Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/xyxr3pfItv9o4W3QbYDO6voIQ0Q.roa
File:                     xyxr3pfItv9o4W3QbYDO6voIQ0Q.roa (raw, json)
Hash identifier:          8cnzmry/1ExM44UYvG1JFsqTRR1vf8KTHcvSzmwD5MY=
Subject key identifier:   C7:2C:6B:DE:97:C8:B6:FF:68:E1:6D:D0:6D:80:CE:EA:FA:08:43:44
Certificate issuer:       /CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
Certificate serial:       0194266C356B07F9840CAC58211A0F784211
Authority key identifier: 73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/xyxr3pfItv9o4W3QbYDO6voIQ0Q.roa
Signing time:             Thu 02 Jan 2025 09:50:13 +0000
ROA not before:           Thu 02 Jan 2025 09:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48105
IP address blocks:        2a0b:b600:1000::/38 maxlen: 48
                          2a0b:b600:3c06::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:35:6b:07:f9:84:0c:ac:58:21:1a:0f:78:42:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
        Validity
            Not Before: Jan  2 09:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c72c6bde97c8b6ff68e16dd06d80ceeafa084344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:4a:bc:42:a5:e7:64:60:33:44:17:3b:bd:4d:
                    bb:45:be:b7:e1:73:91:0d:9d:89:86:85:63:04:a9:
                    b7:e5:9f:3a:3d:1f:a8:48:1b:8b:ef:b8:6d:eb:4c:
                    95:de:eb:00:04:57:18:81:23:89:0e:f3:63:29:3f:
                    04:ff:0e:4f:db:14:0b:29:81:74:4c:a3:27:fb:fd:
                    bc:dd:d9:ab:a7:a4:bf:8c:0c:f1:dc:6c:a3:7d:32:
                    67:4e:eb:57:f1:d0:f0:d6:b1:3b:48:26:4d:e8:38:
                    c0:78:ef:0b:dd:df:56:51:bd:06:f9:78:41:fc:87:
                    ee:d2:73:59:fa:b8:3f:0f:75:08:55:d0:11:11:8d:
                    b6:8b:62:bd:11:cf:50:fa:d9:05:aa:b0:c1:22:f1:
                    6f:b3:e2:d2:32:61:d7:08:36:6c:9b:0d:16:6f:5a:
                    30:8b:c8:72:22:b1:9a:59:04:3a:9e:87:a5:fc:fe:
                    d5:1d:b2:53:f1:67:1e:18:44:f5:a0:57:4b:89:ee:
                    e1:c0:76:f9:b4:49:20:cb:94:2e:0f:e5:04:3d:83:
                    44:ca:a3:49:98:0c:dc:ee:bd:52:12:4f:10:51:34:
                    bb:10:14:de:68:5f:71:fd:7f:58:e3:5b:b3:3d:e5:
                    3a:a9:83:cf:dc:68:96:26:c7:75:cc:3f:7b:5a:ca:
                    a9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:2C:6B:DE:97:C8:B6:FF:68:E1:6D:D0:6D:80:CE:EA:FA:08:43:44
            X509v3 Authority Key Identifier:
                keyid:73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/xyxr3pfItv9o4W3QbYDO6voIQ0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b600:1000::/38
                  2a0b:b600:3c06::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:45:2f:85:e1:55:6b:a2:d2:51:e9:87:39:db:30:08:e5:87:
         f2:c7:19:64:42:64:91:ba:21:5a:45:4e:3b:cf:65:d7:aa:66:
         a0:1c:45:28:f3:6c:a1:67:a2:69:da:39:b5:d4:94:cf:bd:62:
         28:16:34:de:ba:62:e7:5b:7b:e9:f1:d3:63:46:b5:b7:42:85:
         a0:f3:b7:25:22:25:47:a8:55:7e:ce:fc:b2:ac:b2:fb:7b:e2:
         40:6d:30:0b:87:4d:89:73:a9:e7:bc:55:4d:7c:f1:b4:05:8b:
         74:8c:3d:88:c4:aa:2b:34:47:6c:71:e5:d4:8f:44:5c:10:ff:
         20:4b:ae:5b:38:4a:aa:74:d6:ec:76:8b:c3:8f:9c:e0:be:77:
         30:17:b9:1a:3b:3d:e6:aa:44:ff:91:42:a2:94:42:fa:b6:0f:
         dc:e0:8e:91:66:fa:6b:9f:e7:20:22:5a:2a:40:56:b6:97:b8:
         50:2b:7e:9d:49:8b:de:da:bf:89:1a:67:93:16:15:d3:19:13:
         61:3d:7a:aa:79:48:c9:72:f2:f9:cc:5c:c5:0c:e9:db:14:e7:
         72:52:a2:cc:fa:ee:64:4e:54:e3:b5:c2:91:fb:22:06:d2:d9:
         04:4c:e8:50:ff:2a:eb:7c:b8:a0:8f:f5:f2:8c:e5:16:f4:3f:
         af:92:87:d4
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQmbDVrB/mEDKxYIRoPeEIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjk4NmM3NzA1YmQ4MDhjMWIwMmViZDc1NGZiZmE5MTgw
N2U5YjYwHhcNMjUwMTAyMDk1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzJjNmJkZTk3YzhiNmZmNjhlMTZkZDA2ZDgwY2VlYWZhMDg0MzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kq8QqXnZGAzRBc7vU27Rb634XOR
DZ2JhoVjBKm35Z86PR+oSBuL77ht60yV3usABFcYgSOJDvNjKT8E/w5P2xQLKYF0
TKMn+/283dmrp6S/jAzx3GyjfTJnTutX8dDw1rE7SCZN6DjAeO8L3d9WUb0G+XhB
/Ifu0nNZ+rg/D3UIVdAREY22i2K9Ec9Q+tkFqrDBIvFvs+LSMmHXCDZsmw0Wb1ow
i8hyIrGaWQQ6noel/P7VHbJT8WceGET1oFdLie7hwHb5tEkgy5QuD+UEPYNEyqNJ
mAzc7r1SEk8QUTS7EBTeaF9x/X9Y41uzPeU6qYPP3GiWJsd1zD97Wsqp6wIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFMcsa96XyLb/aOFt0G2Azur6CENEMB8GA1UdIwQY
MBaAFHP5hsdwW9gIwbAuvXVPv6kYB+m2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEt
OWExMjk1ZjAyZjJlLzEveHl4cjNwZkl0djlvNFczUWJZRE82dm9JUTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEtOWExMjk1ZjAyZjJl
LzEvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYCKgu2ABAD
BwAqC7YAPAYwDQYJKoZIhvcNAQELBQADggEBAC5FL4XhVWui0lHphznbMAjlh/LH
GWRCZJG6IVpFTjvPZdeqZqAcRSjzbKFnomnaObXUlM+9YigWNN66Yudbe+nx02NG
tbdChaDztyUiJUeoVX7O/LKssvt74kBtMAuHTYlzqee8VU188bQFi3SMPYjEqis0
R2xx5dSPRFwQ/yBLrls4Sqp01ux2i8OPnOC+dzAXuRo7PeaqRP+RQqKUQvq2D9zg
jpFm+muf5yAiWipAVraXuFArfp1Ji97av4kaZ5MWFdMZE2E9eqp5SMly8vnMXMUM
6dsU53JSosz67mROVOO1wpH7IgbS2QRM6FD/Kut8uKCP9fKM5Rb0P6+Sh9Q=
-----END CERTIFICATE-----