqXMSRX1ofazyVMpGM4jtLdsXs1uALClLQ14Q3GggEM
Us2/xM3itT0/wKfUvNzu+4BVZi6aoBAr9PnaXFD9+yUvzA==
-----END CERTIFICATE-----