Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/vTNM4m6CbUwbrvUjHBwBVw0_vYs.roa
File:                     vTNM4m6CbUwbrvUjHBwBVw0_vYs.roa (raw, json)
Hash identifier:          7BbpPre0ZtLQJ0mFYOMZGVaoQeJskvISu8hLB2sHUnE=
Subject key identifier:   BD:33:4C:E2:6E:82:6D:4C:1B:AE:F5:23:1C:1C:01:57:0D:3F:BD:8B
Certificate issuer:       /CN=807709e7b0efba127025c83e5d3194c71ba428c3
Certificate serial:       019420680E2F010F915230660FF93D35756B
Authority key identifier: 80:77:09:E7:B0:EF:BA:12:70:25:C8:3E:5D:31:94:C7:1B:A4:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/vTNM4m6CbUwbrvUjHBwBVw0_vYs.roa
Signing time:             Wed 01 Jan 2025 05:47:57 +0000
ROA not before:           Wed 01 Jan 2025 05:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31078
IP address blocks:        2a0f:6040:7966::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0e:2f:01:0f:91:52:30:66:0f:f9:3d:35:75:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=807709e7b0efba127025c83e5d3194c71ba428c3
        Validity
            Not Before: Jan  1 05:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd334ce26e826d4c1baef5231c1c01570d3fbd8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:da:f4:65:39:90:f2:29:2d:19:3b:41:b8:ca:
                    e3:53:d6:90:07:23:5d:43:15:a3:62:75:2c:c4:8b:
                    2f:84:79:7c:8c:10:fc:d7:d1:76:a3:86:e6:e6:ea:
                    c0:c5:2d:0f:39:da:7c:d9:8e:f6:73:7b:34:fe:b1:
                    ca:e5:98:82:54:80:f9:8f:93:22:aa:4d:0c:7b:06:
                    e8:24:68:f5:a2:34:f4:04:9f:03:f0:ea:63:7b:d5:
                    af:1c:58:09:55:32:78:fe:8f:22:4c:2c:ca:7b:67:
                    7a:62:fe:81:18:64:0b:7d:82:5a:f8:e2:0b:50:f7:
                    f2:4b:82:f8:e3:f1:5f:bc:92:c3:d2:d2:ef:a4:95:
                    fb:a9:29:56:fd:5e:e7:3f:2b:5c:74:bb:f2:2a:af:
                    be:36:6a:96:95:6f:bc:de:6f:af:bb:7b:71:02:3c:
                    b1:a9:95:57:46:e8:59:9b:40:a5:55:7a:d7:b0:f5:
                    d8:af:8a:ef:ea:f9:35:a3:90:1a:23:c2:38:e6:56:
                    ca:a9:e7:03:8c:0d:d9:50:c8:ce:3e:10:46:8d:80:
                    b1:6b:a9:f1:7f:8e:1d:cf:13:1d:38:9d:5e:ce:4b:
                    d4:5a:ed:c9:bb:b0:74:3f:88:50:5f:3c:24:9e:a1:
                    cc:dc:81:89:25:aa:62:e6:a4:30:db:f5:5f:df:6f:
                    6b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:33:4C:E2:6E:82:6D:4C:1B:AE:F5:23:1C:1C:01:57:0D:3F:BD:8B
            X509v3 Authority Key Identifier:
                keyid:80:77:09:E7:B0:EF:BA:12:70:25:C8:3E:5D:31:94:C7:1B:A4:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/vTNM4m6CbUwbrvUjHBwBVw0_vYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6040:7966::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:ba:83:c2:0c:93:85:3b:43:62:45:6e:cf:e2:7c:e7:2d:95:
         f6:e4:94:8f:e1:16:fa:60:20:bf:cc:ef:89:58:03:83:7d:4f:
         b7:5d:a4:87:12:64:f2:af:f2:c9:d7:58:d7:ff:58:fa:ee:8d:
         da:86:da:59:25:71:b5:9f:76:a7:3e:05:04:b8:49:24:be:f3:
         1a:40:da:7d:50:19:99:c3:a4:19:2f:c6:b9:8f:58:be:19:c6:
         53:4d:f8:88:b9:9d:25:67:0d:5a:f7:02:3b:55:0c:ff:bd:89:
         22:59:ad:70:1a:ea:b8:d3:7f:41:ab:2c:d6:e1:e9:05:58:62:
         aa:6b:42:a3:09:18:c3:7b:bf:bf:fc:a0:d4:36:4c:fd:08:ce:
         8e:66:07:76:99:06:fb:05:c8:78:df:88:61:fd:f5:9a:ee:fc:
         93:1d:7f:4b:be:1e:f5:91:d5:d7:a7:33:16:4c:76:63:50:07:
         f1:0f:0b:55:9f:9e:8d:c2:24:76:1e:39:af:75:09:30:1f:90:
         c1:78:a9:e9:4a:ef:3d:99:f0:bf:d6:fa:51:9a:61:0d:c3:2a:
         98:80:31:3f:8f:d8:c3:3f:ae:a9:8a:4d:41:3c:74:99:19:03:
         32:25:39:d1:c1:ca:49:bc:cd:bf:d6:12:89:9a:e6:d6:5b:80:
         72:25:19:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgaA4vAQ+RUjBmD/k9NXVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNzcwOWU3YjBlZmJhMTI3MDI1YzgzZTVkMzE5NGM3MWJh
NDI4YzMwHhcNMjUwMTAxMDU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDMzNGNlMjZlODI2ZDRjMWJhZWY1MjMxYzFjMDE1NzBkM2ZiZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdr0ZTmQ8iktGTtBuMrjU9aQByNd
QxWjYnUsxIsvhHl8jBD819F2o4bm5urAxS0POdp82Y72c3s0/rHK5ZiCVID5j5Mi
qk0MewboJGj1ojT0BJ8D8Opje9WvHFgJVTJ4/o8iTCzKe2d6Yv6BGGQLfYJa+OIL
UPfyS4L44/FfvJLD0tLvpJX7qSlW/V7nPytcdLvyKq++NmqWlW+83m+vu3txAjyx
qZVXRuhZm0ClVXrXsPXYr4rv6vk1o5AaI8I45lbKqecDjA3ZUMjOPhBGjYCxa6nx
f44dzxMdOJ1ezkvUWu3Ju7B0P4hQXzwknqHM3IGJJapi5qQw2/Vf329raQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL0zTOJugm1MG671IxwcAVcNP72LMB8GA1UdIwQY
MBaAFIB3Ceew77oScCXIPl0xlMcbpCjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0hjSjU3RHZ1aEp3SmNnLVhUR1V4eHVrS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jNDI2YzMtNGYwMy00NmJiLTgwMDgt
YmU5YWQyYmY3MjVmLzEvdlROTTRtNkNiVXdicnZVakhCd0JWdzBfdllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jNDI2YzMtNGYwMy00NmJiLTgwMDgtYmU5YWQyYmY3MjVm
LzEvZ0hjSjU3RHZ1aEp3SmNnLVhUR1V4eHVrS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9gQHlm
MA0GCSqGSIb3DQEBCwUAA4IBAQCouoPCDJOFO0NiRW7P4nznLZX25JSP4Rb6YCC/
zO+JWAODfU+3XaSHEmTyr/LJ11jX/1j67o3ahtpZJXG1n3anPgUEuEkkvvMaQNp9
UBmZw6QZL8a5j1i+GcZTTfiIuZ0lZw1a9wI7VQz/vYkiWa1wGuq4039BqyzW4ekF
WGKqa0KjCRjDe7+//KDUNkz9CM6OZgd2mQb7Bch434hh/fWa7vyTHX9Lvh71kdXX
pzMWTHZjUAfxDwtVn56NwiR2HjmvdQkwH5DBeKnpSu89mfC/1vpRmmENwyqYgDE/
j9jDP66pik1BPHSZGQMyJTnRwcpJvM2/1hKJmubWW4ByJRmP
-----END CERTIFICATE-----