Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/b7g_AfGKRKl1uxe-BoiQM3sl0nw.roa
File:                     b7g_AfGKRKl1uxe-BoiQM3sl0nw.roa (raw, json)
Hash identifier:          Zf9ZuQPGxN3TX6S4uzmoIy9WChIwMZZm6ZNHezb6N+U=
Subject key identifier:   6F:B8:3F:01:F1:8A:44:A9:75:BB:17:BE:06:88:90:33:7B:25:D2:7C
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0195021EB8E67BCAE2E665245415F5C23370
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/b7g_AfGKRKl1uxe-BoiQM3sl0nw.roa
Signing time:             Fri 14 Feb 2025 01:42:02 +0000
ROA not before:           Fri 14 Feb 2025 01:42:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213843
IP address blocks:        2a0d:d940:20::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 08:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:02:1e:b8:e6:7b:ca:e2:e6:65:24:54:15:f5:c2:33:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb 14 01:42:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fb83f01f18a44a975bb17be068890337b25d27c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f3:a1:01:39:36:02:a7:35:7a:7f:49:7d:de:
                    e7:3a:a2:b6:c6:53:6a:3c:92:a7:25:f6:79:e7:4e:
                    1e:74:6b:54:6a:93:fd:e5:4d:47:c5:49:78:09:01:
                    b9:aa:76:61:ec:c7:ae:77:b2:f5:74:7a:b9:e0:f3:
                    5a:ae:d9:5d:9b:82:e7:49:35:82:f5:ac:20:63:c1:
                    20:62:7d:1e:0d:e6:9e:66:d9:dd:7b:39:8e:bd:a3:
                    4e:99:bd:56:85:a5:ea:7e:63:71:19:ee:4b:0c:3d:
                    ae:20:66:41:7a:ce:ab:f2:fc:08:5c:a5:f8:2b:46:
                    c9:4f:27:85:d0:33:e9:a0:67:19:ee:b0:19:bc:38:
                    ea:62:63:7e:ed:19:53:9f:24:1d:3b:14:f5:63:c5:
                    00:d5:ac:db:5c:8a:7d:72:0a:13:e0:42:5c:90:c1:
                    43:92:55:47:3f:45:82:65:de:11:c9:31:fc:97:0b:
                    3f:23:08:4f:f3:1c:c4:57:10:d9:b4:16:d8:70:f5:
                    9e:6d:2a:75:42:d6:31:04:4b:55:0f:59:5d:1e:bf:
                    e7:1d:f5:6d:e2:51:ba:5d:1a:ac:ae:95:fe:7c:6c:
                    bd:f5:c9:31:2a:15:05:47:f9:a7:7b:ac:4f:d5:f0:
                    b3:45:c3:eb:dc:40:80:3b:59:d5:6d:85:ce:a6:fc:
                    5a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:B8:3F:01:F1:8A:44:A9:75:BB:17:BE:06:88:90:33:7B:25:D2:7C
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/b7g_AfGKRKl1uxe-BoiQM3sl0nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         1d:6d:82:ff:bf:62:35:1b:e8:ea:7a:a4:ae:3b:a5:82:e9:9b:
         a2:1c:de:01:e4:03:bf:64:e6:c5:b7:80:97:9c:b8:31:93:bd:
         82:e1:81:08:2e:b3:51:1f:7a:f7:23:5c:c2:51:c5:36:30:4e:
         fb:3d:5a:91:33:52:75:6b:68:fc:2d:ac:35:65:ef:89:11:f8:
         c0:93:49:18:9e:24:be:d9:69:15:d6:f7:33:d8:9a:3d:14:78:
         2e:d8:78:75:67:9e:27:cc:c4:6a:1a:32:78:a9:ce:14:31:45:
         dc:3d:fb:1a:f3:74:02:a4:d7:e0:7c:68:e6:25:ee:f5:17:6d:
         0e:e9:9c:3c:0e:ec:82:84:3c:a3:29:d6:75:c0:12:fd:44:7e:
         8b:89:97:1e:d1:30:01:2e:76:89:44:63:1a:09:1b:62:97:6a:
         b9:ae:df:15:d5:53:be:b7:b2:d2:20:47:34:22:58:75:88:23:
         d5:77:af:9a:af:cd:9a:23:6d:53:7c:b2:3b:a0:8b:b6:e1:ec:
         ac:c3:20:f4:00:3e:ae:d2:e3:d0:a6:b0:b5:bd:d4:cc:f5:5a:
         40:6b:bd:d6:68:cc:60:79:cf:af:54:92:79:fa:0f:2c:3f:7a:
         4b:9f:b5:94:21:6a:f9:0b:99:f2:85:f0:fe:41:95:c7:e8:cf:
         ed:e9:cd:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZUCHrjme8ri5mUkVBX1wjNwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwMjE0MDE0MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmI4M2YwMWYxOGE0NGE5NzViYjE3YmUwNjg4OTAzMzdiMjVkMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/OhATk2Aqc1en9Jfd7nOqK2xlNq
PJKnJfZ5504edGtUapP95U1HxUl4CQG5qnZh7Meud7L1dHq54PNartldm4LnSTWC
9awgY8EgYn0eDeaeZtndezmOvaNOmb1WhaXqfmNxGe5LDD2uIGZBes6r8vwIXKX4
K0bJTyeF0DPpoGcZ7rAZvDjqYmN+7RlTnyQdOxT1Y8UA1azbXIp9cgoT4EJckMFD
klVHP0WCZd4RyTH8lws/IwhP8xzEVxDZtBbYcPWebSp1QtYxBEtVD1ldHr/nHfVt
4lG6XRqsrpX+fGy99ckxKhUFR/mne6xP1fCzRcPr3ECAO1nVbYXOpvxaVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG+4PwHxikSpdbsXvgaIkDN7JdJ8MB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvYjdnX0FmR0tSS2wxdXhlLUJvaVFNM3NsMG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAdbYL/v2I1G+jqeqSuO6WC6ZuiHN4B5AO/ZObF
t4CXnLgxk72C4YEILrNRH3r3I1zCUcU2ME77PVqRM1J1a2j8Law1Ze+JEfjAk0kY
niS+2WkV1vcz2Jo9FHgu2Hh1Z54nzMRqGjJ4qc4UMUXcPfsa83QCpNfgfGjmJe71
F20O6Zw8DuyChDyjKdZ1wBL9RH6LiZce0TABLnaJRGMaCRtil2q5rt8V1VO+t7LS
IEc0Ilh1iCPVd6+ar82aI21TfLI7oIu24eyswyD0AD6u0uPQprC1vdTM9VpAa73W
aMxgec+vVJJ5+g8sP3pLn7WUIWr5C5nyhfD+QZXH6M/t6c01
-----END CERTIFICATE-----