Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7s1vlMSfOJKnVeCwaN8pm_OILY0.roa
File:                     7s1vlMSfOJKnVeCwaN8pm_OILY0.roa (raw, json)
Hash identifier:          C7906cZU8aCKXOyLJviN3x2QEg+urUVyv2wDiZLVQrg=
Subject key identifier:   EE:CD:6F:94:C4:9F:38:92:A7:55:E0:B0:68:DF:29:9B:F3:88:2D:8D
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       0194266B20BDB2C6E080CC4EC4FC283CA15A
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7s1vlMSfOJKnVeCwaN8pm_OILY0.roa
Signing time:             Thu 02 Jan 2025 09:49:02 +0000
ROA not before:           Thu 02 Jan 2025 09:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210989
IP address blocks:        2a0d:1a40:7b00::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:20:bd:b2:c6:e0:80:cc:4e:c4:fc:28:3c:a1:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  2 09:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eecd6f94c49f3892a755e0b068df299bf3882d8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c5:40:5e:ea:38:42:59:97:f7:00:2f:94:37:
                    51:a4:89:3d:1c:c0:d0:8d:3c:5b:1e:dd:b6:27:9e:
                    f3:0f:9f:84:3c:90:4d:b1:de:f2:f6:55:cf:29:ab:
                    2b:97:b1:98:13:4b:b1:00:c2:a6:59:2d:3a:bf:52:
                    9c:b5:12:96:8b:51:fe:16:dc:a3:75:d8:4a:2a:5b:
                    87:4b:85:df:41:99:4a:88:85:bb:9a:66:f4:1a:12:
                    b3:c7:e3:e9:10:7c:14:f5:7a:dc:04:af:ec:f0:11:
                    96:39:56:e3:13:01:2f:0a:a3:82:87:cd:90:d3:ce:
                    68:d3:e7:3a:2e:53:fd:8f:ba:67:88:02:74:30:6f:
                    47:53:f6:e0:88:79:cc:4e:68:b4:1b:e2:a9:6b:11:
                    bf:60:b8:3c:56:94:8d:2d:92:44:ab:1a:a2:91:0c:
                    c8:cb:57:87:c6:8b:b4:2f:66:2a:32:11:bd:a6:8c:
                    3c:c5:6b:51:57:6f:b0:92:7d:20:46:10:85:20:fb:
                    88:9b:a7:02:b5:d7:f0:1f:22:81:d6:5b:25:8c:a2:
                    b5:24:65:e1:53:c8:71:7c:80:70:81:66:35:7b:6b:
                    e3:f5:70:38:cf:d4:4a:a7:27:aa:8c:e7:4a:08:68:
                    52:a8:23:8e:79:f8:83:a9:e3:ff:0f:e3:6f:df:e0:
                    76:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:CD:6F:94:C4:9F:38:92:A7:55:E0:B0:68:DF:29:9B:F3:88:2D:8D
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7s1vlMSfOJKnVeCwaN8pm_OILY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1a40:7b00::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:a9:76:5a:3d:56:7a:c1:f8:61:d7:d2:13:db:26:40:c2:7b:
         cf:02:44:0e:85:c5:08:f2:18:93:8a:bf:5e:cc:88:ac:fb:17:
         24:72:19:c2:e4:5b:ee:a5:ff:b2:6f:ef:d2:b9:7f:a4:3b:87:
         77:47:39:51:18:a7:85:fe:b9:31:23:92:1f:11:80:f5:a5:8a:
         1e:fd:6c:0b:8b:02:18:10:4c:8c:35:3a:0b:15:9c:39:61:f3:
         9e:12:0c:78:62:bd:d1:10:7c:dd:16:19:7d:c4:39:6c:09:7c:
         7b:df:2d:11:0b:de:85:38:fa:f8:53:f5:c5:05:c8:d2:1d:b6:
         7f:35:f1:4b:9c:51:87:61:1a:d9:ad:c9:3a:af:92:1c:af:40:
         ed:1d:95:d2:d6:a1:9d:85:3a:cb:53:3f:bb:41:3c:c3:8a:6f:
         73:3e:96:56:92:40:68:30:ea:ff:bd:9e:18:c6:9c:53:57:7f:
         7f:57:2e:33:56:d5:60:c2:90:ff:7c:88:d8:69:a0:04:25:d8:
         31:02:36:1f:b3:8e:19:0c:b1:56:a8:98:7e:f7:2a:69:19:cc:
         0e:75:f7:09:f3:57:60:a3:8e:4d:8a:c0:94:28:b6:ae:51:3e:
         bb:bb:c1:0a:93:4c:87:05:78:bb:61:75:d5:3f:e2:1c:ac:96:
         22:9c:a9:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmayC9ssbggMxOxPwoPKFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjUwMTAyMDk0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWNkNmY5NGM0OWYzODkyYTc1NWUwYjA2OGRmMjk5YmYzODgyZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMVAXuo4QlmX9wAvlDdRpIk9HMDQ
jTxbHt22J57zD5+EPJBNsd7y9lXPKasrl7GYE0uxAMKmWS06v1KctRKWi1H+Ftyj
ddhKKluHS4XfQZlKiIW7mmb0GhKzx+PpEHwU9XrcBK/s8BGWOVbjEwEvCqOCh82Q
085o0+c6LlP9j7pniAJ0MG9HU/bgiHnMTmi0G+KpaxG/YLg8VpSNLZJEqxqikQzI
y1eHxou0L2YqMhG9pow8xWtRV2+wkn0gRhCFIPuIm6cCtdfwHyKB1lsljKK1JGXh
U8hxfIBwgWY1e2vj9XA4z9RKpyeqjOdKCGhSqCOOefiDqeP/D+Nv3+B2fwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO7Nb5TEnziSp1XgsGjfKZvziC2NMB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvN3MxdmxNU2ZPSktuVmVDd2FOOHBtX09JTFkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg0aQHsA
MA0GCSqGSIb3DQEBCwUAA4IBAQBlqXZaPVZ6wfhh19IT2yZAwnvPAkQOhcUI8hiT
ir9ezIis+xckchnC5Fvupf+yb+/SuX+kO4d3RzlRGKeF/rkxI5IfEYD1pYoe/WwL
iwIYEEyMNToLFZw5YfOeEgx4Yr3REHzdFhl9xDlsCXx73y0RC96FOPr4U/XFBcjS
HbZ/NfFLnFGHYRrZrck6r5Icr0DtHZXS1qGdhTrLUz+7QTzDim9zPpZWkkBoMOr/
vZ4YxpxTV39/Vy4zVtVgwpD/fIjYaaAEJdgxAjYfs44ZDLFWqJh+9yppGcwOdfcJ
81dgo45NisCUKLauUT67u8EKk0yHBXi7YXXVP+IcrJYinKkp
-----END CERTIFICATE-----