Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/TzrbKsWWc5ntNZrK15cj-JJEJ58.roa
File:                     TzrbKsWWc5ntNZrK15cj-JJEJ58.roa (raw, json)
Hash identifier:          RQ/89mGjpo+vMKngRW92R9jY7f/Z1DigzUFyYoUKxXI=
Subject key identifier:   4F:3A:DB:2A:C5:96:73:99:ED:35:9A:CA:D7:97:23:F8:92:44:27:9F
Certificate issuer:       /CN=22877298dae5d5a3beabca16e92d1a141e948627
Certificate serial:       0195A8A9B7BE68B985AE39C4A80479C02095
Authority key identifier: 22:87:72:98:DA:E5:D5:A3:BE:AB:CA:16:E9:2D:1A:14:1E:94:86:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IodymNrl1aO-q8oW6S0aFB6Uhic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/TzrbKsWWc5ntNZrK15cj-JJEJ58.roa
Signing time:             Tue 18 Mar 2025 09:50:49 +0000
ROA not before:           Tue 18 Mar 2025 09:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395403
IP address blocks:        2a00:edc0:1007::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/IodymNrl1aO-q8oW6S0aFB6Uhic.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/IodymNrl1aO-q8oW6S0aFB6Uhic.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IodymNrl1aO-q8oW6S0aFB6Uhic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a8:a9:b7:be:68:b9:85:ae:39:c4:a8:04:79:c0:20:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22877298dae5d5a3beabca16e92d1a141e948627
        Validity
            Not Before: Mar 18 09:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f3adb2ac5967399ed359acad79723f89244279f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:b6:ca:8c:c0:5d:57:06:30:2f:98:20:18:03:
                    e7:d4:5b:c4:8d:2d:cc:b1:80:09:f6:0b:7c:19:af:
                    71:60:e9:6d:1a:13:9e:21:c7:5f:69:1a:e9:c7:c0:
                    38:75:48:f7:16:fe:c4:00:61:fb:be:cd:e6:06:d0:
                    e0:5a:2b:5f:bb:7c:3f:65:56:54:bc:33:8b:7f:4c:
                    07:e0:01:2f:2b:de:44:c5:76:43:ae:57:fe:af:7a:
                    46:1e:92:d5:51:76:3b:34:94:e8:cf:1a:9f:dc:f2:
                    32:94:0b:2c:35:a3:47:ba:34:bd:52:2b:e4:7b:79:
                    fc:38:ba:08:b9:be:de:5b:41:f2:b6:10:8c:00:fe:
                    1f:47:f1:d7:ad:e8:26:f3:e9:6b:ee:a1:0a:38:d8:
                    76:a2:8a:34:55:a5:f8:a0:51:98:1a:85:64:8e:35:
                    e9:d3:25:58:da:a8:d0:67:c0:28:8d:bc:84:9e:20:
                    84:33:45:ef:8c:13:b8:3d:c9:3c:d8:b9:3b:95:13:
                    e9:c6:bb:30:8c:f6:9e:75:e0:0a:38:3e:36:32:9b:
                    3d:e4:bb:96:0f:fd:92:a5:f0:d1:a7:de:16:73:54:
                    f3:74:a4:be:45:83:7d:0f:30:aa:ef:fa:85:f0:a2:
                    86:63:f9:50:12:b1:f2:b1:84:da:27:1b:b2:80:55:
                    19:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:3A:DB:2A:C5:96:73:99:ED:35:9A:CA:D7:97:23:F8:92:44:27:9F
            X509v3 Authority Key Identifier:
                keyid:22:87:72:98:DA:E5:D5:A3:BE:AB:CA:16:E9:2D:1A:14:1E:94:86:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IodymNrl1aO-q8oW6S0aFB6Uhic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/TzrbKsWWc5ntNZrK15cj-JJEJ58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/IodymNrl1aO-q8oW6S0aFB6Uhic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:edc0:1007::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:41:f8:72:e0:c4:ba:d4:78:47:c7:a3:51:2f:3e:28:96:c1:
         ce:43:3e:e5:89:4d:53:76:38:f7:8e:23:f5:f3:c4:5a:70:1d:
         f6:86:90:1e:be:82:fe:be:6f:ba:a8:e9:dd:0f:d2:30:88:a8:
         cd:01:10:a6:28:2d:18:3a:15:23:97:da:3a:b7:1c:5f:79:74:
         47:ae:d5:2d:dd:c0:b4:04:d4:cd:9c:cc:1b:aa:4c:44:fc:39:
         ba:4c:c4:4a:57:e4:d2:ff:10:a8:5c:eb:d4:04:81:c2:ad:46:
         5f:bf:c1:94:26:88:81:d8:7d:ac:e7:3d:fa:c7:f7:78:f9:a5:
         4a:5d:32:64:46:0f:a5:42:52:ae:89:7f:98:70:d9:39:43:d4:
         f0:36:ac:41:07:ff:3e:bb:3d:84:77:21:8a:90:6b:60:87:e9:
         f7:d8:5a:20:00:e1:ee:c1:ce:f6:f3:41:15:ea:e6:af:93:51:
         cc:7f:ce:ad:64:a0:12:a2:8e:9f:cc:fa:22:0c:7b:aa:1d:f5:
         1d:22:7d:31:6d:48:33:ef:ba:f9:87:19:a3:d4:99:89:ea:75:
         a5:a1:a6:fc:7d:08:07:dc:35:c3:81:33:c3:ad:02:64:f8:d2:
         d8:25:ae:eb:f3:35:f5:e0:7e:d5:90:07:05:54:dd:1c:cd:34:
         ef:d3:61:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZWoqbe+aLmFrjnEqAR5wCCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyODc3Mjk4ZGFlNWQ1YTNiZWFiY2ExNmU5MmQxYTE0MWU5
NDg2MjcwHhcNMjUwMzE4MDk1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjNhZGIyYWM1OTY3Mzk5ZWQzNTlhY2FkNzk3MjNmODkyNDQyNzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6rbKjMBdVwYwL5ggGAPn1FvEjS3M
sYAJ9gt8Ga9xYOltGhOeIcdfaRrpx8A4dUj3Fv7EAGH7vs3mBtDgWitfu3w/ZVZU
vDOLf0wH4AEvK95ExXZDrlf+r3pGHpLVUXY7NJTozxqf3PIylAssNaNHujS9Uivk
e3n8OLoIub7eW0HythCMAP4fR/HXregm8+lr7qEKONh2ooo0VaX4oFGYGoVkjjXp
0yVY2qjQZ8AojbyEniCEM0XvjBO4Pck82Lk7lRPpxrswjPaedeAKOD42Mps95LuW
D/2SpfDRp94Wc1TzdKS+RYN9DzCq7/qF8KKGY/lQErHysYTaJxuygFUZdwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE862yrFlnOZ7TWayteXI/iSRCefMB8GA1UdIwQY
MBaAFCKHcpja5dWjvqvKFuktGhQelIYnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW9keW1OcmwxYU8tcThvVzZTMGFGQjZVaGljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84NjUxYzUtYmQ3Ny00NjBkLTgzYmYt
NTkzM2EwOWY3MmQxLzEvVHpyYktzV1djNW50TlpySzE1Y2otSkpFSjU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84NjUxYzUtYmQ3Ny00NjBkLTgzYmYtNTkzM2EwOWY3MmQx
LzEvSW9keW1OcmwxYU8tcThvVzZTMGFGQjZVaGljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgDtwBAH
MA0GCSqGSIb3DQEBCwUAA4IBAQArQfhy4MS61HhHx6NRLz4olsHOQz7liU1Tdjj3
jiP188RacB32hpAevoL+vm+6qOndD9IwiKjNARCmKC0YOhUjl9o6txxfeXRHrtUt
3cC0BNTNnMwbqkxE/Dm6TMRKV+TS/xCoXOvUBIHCrUZfv8GUJoiB2H2s5z36x/d4
+aVKXTJkRg+lQlKuiX+YcNk5Q9TwNqxBB/8+uz2EdyGKkGtgh+n32FogAOHuwc72
80EV6uavk1HMf86tZKASoo6fzPoiDHuqHfUdIn0xbUgz77r5hxmj1JmJ6nWloab8
fQgH3DXDgTPDrQJk+NLYJa7r8zX14H7VkAcFVN0czTTv02EJ
-----END CERTIFICATE-----