Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/M3dHm9GHrYD8lQS4ksiSXCNoje4.roa
File:                     M3dHm9GHrYD8lQS4ksiSXCNoje4.roa (raw, json)
Hash identifier:          Nu6oMe2kKfWTDbq3VinP98dNG8A/F9K2WRgisYnSNqE=
Subject key identifier:   33:77:47:9B:D1:87:AD:80:FC:95:04:B8:92:C8:92:5C:23:68:8D:EE
Certificate issuer:       /CN=d0041ff7980379b798049256868dff39819c2604
Certificate serial:       01942747716162F5B856DE5BF230C0A9AF48
Authority key identifier: D0:04:1F:F7:98:03:79:B7:98:04:92:56:86:8D:FF:39:81:9C:26:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0AQf95gDebeYBJJWho3_OYGcJgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/M3dHm9GHrYD8lQS4ksiSXCNoje4.roa
Signing time:             Thu 02 Jan 2025 13:49:41 +0000
ROA not before:           Thu 02 Jan 2025 13:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35804
IP address blocks:        2a00:ede0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/0AQf95gDebeYBJJWho3_OYGcJgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/0AQf95gDebeYBJJWho3_OYGcJgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0AQf95gDebeYBJJWho3_OYGcJgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:71:61:62:f5:b8:56:de:5b:f2:30:c0:a9:af:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0041ff7980379b798049256868dff39819c2604
        Validity
            Not Before: Jan  2 13:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3377479bd187ad80fc9504b892c8925c23688dee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6d:dd:33:2c:3f:8e:f0:01:2f:bd:b1:c5:89:
                    60:e5:35:0d:95:d9:54:ea:9b:c9:b3:4b:f9:6e:af:
                    8a:72:19:0e:78:0e:b8:b6:fb:20:10:2c:29:92:27:
                    0d:9d:37:de:65:d7:fe:2e:65:e1:d3:73:55:15:e3:
                    16:96:9a:03:14:44:80:7a:54:30:29:ab:39:30:4d:
                    ee:eb:c1:6c:3e:87:77:d1:33:4c:f2:07:a3:c6:78:
                    07:6c:a4:6e:90:5d:7c:c1:dd:3e:3d:43:ef:b2:45:
                    bf:8d:6d:f6:d1:15:99:3e:67:61:a6:ac:23:a7:c5:
                    05:f6:0f:09:74:68:df:14:c8:15:73:f8:23:ed:13:
                    61:48:61:16:9f:9e:63:3c:dd:ce:c6:8b:3f:31:e9:
                    1d:34:bf:0d:6f:75:5f:86:cb:4d:d5:c8:e5:1a:d5:
                    01:69:33:6c:7e:8a:0e:ce:7d:10:4f:07:ee:ff:36:
                    6d:51:e6:89:9c:14:39:c2:8f:04:0c:0f:b2:f9:d2:
                    68:6f:7d:d4:5a:2d:d2:98:d5:77:44:e0:31:98:b1:
                    98:e3:3d:7c:5c:6b:cd:11:27:8f:e2:3b:d2:74:3b:
                    c6:14:48:32:c1:13:ad:83:50:99:82:7b:88:09:4d:
                    dc:4b:df:12:80:10:09:88:eb:07:f2:aa:41:0b:05:
                    40:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:77:47:9B:D1:87:AD:80:FC:95:04:B8:92:C8:92:5C:23:68:8D:EE
            X509v3 Authority Key Identifier:
                keyid:D0:04:1F:F7:98:03:79:B7:98:04:92:56:86:8D:FF:39:81:9C:26:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0AQf95gDebeYBJJWho3_OYGcJgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/M3dHm9GHrYD8lQS4ksiSXCNoje4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/e8f452-be70-4176-9da0-e689bf57dd27/1/0AQf95gDebeYBJJWho3_OYGcJgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ede0::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:90:46:2b:ea:d8:73:2d:0a:10:33:ee:32:58:f0:ee:b0:c9:
         4d:50:3d:f3:0e:df:29:35:c5:4f:8c:6e:57:0f:c3:ec:ef:46:
         79:6f:d5:aa:88:5e:bf:43:f1:52:a7:42:f7:93:fb:98:e5:23:
         4b:33:60:1e:ff:57:2b:15:b1:3e:24:5c:6a:1e:9b:ca:b6:22:
         0e:6a:e1:13:a0:d1:41:51:93:35:17:8b:d1:d0:19:ef:20:91:
         b2:b7:de:91:76:8c:18:23:c8:2d:04:d2:d6:bd:7c:60:c1:33:
         c6:22:f5:ba:52:ab:b2:40:ce:35:50:25:a7:b9:10:50:f4:11:
         ba:6a:93:12:b7:dc:02:e0:87:13:62:08:6c:d8:b5:cd:cc:1d:
         c2:25:79:5f:1f:4c:f5:4d:71:30:65:38:40:c5:ac:27:72:fb:
         50:84:33:3b:66:0d:d7:34:b9:fd:dc:1a:72:8b:dd:b9:8f:5b:
         97:77:89:4a:de:b8:d7:c2:bb:b7:37:de:79:8a:b6:64:3a:76:
         23:95:9e:8b:77:59:48:bb:8a:38:42:66:80:4d:85:bd:90:4f:
         c5:10:c4:48:8f:65:c3:5c:a3:c8:78:ab:5b:20:dd:20:74:41:
         3b:a5:89:40:21:25:0a:73:a8:0d:d9:ce:c0:a9:75:9b:87:32:
         86:8c:f8:14
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnR3FhYvW4Vt5b8jDAqa9IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMDQxZmY3OTgwMzc5Yjc5ODA0OTI1Njg2OGRmZjM5ODE5
YzI2MDQwHhcNMjUwMTAyMTM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzc3NDc5YmQxODdhZDgwZmM5NTA0Yjg5MmM4OTI1YzIzNjg4ZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG3dMyw/jvABL72xxYlg5TUNldlU
6pvJs0v5bq+KchkOeA64tvsgECwpkicNnTfeZdf+LmXh03NVFeMWlpoDFESAelQw
Kas5ME3u68FsPod30TNM8gejxngHbKRukF18wd0+PUPvskW/jW320RWZPmdhpqwj
p8UF9g8JdGjfFMgVc/gj7RNhSGEWn55jPN3Oxos/MekdNL8Nb3VfhstN1cjlGtUB
aTNsfooOzn0QTwfu/zZtUeaJnBQ5wo8EDA+y+dJob33UWi3SmNV3ROAxmLGY4z18
XGvNESeP4jvSdDvGFEgywROtg1CZgnuICU3cS98SgBAJiOsH8qpBCwVAGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDN3R5vRh62A/JUEuJLIklwjaI3uMB8GA1UdIwQY
MBaAFNAEH/eYA3m3mASSVoaN/zmBnCYEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFRZjk1Z0RlYmVZQkpKV2hvM19PWUdjSmdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9lOGY0NTItYmU3MC00MTc2LTlkYTAt
ZTY4OWJmNTdkZDI3LzEvTTNkSG05R0hyWUQ4bFFTNGtzaVNYQ05vamU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9lOGY0NTItYmU3MC00MTc2LTlkYTAtZTY4OWJmNTdkZDI3
LzEvMEFRZjk1Z0RlYmVZQkpKV2hvM19PWUdjSmdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgDt4DAN
BgkqhkiG9w0BAQsFAAOCAQEAKJBGK+rYcy0KEDPuMljw7rDJTVA98w7fKTXFT4xu
Vw/D7O9GeW/Vqohev0PxUqdC95P7mOUjSzNgHv9XKxWxPiRcah6byrYiDmrhE6DR
QVGTNReL0dAZ7yCRsrfekXaMGCPILQTS1r18YMEzxiL1ulKrskDONVAlp7kQUPQR
umqTErfcAuCHE2IIbNi1zcwdwiV5Xx9M9U1xMGU4QMWsJ3L7UIQzO2YN1zS5/dwa
covduY9bl3eJSt6418K7tzfeeYq2ZDp2I5Wei3dZSLuKOEJmgE2FvZBPxRDESI9l
w1yjyHirWyDdIHRBO6WJQCElCnOoDdnOwKl1m4cyhoz4FA==
-----END CERTIFICATE-----