Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/Y0C-htCfvnbnmYNv0PkfbKtYljU.roa
File:                     Y0C-htCfvnbnmYNv0PkfbKtYljU.roa (raw, json)
Hash identifier:          8fWI3mxeJyTLiMswCNgTBvpO5nBn7ysdbrCOfcMFa7g=
Subject key identifier:   63:40:BE:86:D0:9F:BE:76:E7:99:83:6F:D0:F9:1F:6C:AB:58:96:35
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       019422FAFCAF9A40AE63BE8A595328FBB266
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/Y0C-htCfvnbnmYNv0PkfbKtYljU.roa
Signing time:             Wed 01 Jan 2025 17:47:41 +0000
ROA not before:           Wed 01 Jan 2025 17:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210932
IP address blocks:        2a0f:607:1500::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:fc:af:9a:40:ae:63:be:8a:59:53:28:fb:b2:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 17:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6340be86d09fbe76e799836fd0f91f6cab589635
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:73:70:31:b6:96:c2:94:f5:63:30:94:d9:55:
                    6a:72:a0:53:f8:96:6f:06:20:8c:65:6f:1a:61:00:
                    d6:1e:3f:8a:d0:43:02:b3:c3:5c:45:cf:63:6a:86:
                    a7:ea:8d:89:40:f0:fd:43:24:c2:51:a2:0c:3c:9e:
                    5b:82:11:49:19:ff:eb:40:70:ab:09:86:e6:d8:dd:
                    ec:45:1d:25:cd:af:63:67:31:fa:a8:43:cf:b9:4f:
                    ed:00:64:17:2c:b8:b6:50:10:f4:e4:6b:98:4f:12:
                    ab:f2:19:85:62:37:78:a4:62:f5:86:bc:ca:a1:dc:
                    03:30:5b:d7:a1:d3:85:04:9c:d4:57:59:df:a3:c3:
                    d6:e5:67:f6:ef:a3:f8:26:18:a9:df:b0:65:d8:da:
                    89:85:94:f2:98:c0:08:a5:6a:78:52:2d:8a:a6:f5:
                    a1:0c:6f:da:2d:be:f3:be:89:52:25:59:3f:ec:a1:
                    e6:8f:ce:92:31:46:5a:ca:c7:a8:8a:10:ab:1a:32:
                    77:94:b8:9b:c5:21:07:28:f8:50:e6:b4:2b:be:f2:
                    6a:2e:3a:53:9b:4a:05:f4:e5:e9:3d:53:7e:42:7b:
                    61:80:39:a0:8b:51:4f:df:1b:54:54:95:18:bf:1a:
                    2f:25:03:b2:14:a0:c7:15:ed:a4:6a:46:d9:16:1a:
                    37:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:40:BE:86:D0:9F:BE:76:E7:99:83:6F:D0:F9:1F:6C:AB:58:96:35
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/Y0C-htCfvnbnmYNv0PkfbKtYljU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1500::/44

    Signature Algorithm: sha256WithRSAEncryption
         b6:75:fa:f7:31:4b:bc:6f:ae:59:2e:eb:d6:90:d8:e5:78:53:
         d2:d7:49:5c:ec:79:e0:26:ba:0e:a5:c1:82:87:fa:c1:13:37:
         bc:58:19:7c:f1:cc:ab:fc:50:0d:bf:cf:c9:b7:e8:d1:ac:bd:
         91:a2:16:e6:4b:ad:77:2f:b0:ed:83:48:bc:e9:cf:58:35:83:
         8c:95:75:ce:c9:bc:da:b2:5a:77:cb:53:a9:60:61:97:53:f5:
         b0:11:03:46:48:ce:b3:4c:f1:f8:2d:08:2c:e7:ff:09:52:6e:
         9e:c6:6a:57:df:d7:36:41:91:2b:a0:64:92:b1:7f:1d:90:04:
         7b:4d:28:ea:3b:e1:f9:4e:67:df:5a:5e:7a:58:fc:30:36:29:
         cb:29:12:e0:d6:91:8c:d5:ba:d5:cd:4d:52:b9:a8:e2:67:11:
         cd:27:09:cc:80:60:ab:fe:6a:f5:d5:6e:23:36:cd:de:f4:6d:
         77:47:fd:c4:aa:e5:83:0d:19:6e:cc:69:fc:70:af:aa:8b:22:
         33:ab:ec:11:c7:44:92:38:7e:36:e7:7a:9d:a8:2c:98:06:94:
         6a:97:77:a5:c1:c2:4e:93:96:f9:28:31:2b:90:34:94:7e:2c:
         ed:0a:6a:46:64:28:ff:9c:63:7a:b6:3b:20:ee:19:9e:b0:bb:
         7f:e4:18:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+vyvmkCuY76KWVMo+7JmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjUwMTAxMTc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzQwYmU4NmQwOWZiZTc2ZTc5OTgzNmZkMGY5MWY2Y2FiNTg5NjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnNwMbaWwpT1YzCU2VVqcqBT+JZv
BiCMZW8aYQDWHj+K0EMCs8NcRc9jaoan6o2JQPD9QyTCUaIMPJ5bghFJGf/rQHCr
CYbm2N3sRR0lza9jZzH6qEPPuU/tAGQXLLi2UBD05GuYTxKr8hmFYjd4pGL1hrzK
odwDMFvXodOFBJzUV1nfo8PW5Wf276P4Jhip37Bl2NqJhZTymMAIpWp4Ui2KpvWh
DG/aLb7zvolSJVk/7KHmj86SMUZayseoihCrGjJ3lLibxSEHKPhQ5rQrvvJqLjpT
m0oF9OXpPVN+QnthgDmgi1FP3xtUVJUYvxovJQOyFKDHFe2kakbZFho3NwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGNAvobQn75255mDb9D5H2yrWJY1MB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvWTBDLWh0Q2Z2bmJubVlOdjBQa2ZiS3RZbGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxUA
MA0GCSqGSIb3DQEBCwUAA4IBAQC2dfr3MUu8b65ZLuvWkNjleFPS10lc7HngJroO
pcGCh/rBEze8WBl88cyr/FANv8/Jt+jRrL2RohbmS613L7Dtg0i86c9YNYOMlXXO
ybzaslp3y1OpYGGXU/WwEQNGSM6zTPH4LQgs5/8JUm6exmpX39c2QZEroGSSsX8d
kAR7TSjqO+H5TmffWl56WPwwNinLKRLg1pGM1brVzU1SuajiZxHNJwnMgGCr/mr1
1W4jNs3e9G13R/3EquWDDRluzGn8cK+qiyIzq+wRx0SSOH4253qdqCyYBpRql3el
wcJOk5b5KDErkDSUfiztCmpGZCj/nGN6tjsg7hmesLt/5Bg9
-----END CERTIFICATE-----