Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/_dj93V8CgTr4WtPvkeAuwUmW2TE.roa
File:                     _dj93V8CgTr4WtPvkeAuwUmW2TE.roa (raw, json)
Hash identifier:          ZN3MQ6SbuQBeM8qd6E8KM2I3KZr5yEBWX0GSlucExQY=
Subject key identifier:   FD:D8:FD:DD:5F:02:81:3A:F8:5A:D3:EF:91:E0:2E:C1:49:96:D9:31
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       0194266B22FFC3DF6FABB12580C64D55F97B
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/_dj93V8CgTr4WtPvkeAuwUmW2TE.roa
Signing time:             Thu 02 Jan 2025 09:49:02 +0000
ROA not before:           Thu 02 Jan 2025 09:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213185
IP address blocks:        2a0d:1a40:7553::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:22:ff:c3:df:6f:ab:b1:25:80:c6:4d:55:f9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  2 09:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdd8fddd5f02813af85ad3ef91e02ec14996d931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:94:76:5b:1d:ad:ac:16:ec:ac:a3:31:97:35:
                    d2:55:e2:7f:19:91:c2:52:dc:9e:17:3e:ee:90:4b:
                    d9:b5:07:39:db:3c:d9:2d:7d:c2:eb:62:cc:26:4a:
                    38:91:68:a3:fb:ff:78:2c:d4:7d:6d:54:18:58:e6:
                    4c:72:cd:11:fb:67:a8:0f:d1:b8:0e:31:1d:8a:23:
                    e8:9f:bc:36:ae:2b:56:2b:e9:fa:52:18:2b:c7:56:
                    89:57:7d:2e:f4:6b:cb:f7:05:43:19:50:d0:c2:1a:
                    df:27:1c:2a:af:f8:e6:bb:b4:b2:de:22:37:da:3a:
                    d4:7d:e6:ad:8c:6f:c4:c2:7f:ad:c8:ec:6d:ab:9e:
                    e4:12:14:4e:a9:fe:37:2e:32:24:cf:f1:3f:fd:95:
                    54:10:19:36:58:3e:08:32:12:48:04:c6:67:e8:50:
                    c4:bc:d6:a6:db:55:2e:9d:fe:9d:a7:e3:18:84:43:
                    e4:ab:a3:af:7f:67:aa:ff:08:84:8a:63:9d:45:df:
                    0c:eb:72:cd:ef:75:2d:b9:ec:09:c9:7d:f3:61:3a:
                    be:6e:b1:f6:12:7c:c2:73:57:06:ac:51:10:35:67:
                    17:2d:23:a8:2e:2c:da:5b:43:26:18:46:e7:bc:09:
                    f7:b7:39:5b:3d:81:9e:19:98:6b:d3:e9:68:5a:cc:
                    ef:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D8:FD:DD:5F:02:81:3A:F8:5A:D3:EF:91:E0:2E:C1:49:96:D9:31
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/_dj93V8CgTr4WtPvkeAuwUmW2TE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1a40:7553::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:40:89:f5:30:d9:02:98:bf:c2:fd:6b:75:5a:f9:19:55:a2:
         4c:7a:f4:b3:5c:b3:04:b4:63:84:8a:c2:76:f9:a2:65:e9:84:
         bc:e0:76:d7:41:02:94:11:01:fc:21:aa:fd:73:10:41:24:84:
         86:cf:07:e2:31:dd:12:1d:e7:d3:c0:ba:25:07:3d:6b:d6:42:
         65:b7:4a:ce:ef:65:ed:9a:16:c9:8f:b0:9e:72:0d:e4:43:32:
         69:6c:38:3a:11:8b:5c:7e:22:ab:63:be:7f:2b:9b:85:7e:b4:
         e9:1e:33:bf:d2:46:30:ae:24:88:bc:93:33:fb:80:a3:cd:82:
         29:3f:1a:b0:d8:85:26:89:16:b5:c9:05:c3:44:81:35:3b:2c:
         c9:e5:fd:3e:92:fe:4e:4a:91:81:db:11:3a:ae:c1:33:77:c2:
         e1:e0:1d:9d:92:78:77:5d:bb:b6:41:4e:49:6a:8f:fd:d3:dd:
         97:82:6c:59:ac:f3:8b:7a:f7:c0:fd:6c:68:47:d7:27:9e:09:
         13:d6:b0:d6:16:fb:47:6f:f7:10:01:ac:3b:10:5d:24:f8:1d:
         e6:57:c9:72:76:99:26:de:be:a7:9e:92:66:f2:41:26:58:6a:
         bc:61:09:e9:34:41:3c:30:34:9a:ad:67:d2:e5:0f:49:db:77:
         68:33:6e:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmayL/w99vq7ElgMZNVfl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjUwMTAyMDk0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQ4ZmRkZDVmMDI4MTNhZjg1YWQzZWY5MWUwMmVjMTQ5OTZkOTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJR2Wx2trBbsrKMxlzXSVeJ/GZHC
UtyeFz7ukEvZtQc52zzZLX3C62LMJko4kWij+/94LNR9bVQYWOZMcs0R+2eoD9G4
DjEdiiPon7w2ritWK+n6Uhgrx1aJV30u9GvL9wVDGVDQwhrfJxwqr/jmu7Sy3iI3
2jrUfeatjG/Ewn+tyOxtq57kEhROqf43LjIkz/E//ZVUEBk2WD4IMhJIBMZn6FDE
vNam21Uunf6dp+MYhEPkq6Ovf2eq/wiEimOdRd8M63LN73UtuewJyX3zYTq+brH2
EnzCc1cGrFEQNWcXLSOoLizaW0MmGEbnvAn3tzlbPYGeGZhr0+loWszv2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP3Y/d1fAoE6+FrT75HgLsFJltkxMB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvX2RqOTNWOENnVHI0V3RQdmtlQXV3VW1XMlRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0aQHVT
MA0GCSqGSIb3DQEBCwUAA4IBAQBMQIn1MNkCmL/C/Wt1WvkZVaJMevSzXLMEtGOE
isJ2+aJl6YS84HbXQQKUEQH8Iar9cxBBJISGzwfiMd0SHefTwLolBz1r1kJlt0rO
72XtmhbJj7Cecg3kQzJpbDg6EYtcfiKrY75/K5uFfrTpHjO/0kYwriSIvJMz+4Cj
zYIpPxqw2IUmiRa1yQXDRIE1OyzJ5f0+kv5OSpGB2xE6rsEzd8Lh4B2dknh3Xbu2
QU5Jao/9092XgmxZrPOLevfA/WxoR9cnngkT1rDWFvtHb/cQAaw7EF0k+B3mV8ly
dpkm3r6nnpJm8kEmWGq8YQnpNEE8MDSarWfS5Q9J23doM25a
-----END CERTIFICATE-----