Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/V-GANZk8zgRBCmWdgtRekVv6Ieo.roa
File:                     V-GANZk8zgRBCmWdgtRekVv6Ieo.roa (raw, json)
Hash identifier:          0/Ye7uv8t9dKqIOJeC/D0AbpxDbyr1f7PAdt2Lxz/f8=
Subject key identifier:   57:E1:80:35:99:3C:CE:04:41:0A:65:9D:82:D4:5E:91:5B:FA:21:EA
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       019422FAFEB94EC6B370FABFA459B2546584
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/V-GANZk8zgRBCmWdgtRekVv6Ieo.roa
Signing time:             Wed 01 Jan 2025 17:47:42 +0000
ROA not before:           Wed 01 Jan 2025 17:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212359
IP address blocks:        2a0f:607:1024::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 02:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:fe:b9:4e:c6:b3:70:fa:bf:a4:59:b2:54:65:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 17:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57e18035993cce04410a659d82d45e915bfa21ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:81:f5:9a:ad:9f:db:ff:a8:35:76:af:21:8e:
                    b9:85:f3:f6:67:86:92:db:49:d0:d8:98:3c:74:89:
                    21:4f:f6:09:f9:9c:56:b4:75:7c:cb:ea:ee:c9:4f:
                    95:89:e4:b3:d0:04:ff:96:fb:25:8d:c6:72:af:8c:
                    36:1d:ce:84:3e:bd:64:0d:92:90:c8:1f:cb:54:4d:
                    fe:99:a9:d6:b9:5b:55:f4:db:11:cf:55:dc:98:6f:
                    b2:fe:d7:06:15:ed:06:88:d8:bc:47:2e:f9:af:94:
                    d3:e0:78:a5:ca:ed:83:f5:47:d1:ff:66:73:a8:58:
                    77:11:8d:8c:59:94:58:c8:37:16:ef:11:1f:29:13:
                    64:fc:45:68:e6:2d:30:f1:4c:ce:f5:af:41:8a:f4:
                    0f:92:42:2b:73:f3:02:db:b8:14:fb:61:2f:2f:23:
                    8e:2a:7e:ec:3b:1a:c7:d7:ed:c8:56:f5:31:0c:aa:
                    41:75:ff:5d:71:27:1f:90:25:a2:f5:70:3e:36:e0:
                    2d:42:00:44:a7:5b:87:c1:18:88:9c:e1:f2:a6:56:
                    7e:d7:0d:3a:f3:02:c3:a1:0c:c2:5a:0b:64:b2:fc:
                    29:ac:f2:e6:a5:f3:b8:86:05:1d:34:4f:28:b3:34:
                    83:07:89:5b:1f:ad:1d:d4:e8:0b:31:eb:27:d7:b7:
                    bd:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E1:80:35:99:3C:CE:04:41:0A:65:9D:82:D4:5E:91:5B:FA:21:EA
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/V-GANZk8zgRBCmWdgtRekVv6Ieo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1024::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:c7:7b:35:d8:3b:b8:91:43:4c:cd:2d:14:53:ea:d1:bd:68:
         eb:80:a7:7b:0c:4d:e4:3c:d4:a6:7d:cb:b3:27:bc:8c:50:fe:
         54:69:5f:3e:7c:42:62:45:77:89:90:e1:34:c6:d2:71:68:a2:
         f9:78:11:4a:d5:ba:9d:de:90:8e:05:17:75:6d:80:d7:75:13:
         a3:9b:72:d3:f8:d8:e8:37:46:3f:50:f9:9d:88:35:5f:23:96:
         58:8b:7c:e6:e2:5a:a5:20:fd:a0:e3:e0:99:28:ac:b3:84:6d:
         e1:0b:18:22:d4:93:a1:8d:cc:f1:c7:3b:ce:74:9a:18:62:cc:
         19:3b:12:7e:8f:ef:3b:a0:41:ff:f3:12:b6:63:ac:ef:49:75:
         43:d0:84:70:47:a6:c6:30:f7:34:ff:24:42:5d:03:41:26:d3:
         1d:64:48:47:19:b2:20:fe:d5:0b:95:48:f2:36:80:7c:80:0e:
         58:12:7d:59:ce:35:d9:7d:2b:a5:48:25:6a:96:78:72:2b:88:
         87:75:08:20:6f:05:3b:50:ce:66:11:86:10:2d:c8:ba:bb:6d:
         d2:26:9c:d9:f3:93:63:11:fe:ad:fc:77:a2:d0:40:26:64:c5:
         ae:00:9b:16:e4:73:71:ba:3f:3d:3b:08:94:08:7c:43:6c:4c:
         b0:f3:09:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+v65TsazcPq/pFmyVGWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjUwMTAxMTc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2UxODAzNTk5M2NjZTA0NDEwYTY1OWQ4MmQ0NWU5MTViZmEyMWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYH1mq2f2/+oNXavIY65hfP2Z4aS
20nQ2Jg8dIkhT/YJ+ZxWtHV8y+ruyU+VieSz0AT/lvsljcZyr4w2Hc6EPr1kDZKQ
yB/LVE3+manWuVtV9NsRz1XcmG+y/tcGFe0GiNi8Ry75r5TT4Hilyu2D9UfR/2Zz
qFh3EY2MWZRYyDcW7xEfKRNk/EVo5i0w8UzO9a9BivQPkkIrc/MC27gU+2EvLyOO
Kn7sOxrH1+3IVvUxDKpBdf9dcScfkCWi9XA+NuAtQgBEp1uHwRiInOHyplZ+1w06
8wLDoQzCWgtksvwprPLmpfO4hgUdNE8oszSDB4lbH60d1OgLMesn17e9/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFfhgDWZPM4EQQplnYLUXpFb+iHqMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvVi1HQU5aazh6Z1JCQ21XZGd0UmVrVnY2SWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8GBxAk
MA0GCSqGSIb3DQEBCwUAA4IBAQAgx3s12Du4kUNMzS0UU+rRvWjrgKd7DE3kPNSm
fcuzJ7yMUP5UaV8+fEJiRXeJkOE0xtJxaKL5eBFK1bqd3pCOBRd1bYDXdROjm3LT
+NjoN0Y/UPmdiDVfI5ZYi3zm4lqlIP2g4+CZKKyzhG3hCxgi1JOhjczxxzvOdJoY
YswZOxJ+j+87oEH/8xK2Y6zvSXVD0IRwR6bGMPc0/yRCXQNBJtMdZEhHGbIg/tUL
lUjyNoB8gA5YEn1ZzjXZfSulSCVqlnhyK4iHdQggbwU7UM5mEYYQLci6u23SJpzZ
85NjEf6t/Hei0EAmZMWuAJsW5HNxuj89OwiUCHxDbEyw8wky
-----END CERTIFICATE-----