Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/lryZPvbj4yExvdlOIp2SCrWeSCY.roa
File:                     lryZPvbj4yExvdlOIp2SCrWeSCY.roa (raw, json)
Hash identifier:          FCRNygfVB0sk9T6/Ss2lAq6vxOZw7f+qQ3cAYEeERzM=
Subject key identifier:   96:BC:99:3E:F6:E3:E3:21:31:BD:D9:4E:22:9D:92:0A:B5:9E:48:26
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       0194266B1F0DEB643461A8183C8EA5396BEA
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/lryZPvbj4yExvdlOIp2SCrWeSCY.roa
Signing time:             Thu 02 Jan 2025 09:49:01 +0000
ROA not before:           Thu 02 Jan 2025 09:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207960
IP address blocks:        2a0d:1a40:7900::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 03:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:1f:0d:eb:64:34:61:a8:18:3c:8e:a5:39:6b:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  2 09:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96bc993ef6e3e32131bdd94e229d920ab59e4826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:26:5d:19:f4:4c:b4:25:36:57:9a:ab:b7:3b:
                    4d:39:de:0a:c3:46:47:07:40:37:13:59:37:5a:2c:
                    44:4d:95:47:2c:cb:05:71:40:78:47:29:0d:2e:00:
                    4e:65:13:b0:39:ae:e8:55:a0:2c:ad:7f:31:c7:62:
                    ef:89:9e:d2:ea:40:21:22:a9:34:05:88:ab:13:d0:
                    88:ae:63:19:6f:c1:76:96:bb:27:16:66:d9:4c:84:
                    82:a6:6e:00:e3:45:96:b8:81:00:07:2e:2b:0d:e5:
                    cd:67:fe:5e:8d:f5:60:31:e9:cb:f5:ec:e1:ff:72:
                    f7:7a:a1:0d:98:18:df:98:47:63:5b:a9:4f:be:eb:
                    04:20:b8:e9:7c:73:87:9c:50:f8:20:44:7a:6c:13:
                    61:0c:0f:f0:62:c5:fc:49:ed:7e:b0:87:ce:b9:8f:
                    66:26:b3:a4:5d:48:f7:d6:6f:d3:3d:24:9d:db:dc:
                    ee:00:a7:73:60:23:92:85:d7:54:92:7c:9e:87:25:
                    03:d2:ec:ef:43:92:70:42:b5:e9:6f:2d:56:32:61:
                    cf:1a:71:49:1f:d2:78:c2:d3:43:fb:aa:d6:d4:01:
                    66:5d:8e:41:56:3a:2a:ba:11:6b:d6:7b:64:51:94:
                    bc:67:37:b8:aa:9b:ab:e0:0c:a6:9e:6d:60:31:50:
                    2e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:BC:99:3E:F6:E3:E3:21:31:BD:D9:4E:22:9D:92:0A:B5:9E:48:26
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/lryZPvbj4yExvdlOIp2SCrWeSCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1a40:7900::/40

    Signature Algorithm: sha256WithRSAEncryption
         62:c9:54:d1:d2:f7:f6:f6:9e:69:ee:45:e3:7e:a6:70:09:85:
         28:c5:78:85:e2:7b:78:2a:24:5b:a0:49:e0:7c:f4:b1:81:9a:
         33:c1:d2:d7:36:9b:c9:c0:f4:44:e9:22:2b:f2:a6:35:05:7b:
         e1:a8:63:0e:12:0b:bb:fe:5e:98:16:19:d2:17:ea:d2:6a:98:
         df:f1:c6:be:3b:5b:e1:14:ec:54:67:ed:ca:58:06:a2:ff:d6:
         8f:b6:d7:6e:7c:b5:a8:69:03:af:96:62:35:53:04:84:1e:06:
         2f:5f:8b:a4:e0:5d:90:bb:8e:6d:03:e9:8a:1c:f9:99:72:4e:
         08:4b:75:81:48:0d:17:40:2f:c1:38:01:2e:b4:16:63:b8:61:
         d0:c2:ea:80:7a:6d:79:9f:c3:17:db:ea:f3:de:45:36:38:bd:
         d1:f1:aa:02:a6:9e:cf:be:9b:11:0f:87:e8:7b:2e:94:15:f4:
         cf:bf:b5:ff:85:d0:ab:08:88:dc:f6:5d:ec:19:68:09:e3:ee:
         64:6a:db:fd:40:4f:4f:fa:b7:20:de:f0:1b:c8:eb:6c:09:51:
         cc:6e:c2:f3:c6:7e:81:c5:df:c7:96:b6:16:39:0d:2d:0d:0a:
         1a:cf:82:8e:56:6e:6b:ae:a0:a9:b3:e7:d5:09:04:7f:bb:2e:
         79:86:aa:df
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQmax8N62Q0YagYPI6lOWvqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjUwMTAyMDk0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmJjOTkzZWY2ZTNlMzIxMzFiZGQ5NGUyMjlkOTIwYWI1OWU0ODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCZdGfRMtCU2V5qrtztNOd4Kw0ZH
B0A3E1k3WixETZVHLMsFcUB4RykNLgBOZROwOa7oVaAsrX8xx2LviZ7S6kAhIqk0
BYirE9CIrmMZb8F2lrsnFmbZTISCpm4A40WWuIEABy4rDeXNZ/5ejfVgMenL9ezh
/3L3eqENmBjfmEdjW6lPvusEILjpfHOHnFD4IER6bBNhDA/wYsX8Se1+sIfOuY9m
JrOkXUj31m/TPSSd29zuAKdzYCOShddUknyehyUD0uzvQ5JwQrXpby1WMmHPGnFJ
H9J4wtND+6rW1AFmXY5BVjoquhFr1ntkUZS8Zze4qpur4Aymnm1gMVAuJwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJa8mT724+MhMb3ZTiKdkgq1nkgmMB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvbHJ5WlB2Ymo0eUV4dmRsT0lwMlNDcldlU0NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg0aQHkw
DQYJKoZIhvcNAQELBQADggEBAGLJVNHS9/b2nmnuReN+pnAJhSjFeIXie3gqJFug
SeB89LGBmjPB0tc2m8nA9ETpIivypjUFe+GoYw4SC7v+XpgWGdIX6tJqmN/xxr47
W+EU7FRn7cpYBqL/1o+21258tahpA6+WYjVTBIQeBi9fi6TgXZC7jm0D6Yoc+Zly
TghLdYFIDRdAL8E4AS60FmO4YdDC6oB6bXmfwxfb6vPeRTY4vdHxqgKmns++mxEP
h+h7LpQV9M+/tf+F0KsIiNz2XewZaAnj7mRq2/1AT0/6tyDe8BvI62wJUcxuwvPG
foHF38eWthY5DS0NChrPgo5WbmuuoKmz59UJBH+7LnmGqt8=
-----END CERTIFICATE-----