Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Dd2vfCum3cOe0h0adG9HIGWZMF4.roa
File:                     Dd2vfCum3cOe0h0adG9HIGWZMF4.roa (raw, json)
Hash identifier:          9UZIkLFEGu+DqgauSfmE3DXeOnU+c3md1LqONa6obic=
Subject key identifier:   0D:DD:AF:7C:2B:A6:DD:C3:9E:D2:1D:1A:74:6F:47:20:65:99:30:5E
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       01952479479A50EA32EC01C749668FEBD63B
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Dd2vfCum3cOe0h0adG9HIGWZMF4.roa
Signing time:             Thu 20 Feb 2025 17:48:02 +0000
ROA not before:           Thu 20 Feb 2025 17:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0f:da82::/32 maxlen: 32
                          2a11:66c7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:24:79:47:9a:50:ea:32:ec:01:c7:49:66:8f:eb:d6:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Feb 20 17:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0dddaf7c2ba6ddc39ed21d1a746f47206599305e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:58:35:7c:37:8b:5b:a0:d4:62:71:ba:59:0e:
                    4f:15:ca:5f:aa:4a:2e:5c:1f:cd:1b:33:44:ac:f4:
                    97:43:53:f6:5e:dd:4f:2b:39:7e:2c:7a:8a:26:83:
                    20:68:08:b7:fb:23:f9:d3:aa:a4:86:15:1e:58:4b:
                    a2:bb:0f:b9:85:db:9d:f8:ab:9e:c6:b1:16:56:32:
                    7e:ba:8a:e7:0e:bb:84:d5:81:bd:7d:73:a8:5d:0b:
                    5a:d4:42:78:84:2b:78:16:ec:27:f3:a3:41:61:7d:
                    6e:66:5c:e6:54:14:8b:10:eb:a1:9f:05:b3:0a:a3:
                    20:4c:fc:2b:38:17:6d:9e:f1:04:a5:14:3d:22:46:
                    66:f8:aa:b2:c9:78:58:a9:39:2f:fd:3e:c0:c9:d6:
                    87:0c:c2:53:21:be:e9:58:3c:e9:12:11:da:ba:e1:
                    0b:b7:1a:54:c0:ee:64:43:76:86:c6:74:73:26:11:
                    67:fa:a9:62:03:06:0a:a1:fb:fb:5d:42:de:d4:a9:
                    a0:bc:d9:28:4b:e3:98:17:82:0d:78:f4:d4:d9:90:
                    a0:57:a3:b0:17:5c:db:a2:5d:df:72:28:d7:c3:0e:
                    01:2b:78:4e:16:01:4c:4b:7c:aa:d3:8f:4e:c5:db:
                    4b:d7:de:c5:33:49:98:2b:82:9b:0e:2e:2c:8e:ec:
                    0f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:DD:AF:7C:2B:A6:DD:C3:9E:D2:1D:1A:74:6F:47:20:65:99:30:5E
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Dd2vfCum3cOe0h0adG9HIGWZMF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:da82::/32
                  2a11:66c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:0b:32:b6:cd:6d:ef:6a:8e:23:88:c8:9e:b5:ac:06:78:a3:
         0b:4a:23:9c:fb:b3:9d:1c:7d:3b:f4:bd:03:39:83:74:12:6d:
         1c:8e:c2:34:8b:77:0a:01:6f:bd:b4:00:c9:f3:9e:bd:13:a1:
         d1:16:37:86:f0:28:ed:ed:5a:93:2a:13:36:a9:ce:b4:ab:32:
         9b:60:4b:bb:f3:54:42:15:49:a5:ce:d2:bc:93:56:5f:48:00:
         77:62:c5:4c:d5:4f:59:0b:41:df:8f:5a:7e:8c:e1:1b:83:39:
         ea:0b:b2:e4:86:e5:53:e9:d3:d6:9f:81:00:c2:0a:55:46:b4:
         45:13:79:4f:23:67:ec:c5:0f:2e:d6:8c:c2:64:8f:c5:33:1d:
         5c:9f:d5:64:37:0f:e3:23:7c:26:f6:9d:39:e1:df:82:dc:54:
         40:f9:e8:e7:6b:43:39:0a:d6:f0:1e:14:e5:00:f6:4a:ac:ce:
         51:d5:77:7c:6a:74:1c:b3:8e:dd:2c:f7:b1:da:c9:14:59:96:
         03:86:34:ff:b6:c9:02:b1:a6:3a:5f:2b:e7:f6:26:7f:ce:d0:
         7d:e1:75:48:a1:cf:8d:ad:f9:e5:1b:b1:44:11:dd:99:a1:81:
         98:6a:bc:db:0e:68:76:bf:d7:18:28:87:4b:56:c8:35:c7:ad:
         c9:9b:46:14
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZUkeUeaUOoy7AHHSWaP69Y7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjUwMjIwMTc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGRkYWY3YzJiYTZkZGMzOWVkMjFkMWE3NDZmNDcyMDY1OTkzMDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplg1fDeLW6DUYnG6WQ5PFcpfqkou
XB/NGzNErPSXQ1P2Xt1PKzl+LHqKJoMgaAi3+yP506qkhhUeWEuiuw+5hdud+Kue
xrEWVjJ+uornDruE1YG9fXOoXQta1EJ4hCt4Fuwn86NBYX1uZlzmVBSLEOuhnwWz
CqMgTPwrOBdtnvEEpRQ9IkZm+KqyyXhYqTkv/T7AydaHDMJTIb7pWDzpEhHauuEL
txpUwO5kQ3aGxnRzJhFn+qliAwYKofv7XULe1KmgvNkoS+OYF4INePTU2ZCgV6Ow
F1zbol3fcijXww4BK3hOFgFMS3yq049OxdtL197FM0mYK4KbDi4sjuwPZQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFA3dr3wrpt3DntIdGnRvRyBlmTBeMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvRGQydmZDdW0zY09lMGgwYWRHOUhJR1daTUY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg/aggMF
ACoRZscwDQYJKoZIhvcNAQELBQADggEBABILMrbNbe9qjiOIyJ61rAZ4owtKI5z7
s50cfTv0vQM5g3QSbRyOwjSLdwoBb720AMnznr0TodEWN4bwKO3tWpMqEzapzrSr
MptgS7vzVEIVSaXO0ryTVl9IAHdixUzVT1kLQd+PWn6M4RuDOeoLsuSG5VPp09af
gQDCClVGtEUTeU8jZ+zFDy7WjMJkj8UzHVyf1WQ3D+MjfCb2nTnh34LcVED56Odr
QzkK1vAeFOUA9kqszlHVd3xqdByzjt0s97HayRRZlgOGNP+2yQKxpjpfK+f2Jn/O
0H3hdUihz42t+eUbsUQR3ZmhgZhqvNsOaHa/1xgoh0tWyDXHrcmbRhQ=
-----END CERTIFICATE-----