Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/ilbTbKDw7TN7XTGmwqbvNDRO4fw.roa
File:                     ilbTbKDw7TN7XTGmwqbvNDRO4fw.roa (raw, json)
Hash identifier:          4N4i1l9+mBJiqdctdVubAmlboOr8e2raVm5nIrlAgsQ=
Subject key identifier:   8A:56:D3:6C:A0:F0:ED:33:7B:5D:31:A6:C2:A6:EF:34:34:4E:E1:FC
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       01974A6E63B6ACB258EBB6F5011005B3F670
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/ilbTbKDw7TN7XTGmwqbvNDRO4fw.roa
Signing time:             Sat 07 Jun 2025 12:47:17 +0000
ROA not before:           Sat 07 Jun 2025 12:47:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11967
IP address blocks:        2a0d:d940:70::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4a:6e:63:b6:ac:b2:58:eb:b6:f5:01:10:05:b3:f6:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jun  7 12:47:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a56d36ca0f0ed337b5d31a6c2a6ef34344ee1fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f2:24:0d:ae:40:ae:54:b5:7b:16:ab:32:96:
                    c9:78:6c:bb:59:15:61:91:03:c9:75:c7:c6:9d:11:
                    8c:ea:b2:ae:bc:96:67:04:75:59:5f:79:21:2f:f9:
                    44:7f:8f:64:a7:62:8d:66:98:06:65:52:81:0c:83:
                    2d:a4:69:43:5b:d0:cd:46:a6:e7:97:70:b5:d1:cb:
                    cd:ba:fb:fb:a3:8a:fc:24:59:a8:d7:ad:33:cc:19:
                    99:ec:74:0b:56:c2:29:2a:35:83:bc:5c:5f:aa:bf:
                    c3:fd:4e:e2:f4:10:30:92:6c:3f:5a:7c:be:f4:61:
                    2a:5d:24:c8:b9:17:3b:e7:6e:3c:ca:d1:d5:f7:40:
                    77:f5:a0:d9:70:b3:8a:f0:a1:0b:16:b3:c4:83:d4:
                    24:3d:bc:6e:b6:bb:40:df:42:89:d4:16:57:c3:8d:
                    30:80:d6:f2:80:d8:1d:32:9c:4d:0a:72:55:55:2d:
                    68:e7:8d:76:bc:f3:48:70:6d:7a:b7:de:3a:f4:e9:
                    c3:3c:68:d7:59:d7:29:f1:a4:ae:14:ed:a7:7e:64:
                    1f:1b:04:22:5f:90:d3:f9:b7:d3:5f:88:cf:fa:b1:
                    cf:67:93:c8:af:76:56:c9:f8:c1:84:89:49:82:5a:
                    dd:53:08:06:46:e0:63:06:b1:4c:07:fc:da:30:a7:
                    14:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:56:D3:6C:A0:F0:ED:33:7B:5D:31:A6:C2:A6:EF:34:34:4E:E1:FC
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/ilbTbKDw7TN7XTGmwqbvNDRO4fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:70::/44

    Signature Algorithm: sha256WithRSAEncryption
         d9:fd:bc:34:bd:1b:8d:64:5c:8a:ff:dd:17:db:21:8b:31:5b:
         a0:a5:90:e2:13:57:92:de:02:b2:88:e9:9a:c0:a1:e9:5e:97:
         ef:ee:03:e3:61:02:1f:19:e4:0f:69:05:da:88:d7:23:5e:d9:
         32:27:ac:eb:4e:da:84:be:cd:85:6e:04:6b:75:88:fe:ac:78:
         9f:fc:c7:a3:bc:e4:c3:90:80:59:50:06:03:3d:2e:3a:8f:f1:
         18:81:c6:c0:43:79:53:93:59:fa:d0:46:77:ef:44:08:4a:27:
         5b:79:88:90:58:25:5e:24:f5:00:26:99:e3:44:e9:e9:bf:61:
         6d:9b:42:07:f3:dc:05:7e:70:c0:6d:72:e3:6c:08:cf:dd:89:
         c6:2c:06:8d:97:6b:1c:78:f9:ee:ab:df:d4:9f:7f:25:b7:cc:
         a0:15:6a:bd:90:66:42:94:e5:a9:da:61:c0:ab:9c:53:ec:f1:
         d4:b2:11:a5:87:e8:93:99:0c:3a:b8:56:3b:02:6d:1c:02:99:
         4f:b9:16:fe:20:b5:a3:5d:9d:2d:f4:55:f7:f3:af:8b:6c:6f:
         56:61:17:ce:a1:02:a3:86:0c:18:6c:6f:b7:e1:e9:5e:17:8c:
         01:a3:96:9c:03:76:bc:be:c0:9f:8f:8c:b8:cf:f3:dd:8c:d9:
         bf:f5:8d:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdKbmO2rLJY67b1ARAFs/ZwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNjA3MTI0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTU2ZDM2Y2EwZjBlZDMzN2I1ZDMxYTZjMmE2ZWYzNDM0NGVlMWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPIkDa5ArlS1exarMpbJeGy7WRVh
kQPJdcfGnRGM6rKuvJZnBHVZX3khL/lEf49kp2KNZpgGZVKBDIMtpGlDW9DNRqbn
l3C10cvNuvv7o4r8JFmo160zzBmZ7HQLVsIpKjWDvFxfqr/D/U7i9BAwkmw/Wny+
9GEqXSTIuRc75248ytHV90B39aDZcLOK8KELFrPEg9QkPbxutrtA30KJ1BZXw40w
gNbygNgdMpxNCnJVVS1o5412vPNIcG16t9469OnDPGjXWdcp8aSuFO2nfmQfGwQi
X5DT+bfTX4jP+rHPZ5PIr3ZWyfjBhIlJglrdUwgGRuBjBrFMB/zaMKcUIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIpW02yg8O0ze10xpsKm7zQ0TuH8MB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvaWxiVGJLRHc3VE43WFRHbXdxYnZORFJPNGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQABw
MA0GCSqGSIb3DQEBCwUAA4IBAQDZ/bw0vRuNZFyK/90X2yGLMVugpZDiE1eS3gKy
iOmawKHpXpfv7gPjYQIfGeQPaQXaiNcjXtkyJ6zrTtqEvs2FbgRrdYj+rHif/Mej
vOTDkIBZUAYDPS46j/EYgcbAQ3lTk1n60EZ370QISidbeYiQWCVeJPUAJpnjROnp
v2Ftm0IH89wFfnDAbXLjbAjP3YnGLAaNl2scePnuq9/Un38lt8ygFWq9kGZClOWp
2mHAq5xT7PHUshGlh+iTmQw6uFY7Am0cAplPuRb+ILWjXZ0t9FX386+LbG9WYRfO
oQKjhgwYbG+34eleF4wBo5acA3a8vsCfj4y4z/PdjNm/9Y2e
-----END CERTIFICATE-----