Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/jdGQJIZnkRjBDTTHnu0krS57iP8.roa
File:                     jdGQJIZnkRjBDTTHnu0krS57iP8.roa (raw, json)
Hash identifier:          e+2axTWyygbixhenSw9GiW7DCvps0Y82zf10NziEjRo=
Subject key identifier:   8D:D1:90:24:86:67:91:18:C1:0D:34:C7:9E:ED:24:AD:2E:7B:88:FF
Certificate issuer:       /CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
Certificate serial:       0194266C3399F78E2BBD5C231F86FFAADF9D
Authority key identifier: 73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/jdGQJIZnkRjBDTTHnu0krS57iP8.roa
Signing time:             Thu 02 Jan 2025 09:50:12 +0000
ROA not before:           Thu 02 Jan 2025 09:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15703
IP address blocks:        2a0b:b600:3000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 21:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:33:99:f7:8e:2b:bd:5c:23:1f:86:ff:aa:df:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
        Validity
            Not Before: Jan  2 09:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8dd1902486679118c10d34c79eed24ad2e7b88ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:96:a8:52:b7:22:17:f1:f1:68:0d:e2:c9:28:
                    00:a0:a7:71:8d:f4:90:93:77:41:a9:3e:e0:e8:81:
                    9d:dc:b7:82:98:59:4a:2c:71:b4:b9:e6:30:1c:22:
                    f6:a9:9b:67:90:9e:fd:7b:b2:9f:45:ce:f9:d4:dc:
                    a5:8e:6d:da:51:94:e5:90:08:9e:60:b9:6c:48:e6:
                    e1:09:1b:fe:9f:48:08:de:07:6b:12:ab:a8:45:a1:
                    81:d8:fb:12:16:06:e9:fa:1e:6f:01:48:21:51:eb:
                    d2:94:a1:9f:da:a8:cb:b8:c7:c4:2b:bd:f0:eb:11:
                    6d:bc:03:a7:f0:8b:be:65:c7:01:f9:d5:20:85:84:
                    d2:9f:fc:e2:4c:67:ef:28:95:eb:be:38:48:ab:ef:
                    25:d0:68:09:d3:18:fc:b1:9a:37:be:e0:e0:62:d9:
                    12:7a:fe:66:88:93:67:2d:6d:ac:51:32:e0:9d:05:
                    79:ca:12:ab:78:e9:15:77:99:c1:42:39:c9:cc:fc:
                    76:78:4e:48:2a:ab:8a:bc:0d:99:32:90:54:39:6f:
                    aa:d6:2f:ca:b6:59:25:76:70:15:58:16:ea:43:a9:
                    20:62:76:30:8d:96:a1:17:c1:e9:d2:a3:5a:ad:5a:
                    6a:49:6b:69:8f:52:24:20:ab:f8:9f:73:8a:a8:ec:
                    84:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D1:90:24:86:67:91:18:C1:0D:34:C7:9E:ED:24:AD:2E:7B:88:FF
            X509v3 Authority Key Identifier:
                keyid:73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/jdGQJIZnkRjBDTTHnu0krS57iP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b600:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         d7:4e:9c:9f:38:e3:de:ae:27:44:ec:49:50:88:e5:f0:c3:1b:
         55:40:5b:f2:24:f9:5a:02:3d:ac:c1:74:1a:1c:df:3b:83:a7:
         5d:9c:4e:74:70:ed:ca:0a:a8:60:80:68:5a:86:3c:17:0f:5b:
         58:5f:93:05:09:ff:56:26:41:72:97:27:e6:8b:4f:4d:a7:a8:
         df:c7:f2:28:4e:88:33:ee:6d:cc:2a:6f:34:d4:f7:b9:68:7e:
         0a:2f:6b:bc:a2:22:8d:81:99:e3:b3:84:30:53:0b:16:a9:82:
         f5:a8:45:95:8b:ae:1f:c3:93:04:4f:cd:71:4c:47:a3:55:23:
         66:4c:ab:13:d5:c5:3f:98:21:86:04:17:79:2f:01:46:2e:d0:
         60:ce:05:9a:27:01:a9:4a:20:bd:66:ab:d4:e1:db:b1:d7:47:
         52:8e:89:93:d1:f4:ef:82:0d:3c:23:07:e9:1e:55:e1:ca:16:
         c2:2f:84:72:79:13:2f:d6:15:c7:b3:33:43:6c:b0:bf:64:2a:
         0e:ac:95:82:3c:de:46:43:55:e4:c7:3d:b0:10:9c:fa:3e:73:
         88:bd:f1:ae:9e:6a:cc:b6:c5:5c:4c:0b:d6:61:e6:d8:52:c1:
         3f:81:72:27:53:28:e9:fd:22:dc:6c:c3:b4:91:67:cd:d0:d5:
         36:82:7f:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmbDOZ944rvVwjH4b/qt+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjk4NmM3NzA1YmQ4MDhjMWIwMmViZDc1NGZiZmE5MTgw
N2U5YjYwHhcNMjUwMTAyMDk1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGQxOTAyNDg2Njc5MTE4YzEwZDM0Yzc5ZWVkMjRhZDJlN2I4OGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4paoUrciF/HxaA3iySgAoKdxjfSQ
k3dBqT7g6IGd3LeCmFlKLHG0ueYwHCL2qZtnkJ79e7KfRc751Nyljm3aUZTlkAie
YLlsSObhCRv+n0gI3gdrEquoRaGB2PsSFgbp+h5vAUghUevSlKGf2qjLuMfEK73w
6xFtvAOn8Iu+ZccB+dUghYTSn/ziTGfvKJXrvjhIq+8l0GgJ0xj8sZo3vuDgYtkS
ev5miJNnLW2sUTLgnQV5yhKreOkVd5nBQjnJzPx2eE5IKquKvA2ZMpBUOW+q1i/K
tlkldnAVWBbqQ6kgYnYwjZahF8Hp0qNarVpqSWtpj1IkIKv4n3OKqOyECwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI3RkCSGZ5EYwQ00x57tJK0ue4j/MB8GA1UdIwQY
MBaAFHP5hsdwW9gIwbAuvXVPv6kYB+m2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEt
OWExMjk1ZjAyZjJlLzEvamRHUUpJWm5rUmpCRFRUSG51MGtyUzU3aVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEtOWExMjk1ZjAyZjJl
LzEvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgu2ADAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDXTpyfOOPeridE7ElQiOXwwxtVQFvyJPlaAj2s
wXQaHN87g6ddnE50cO3KCqhggGhahjwXD1tYX5MFCf9WJkFylyfmi09Np6jfx/Io
Togz7m3MKm801Pe5aH4KL2u8oiKNgZnjs4QwUwsWqYL1qEWVi64fw5MET81xTEej
VSNmTKsT1cU/mCGGBBd5LwFGLtBgzgWaJwGpSiC9ZqvU4dux10dSjomT0fTvgg08
IwfpHlXhyhbCL4RyeRMv1hXHszNDbLC/ZCoOrJWCPN5GQ1Xkxz2wEJz6PnOIvfGu
nmrMtsVcTAvWYebYUsE/gXInUyjp/SLcbMO0kWfN0NU2gn9d
-----END CERTIFICATE-----