Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/pt7YpGM2My2PdDyCBGt2NmS6PdY.roa
File:                     pt7YpGM2My2PdDyCBGt2NmS6PdY.roa (raw, json)
Hash identifier:          P+B4U+0XYxhQOjAD9qo+XbXRvRXuvftqWPsCnQZHWFA=
Subject key identifier:   A6:DE:D8:A4:63:36:33:2D:8F:74:3C:82:04:6B:76:36:64:BA:3D:D6
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       019422FAF7725AEB8441758697267974553B
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/pt7YpGM2My2PdDyCBGt2NmS6PdY.roa
Signing time:             Wed 01 Jan 2025 17:47:40 +0000
ROA not before:           Wed 01 Jan 2025 17:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38008
IP address blocks:        2a0f:607:1060::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:f7:72:5a:eb:84:41:75:86:97:26:79:74:55:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 17:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6ded8a46336332d8f743c82046b763664ba3dd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:76:c9:9b:f7:72:ce:3d:5e:d2:2a:7c:43:08:
                    77:3d:34:71:35:73:7e:17:2c:92:fe:8a:42:fa:97:
                    39:b4:24:7e:18:23:08:e4:bb:4c:b2:6a:21:7d:51:
                    d4:40:29:ef:87:99:00:5f:0e:69:1b:0d:81:b4:b6:
                    7e:47:8b:86:f5:2a:59:a7:f3:01:72:b9:c3:0c:c1:
                    28:77:8f:f4:e4:a9:a8:5b:03:42:54:4e:1b:01:f0:
                    93:7d:fa:37:d5:7c:44:f7:13:cc:75:fd:52:46:84:
                    c2:bc:8f:e7:c8:f7:8d:47:57:80:5b:75:52:8f:1a:
                    6a:c6:b8:e3:41:fe:a3:1a:67:73:77:f8:98:24:9a:
                    7a:ea:c4:2d:bb:96:c8:5d:2f:e4:d9:2d:10:59:81:
                    53:fa:bc:f6:ab:b3:97:1f:76:2b:ed:c8:10:18:7d:
                    d1:b6:62:87:64:6e:48:d2:23:68:59:45:a9:03:9d:
                    d2:b9:4f:3c:61:c5:c9:72:7d:97:0c:b8:f3:55:12:
                    18:b5:ec:3e:75:32:84:68:b5:66:90:f5:6a:24:cf:
                    68:36:40:d1:b3:8f:22:5f:4a:ec:ec:c0:c9:ec:fa:
                    e5:aa:e5:9e:ad:f1:40:72:bd:8a:c0:ba:86:1b:63:
                    20:25:64:db:f4:32:67:ed:01:a7:0f:0d:2b:67:34:
                    41:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:DE:D8:A4:63:36:33:2D:8F:74:3C:82:04:6B:76:36:64:BA:3D:D6
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/pt7YpGM2My2PdDyCBGt2NmS6PdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1060::/44

    Signature Algorithm: sha256WithRSAEncryption
         b5:e2:59:f2:ae:e2:51:b8:29:06:62:e4:d2:ed:f6:91:b0:3d:
         f0:94:55:73:48:0d:2d:96:45:f6:79:7c:1d:0a:b8:82:e8:7d:
         d0:1c:07:0a:03:20:e1:aa:74:89:c0:7c:7e:98:5d:e2:b7:65:
         db:68:69:cb:ab:90:10:2b:74:f0:57:f6:55:b4:69:62:3f:ce:
         8b:01:b0:c6:1a:05:48:95:49:3b:df:ca:08:65:49:29:b1:c7:
         08:09:f7:e7:35:a1:74:30:20:79:98:64:19:4e:f6:f1:eb:a8:
         11:55:39:02:87:26:66:dc:52:07:38:a2:92:ef:df:82:8e:01:
         1b:9c:31:4b:61:27:5f:7b:3f:98:19:f4:be:a0:33:4b:1e:0b:
         36:10:b4:11:6e:c8:dd:38:c9:e9:04:f0:d7:86:f7:f5:83:38:
         cc:54:30:ac:27:d3:d8:ca:95:b5:cc:ba:66:fa:f6:37:8a:54:
         0c:d4:c8:53:80:36:81:62:88:22:87:5e:10:89:d8:60:98:c5:
         4c:80:a5:80:1c:05:0e:77:17:d4:02:72:37:38:95:7c:54:21:
         6e:8d:a2:c7:b1:81:09:f2:c3:70:fb:7c:96:43:ed:82:1c:f7:
         95:22:c2:2c:bd:d5:a3:0d:6f:9c:8a:c5:f3:f5:83:5c:a1:1e:
         e0:db:27:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+vdyWuuEQXWGlyZ5dFU7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjUwMTAxMTc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmRlZDhhNDYzMzYzMzJkOGY3NDNjODIwNDZiNzYzNjY0YmEzZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53bJm/dyzj1e0ip8Qwh3PTRxNXN+
FyyS/opC+pc5tCR+GCMI5LtMsmohfVHUQCnvh5kAXw5pGw2BtLZ+R4uG9SpZp/MB
crnDDMEod4/05KmoWwNCVE4bAfCTffo31XxE9xPMdf1SRoTCvI/nyPeNR1eAW3VS
jxpqxrjjQf6jGmdzd/iYJJp66sQtu5bIXS/k2S0QWYFT+rz2q7OXH3Yr7cgQGH3R
tmKHZG5I0iNoWUWpA53SuU88YcXJcn2XDLjzVRIYtew+dTKEaLVmkPVqJM9oNkDR
s48iX0rs7MDJ7PrlquWerfFAcr2KwLqGG2MgJWTb9DJn7QGnDw0rZzRBKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKbe2KRjNjMtj3Q8ggRrdjZkuj3WMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvcHQ3WXBHTTJNeTJQZER5Q0JHdDJObVM2UGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxBg
MA0GCSqGSIb3DQEBCwUAA4IBAQC14lnyruJRuCkGYuTS7faRsD3wlFVzSA0tlkX2
eXwdCriC6H3QHAcKAyDhqnSJwHx+mF3it2XbaGnLq5AQK3TwV/ZVtGliP86LAbDG
GgVIlUk738oIZUkpsccICffnNaF0MCB5mGQZTvbx66gRVTkChyZm3FIHOKKS79+C
jgEbnDFLYSdfez+YGfS+oDNLHgs2ELQRbsjdOMnpBPDXhvf1gzjMVDCsJ9PYypW1
zLpm+vY3ilQM1MhTgDaBYogih14QidhgmMVMgKWAHAUOdxfUAnI3OJV8VCFujaLH
sYEJ8sNw+3yWQ+2CHPeVIsIsvdWjDW+cisXz9YNcoR7g2yez
-----END CERTIFICATE-----