Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/jB110pDZmcuujfQezVUYFypdnk4.roa
File:                     jB110pDZmcuujfQezVUYFypdnk4.roa (raw, json)
Hash identifier:          Ja58Yq8wHJsWad7BVjuXhBRa5NCGI3uYM6r+ME659AY=
Subject key identifier:   8C:1D:75:D2:90:D9:99:CB:AE:8D:F4:1E:CD:55:18:17:2A:5D:9E:4E
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       0195D6A592604AB0AF14CDD4261221722BB3
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/jB110pDZmcuujfQezVUYFypdnk4.roa
Signing time:             Thu 27 Mar 2025 08:08:49 +0000
ROA not before:           Thu 27 Mar 2025 08:08:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44812
IP address blocks:        2a11:7686::/32 maxlen: 32
                          2a11:8307::/32 maxlen: 32
                          2a11:fec5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d6:a5:92:60:4a:b0:af:14:cd:d4:26:12:21:72:2b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Mar 27 08:08:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c1d75d290d999cbae8df41ecd5518172a5d9e4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:61:78:02:18:78:b0:87:f7:c6:60:69:ac:4a:
                    03:a3:c6:c9:a0:db:80:88:64:e4:f9:39:96:5c:4b:
                    39:1d:57:ce:57:f8:d2:db:3d:7c:d5:29:d1:fd:bc:
                    6b:78:aa:8c:a2:a2:54:96:1d:0e:11:2f:8d:1a:80:
                    89:b8:72:17:77:98:db:43:41:fc:ba:b3:e3:2b:eb:
                    39:13:ff:90:bd:ee:01:9c:0b:d3:96:c6:c5:9d:64:
                    95:ea:c1:41:1f:b1:a6:b0:30:bf:a4:d7:55:01:95:
                    3a:72:07:b1:5d:44:1a:68:bb:a0:74:8f:9e:ae:78:
                    1e:49:a9:c4:6a:c4:42:c5:d4:71:2e:37:ac:d4:43:
                    1e:7d:75:93:67:fa:31:d5:7c:d9:0a:50:82:09:54:
                    af:07:c9:56:d0:ef:79:13:9b:da:bd:1e:db:3c:d2:
                    ab:00:16:ef:53:c2:c7:a5:57:bf:7b:71:a9:10:0e:
                    0a:71:77:b0:29:f2:a8:4b:26:67:c2:79:34:84:cb:
                    9b:56:64:d3:59:f6:69:f1:7d:d5:eb:e3:19:b2:94:
                    02:d6:06:9f:2e:22:44:eb:fa:a7:1c:1d:f9:5a:2c:
                    c2:d2:2e:92:47:54:34:da:66:a7:c1:9d:e2:a1:e3:
                    41:2e:b4:76:73:12:00:6f:bd:85:1f:30:89:47:b6:
                    18:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:1D:75:D2:90:D9:99:CB:AE:8D:F4:1E:CD:55:18:17:2A:5D:9E:4E
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/jB110pDZmcuujfQezVUYFypdnk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7686::/32
                  2a11:8307::/32
                  2a11:fec5::/32

    Signature Algorithm: sha256WithRSAEncryption
         cc:6e:3d:4c:09:63:49:e4:f2:90:1c:0b:f6:33:29:26:ec:5b:
         fc:8e:bd:58:f9:3e:c0:43:d3:67:81:99:3a:f9:ee:58:f5:61:
         75:a7:6d:73:88:5e:ad:26:24:d9:99:a8:9a:55:ab:a9:39:77:
         e7:69:8c:cd:02:7a:88:31:1a:92:ea:ac:a2:18:8b:ce:bf:fe:
         9e:30:bf:8c:60:c4:59:ed:fe:13:c1:18:62:6f:4d:fc:44:d0:
         ed:5d:43:a3:91:23:e7:8a:53:c2:5e:ca:e5:71:cd:6c:8b:d3:
         7d:b8:2a:bd:38:94:2a:5f:f5:3f:5a:8b:fe:67:38:59:94:80:
         16:25:89:52:10:07:32:49:34:a8:51:a2:80:fe:12:ad:dd:6f:
         71:be:8d:0b:ec:89:76:3a:59:2b:d2:44:71:4f:3e:5b:42:ef:
         d0:f5:f7:6e:b1:3e:6a:f3:eb:43:4c:ca:c1:75:c7:a1:fe:94:
         89:2b:68:9a:91:de:e0:5f:6e:a1:4b:df:6a:a9:56:20:1d:79:
         70:29:f0:99:c5:86:f7:a7:1b:9e:d1:1a:cd:17:ce:73:7e:82:
         2c:10:26:b4:8a:e1:23:3e:1e:17:5a:65:c4:08:d4:db:0b:3e:
         12:c3:dc:77:04:c4:f8:ef:39:fe:fc:4c:c2:6d:6e:ba:da:c3:
         a9:29:77:bf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZXWpZJgSrCvFM3UJhIhciuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwMzI3MDgwODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzFkNzVkMjkwZDk5OWNiYWU4ZGY0MWVjZDU1MTgxNzJhNWQ5ZTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2F4Ahh4sIf3xmBprEoDo8bJoNuA
iGTk+TmWXEs5HVfOV/jS2z181SnR/bxreKqMoqJUlh0OES+NGoCJuHIXd5jbQ0H8
urPjK+s5E/+Qve4BnAvTlsbFnWSV6sFBH7GmsDC/pNdVAZU6cgexXUQaaLugdI+e
rngeSanEasRCxdRxLjes1EMefXWTZ/ox1XzZClCCCVSvB8lW0O95E5vavR7bPNKr
ABbvU8LHpVe/e3GpEA4KcXewKfKoSyZnwnk0hMubVmTTWfZp8X3V6+MZspQC1gaf
LiJE6/qnHB35WizC0i6SR1Q02manwZ3ioeNBLrR2cxIAb72FHzCJR7YY7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIwdddKQ2ZnLro30Hs1VGBcqXZ5OMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvakIxMTBwRFptY3V1amZRZXpWVVlGeXBkbms0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhF2hgMF
ACoRgwcDBQAqEf7FMA0GCSqGSIb3DQEBCwUAA4IBAQDMbj1MCWNJ5PKQHAv2Mykm
7Fv8jr1Y+T7AQ9NngZk6+e5Y9WF1p21ziF6tJiTZmaiaVaupOXfnaYzNAnqIMRqS
6qyiGIvOv/6eML+MYMRZ7f4TwRhib038RNDtXUOjkSPnilPCXsrlcc1si9N9uCq9
OJQqX/U/Wov+ZzhZlIAWJYlSEAcySTSoUaKA/hKt3W9xvo0L7Il2Olkr0kRxTz5b
Qu/Q9fdusT5q8+tDTMrBdceh/pSJK2iakd7gX26hS99qqVYgHXlwKfCZxYb3pxue
0RrNF85zfoIsECa0iuEjPh4XWmXECNTbCz4Sw9x3BMT47zn+/EzCbW662sOpKXe/
-----END CERTIFICATE-----