Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/hHcyNgOmxrhkn3DhNfaigHX94g8.roa
File:                     hHcyNgOmxrhkn3DhNfaigHX94g8.roa (raw, json)
Hash identifier:          B65e/+ApHFBG2pXE/i7USQDriRyCgT5A9AG/tPBTPh8=
Subject key identifier:   84:77:32:36:03:A6:C6:B8:64:9F:70:E1:35:F6:A2:80:75:FD:E2:0F
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019425FCE3BABB226DBE16F734055238F471
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/hHcyNgOmxrhkn3DhNfaigHX94g8.roa
Signing time:             Thu 02 Jan 2025 07:48:37 +0000
ROA not before:           Thu 02 Jan 2025 07:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     132335
IP address blocks:        2a0a:8f40:56::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:e3:ba:bb:22:6d:be:16:f7:34:05:52:38:f4:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  2 07:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8477323603a6c6b8649f70e135f6a28075fde20f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f6:79:4b:b2:06:a1:51:98:6d:f2:59:59:7b:
                    43:77:14:46:f6:92:bb:d7:6a:53:86:3e:f7:e4:97:
                    19:15:51:b1:5d:c2:dd:bc:f5:0e:8e:66:a8:eb:b1:
                    79:9f:1f:18:69:04:ee:4e:a4:95:62:a9:77:50:69:
                    a0:f8:5d:e0:9f:6f:36:fb:1b:41:a0:33:59:ef:f1:
                    71:c9:a8:3d:1f:f2:03:54:7a:9d:11:1c:67:1e:8d:
                    59:d7:1f:b1:10:15:db:ad:25:f5:d0:6d:a6:e1:a5:
                    b7:39:77:d4:a5:eb:35:99:0f:2b:45:96:39:fc:0e:
                    a8:84:85:dc:37:31:fb:91:a0:fd:5e:2d:3b:19:38:
                    c8:f7:6f:94:52:b4:59:ac:4c:b3:6e:61:62:00:2f:
                    77:72:fb:9a:12:1d:28:7e:7a:99:f4:6a:20:48:ff:
                    65:62:48:db:cf:d3:e4:35:d9:3b:5d:d1:d5:c1:d9:
                    58:f2:7e:6c:a3:ee:e0:2f:d9:9d:3b:92:68:4f:4b:
                    1e:94:f4:5b:62:a2:58:04:2e:a0:1c:46:03:9d:36:
                    e2:c7:f5:82:4a:3e:af:30:e7:ff:b6:f5:2c:b8:db:
                    7b:39:19:15:c8:6c:c2:16:2e:bd:8a:45:7c:b1:3e:
                    c3:7a:6e:70:e3:3f:73:ba:f5:f1:3c:5b:25:a9:b2:
                    30:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:77:32:36:03:A6:C6:B8:64:9F:70:E1:35:F6:A2:80:75:FD:E2:0F
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/hHcyNgOmxrhkn3DhNfaigHX94g8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:8f40:56::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:f2:f1:82:a6:76:13:cf:fc:de:5e:8b:6d:e2:f7:75:a2:09:
         07:4e:92:35:1d:60:d0:36:69:ca:22:fa:9a:3e:ce:a8:0e:58:
         7d:68:b4:f8:0f:56:ae:99:62:a8:4e:a9:1c:2c:7e:e8:b3:3c:
         68:c0:38:e0:a9:5e:05:03:4e:49:e8:ee:1f:cb:a9:26:d3:38:
         27:b8:60:5d:6e:bc:1e:8e:35:5d:2a:98:6c:c3:57:54:2d:5e:
         a9:f6:25:78:d7:e3:97:3c:15:8b:25:87:b1:eb:e3:27:30:a4:
         3b:99:f8:fa:5e:47:7f:6c:37:00:32:c2:88:b2:32:e6:ad:7f:
         53:25:5f:a1:37:06:18:85:f7:fb:ff:43:95:eb:5e:3b:b5:77:
         be:e6:b6:02:8b:36:31:f0:ab:bb:75:ed:67:62:33:73:59:e5:
         71:29:77:79:8d:3c:f3:55:2b:25:d1:b1:04:85:89:f4:22:d2:
         70:6c:ae:e3:6b:2f:a1:fd:32:5b:be:df:55:69:0a:1d:bc:78:
         74:d0:59:aa:93:c4:6d:d4:90:46:c2:ed:ba:a1:ad:23:df:25:
         c0:47:50:8f:b6:46:86:5c:03:23:21:ad:d3:20:95:bd:af:aa:
         d3:c6:62:0b:25:26:72:f0:ee:68:20:0a:03:14:99:33:ee:98:
         50:89:a2:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/OO6uyJtvhb3NAVSOPRxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwMTAyMDc0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDc3MzIzNjAzYTZjNmI4NjQ5ZjcwZTEzNWY2YTI4MDc1ZmRlMjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/Z5S7IGoVGYbfJZWXtDdxRG9pK7
12pThj735JcZFVGxXcLdvPUOjmao67F5nx8YaQTuTqSVYql3UGmg+F3gn282+xtB
oDNZ7/Fxyag9H/IDVHqdERxnHo1Z1x+xEBXbrSX10G2m4aW3OXfUpes1mQ8rRZY5
/A6ohIXcNzH7kaD9Xi07GTjI92+UUrRZrEyzbmFiAC93cvuaEh0ofnqZ9GogSP9l
Ykjbz9PkNdk7XdHVwdlY8n5so+7gL9mdO5JoT0selPRbYqJYBC6gHEYDnTbix/WC
Sj6vMOf/tvUsuNt7ORkVyGzCFi69ikV8sT7Dem5w4z9zuvXxPFslqbIwNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIR3MjYDpsa4ZJ9w4TX2ooB1/eIPMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvaEhjeU5nT214cmhrbjNEaE5mYWlnSFg5NGc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgqPQABW
MA0GCSqGSIb3DQEBCwUAA4IBAQAl8vGCpnYTz/zeXott4vd1ogkHTpI1HWDQNmnK
IvqaPs6oDlh9aLT4D1aumWKoTqkcLH7oszxowDjgqV4FA05J6O4fy6km0zgnuGBd
brwejjVdKphsw1dULV6p9iV41+OXPBWLJYex6+MnMKQ7mfj6Xkd/bDcAMsKIsjLm
rX9TJV+hNwYYhff7/0OV6147tXe+5rYCizYx8Ku7de1nYjNzWeVxKXd5jTzzVSsl
0bEEhYn0ItJwbK7jay+h/TJbvt9VaQodvHh00Fmqk8Rt1JBGwu26oa0j3yXAR1CP
tkaGXAMjIa3TIJW9r6rTxmILJSZy8O5oIAoDFJkz7phQiaKl
-----END CERTIFICATE-----