Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/f0HMDLVx5t59P591PrAxrNnUs2c.roa
File:                     f0HMDLVx5t59P591PrAxrNnUs2c.roa (raw, json)
Hash identifier:          /wxFlOgstgeKK54T7FynNE0uD4UjWWlnpZIecJhWOqM=
Subject key identifier:   7F:41:CC:0C:B5:71:E6:DE:7D:3F:9F:75:3E:B0:31:AC:D9:D4:B3:67
Certificate issuer:       /CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
Certificate serial:       0194266C34152AA1502077FC2E988EEEF894
Authority key identifier: 73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/f0HMDLVx5t59P591PrAxrNnUs2c.roa
Signing time:             Thu 02 Jan 2025 09:50:12 +0000
ROA not before:           Thu 02 Jan 2025 09:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39765
IP address blocks:        2a0b:b600:3c02::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 03:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:34:15:2a:a1:50:20:77:fc:2e:98:8e:ee:f8:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
        Validity
            Not Before: Jan  2 09:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f41cc0cb571e6de7d3f9f753eb031acd9d4b367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f5:fe:15:f7:7a:80:1b:1d:3f:16:ce:0b:76:
                    0f:86:85:07:ce:15:94:e5:ad:60:52:0c:93:14:1c:
                    8b:62:90:72:f7:94:76:46:e5:4d:d1:00:e2:3e:09:
                    f5:d7:90:fd:f3:78:f8:58:4b:fd:41:f7:5e:1b:5a:
                    b8:42:95:9e:4b:60:64:6c:b2:c6:47:4c:3b:32:3f:
                    fa:a9:c2:7f:75:72:63:18:1b:b6:8c:34:b7:17:6d:
                    6e:85:27:9a:3d:73:15:1a:60:71:9c:1a:c1:b0:78:
                    f6:52:01:db:1e:1d:56:83:7c:0c:d1:5d:0e:3e:72:
                    b7:fe:34:e1:fb:24:d2:d0:8c:3b:45:9e:25:8d:bc:
                    5a:de:1c:86:24:1d:9c:15:b3:a8:cb:0f:fd:7b:e4:
                    1c:77:5b:85:d4:dc:43:89:a9:dc:99:18:1b:de:24:
                    5d:cc:c4:e0:e1:f7:2f:59:e3:2a:7a:c9:8e:3e:e0:
                    f7:4c:6d:53:b5:75:3b:2e:f9:c7:2b:84:8e:fe:d6:
                    a7:78:3d:88:72:55:68:48:4e:ce:56:11:0e:4a:4a:
                    36:26:a4:57:d6:16:eb:bd:14:e4:0a:f4:27:e5:d0:
                    23:c8:39:79:fe:78:7f:29:ab:45:9f:69:ba:fe:99:
                    9f:4d:6e:b2:16:80:47:77:63:c1:97:25:96:a7:94:
                    cd:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:41:CC:0C:B5:71:E6:DE:7D:3F:9F:75:3E:B0:31:AC:D9:D4:B3:67
            X509v3 Authority Key Identifier:
                keyid:73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/f0HMDLVx5t59P591PrAxrNnUs2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b600:3c02::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:14:9e:bb:07:cb:3c:01:2e:2a:73:c7:07:d7:5e:e6:62:a8:
         63:7e:04:bd:90:30:a0:d2:05:a2:02:3f:b7:37:1c:18:20:32:
         74:5b:78:3b:23:64:75:62:50:c2:3d:d5:71:a1:77:8f:3e:8b:
         6a:da:43:7a:e5:ad:fe:df:15:c1:42:52:e2:69:7c:f0:e3:65:
         8b:77:85:c4:78:83:01:c4:cb:9d:06:fa:34:b0:09:ca:d5:22:
         d1:14:7a:b1:8d:b0:d5:10:13:38:24:97:a5:2d:79:a4:0d:98:
         fc:52:7a:0c:0b:e7:35:37:e2:25:da:a9:71:ca:c5:5b:f8:aa:
         6f:6d:2f:b4:ca:ee:39:e3:85:fe:28:e8:5f:18:82:ef:30:3f:
         60:71:8c:69:04:7b:07:0a:2d:7b:f5:3b:4c:3f:ad:fc:5c:8a:
         8c:a6:20:7f:5f:d5:1f:a4:7f:0f:94:36:ec:d8:53:f4:e6:e6:
         b5:f2:3c:94:ae:28:e9:cd:ea:c7:05:2c:55:bf:c8:4c:24:f8:
         3a:d8:38:07:d3:5f:77:f9:54:2f:8b:cc:6e:0d:5a:df:68:01:
         be:07:31:58:9e:65:78:94:21:c2:5b:82:4b:f3:3a:58:50:7e:
         28:0a:59:92:28:4b:00:72:ff:13:98:88:4a:be:15:b3:cf:7e:
         8b:b4:0d:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmbDQVKqFQIHf8LpiO7viUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjk4NmM3NzA1YmQ4MDhjMWIwMmViZDc1NGZiZmE5MTgw
N2U5YjYwHhcNMjUwMTAyMDk1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjQxY2MwY2I1NzFlNmRlN2QzZjlmNzUzZWIwMzFhY2Q5ZDRiMzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfX+Ffd6gBsdPxbOC3YPhoUHzhWU
5a1gUgyTFByLYpBy95R2RuVN0QDiPgn115D983j4WEv9QfdeG1q4QpWeS2BkbLLG
R0w7Mj/6qcJ/dXJjGBu2jDS3F21uhSeaPXMVGmBxnBrBsHj2UgHbHh1Wg3wM0V0O
PnK3/jTh+yTS0Iw7RZ4ljbxa3hyGJB2cFbOoyw/9e+Qcd1uF1NxDiancmRgb3iRd
zMTg4fcvWeMqesmOPuD3TG1TtXU7LvnHK4SO/taneD2IclVoSE7OVhEOSko2JqRX
1hbrvRTkCvQn5dAjyDl5/nh/KatFn2m6/pmfTW6yFoBHd2PBlyWWp5TNkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH9BzAy1cebefT+fdT6wMazZ1LNnMB8GA1UdIwQY
MBaAFHP5hsdwW9gIwbAuvXVPv6kYB+m2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEt
OWExMjk1ZjAyZjJlLzEvZjBITURMVng1dDU5UDU5MVByQXhyTm5VczJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEtOWExMjk1ZjAyZjJl
LzEvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgu2ADwC
MA0GCSqGSIb3DQEBCwUAA4IBAQBYFJ67B8s8AS4qc8cH117mYqhjfgS9kDCg0gWi
Aj+3NxwYIDJ0W3g7I2R1YlDCPdVxoXePPotq2kN65a3+3xXBQlLiaXzw42WLd4XE
eIMBxMudBvo0sAnK1SLRFHqxjbDVEBM4JJelLXmkDZj8UnoMC+c1N+Il2qlxysVb
+KpvbS+0yu4544X+KOhfGILvMD9gcYxpBHsHCi179TtMP638XIqMpiB/X9UfpH8P
lDbs2FP05ua18jyUrijpzerHBSxVv8hMJPg62DgH0193+VQvi8xuDVrfaAG+BzFY
nmV4lCHCW4JL8zpYUH4oClmSKEsAcv8TmIhKvhWzz36LtA3l
-----END CERTIFICATE-----