Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/gVbT8W2DuKQGSKyTYPlzijekpes.roa
File:                     gVbT8W2DuKQGSKyTYPlzijekpes.roa (raw, json)
Hash identifier:          BySj2tLoj2ApXY6YZVgDXdpqUHFzskR55psIZFMLIGo=
Subject key identifier:   81:56:D3:F1:6D:83:B8:A4:06:48:AC:93:60:F9:73:8A:37:A4:A5:EB
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       0194274709557DD2AE3288F9265300D3A74B
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/gVbT8W2DuKQGSKyTYPlzijekpes.roa
Signing time:             Thu 02 Jan 2025 13:49:14 +0000
ROA not before:           Thu 02 Jan 2025 13:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209474
IP address blocks:        2a0f:6580:108::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:09:55:7d:d2:ae:32:88:f9:26:53:00:d3:a7:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  2 13:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8156d3f16d83b8a40648ac9360f9738a37a4a5eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:de:c7:51:d2:b1:04:4b:24:60:96:14:71:f6:
                    c0:4a:18:a7:18:5b:cc:ae:27:b9:c7:7b:f9:fa:8b:
                    17:aa:47:e3:fe:62:e2:2a:65:f5:5c:cc:2d:5d:65:
                    73:5c:47:ae:49:e7:54:0f:16:d9:29:40:1c:bd:5e:
                    fd:f2:e3:15:fb:e8:69:4e:ad:95:03:fb:12:a5:9f:
                    4e:c1:21:21:2f:6a:86:7d:e4:38:3a:0e:e4:12:e0:
                    cf:c6:6a:c1:ea:3e:d3:b4:c4:39:87:a1:0e:f0:73:
                    11:04:e7:7a:57:6e:7b:31:d2:be:fc:ec:71:90:c1:
                    33:41:08:36:60:c1:88:56:73:14:83:b9:77:7e:f8:
                    64:3c:56:bd:8a:1f:51:64:bb:8b:b4:e6:72:a5:88:
                    90:71:ac:7e:ae:7f:08:9c:ce:57:63:f7:d1:aa:dc:
                    0b:69:92:55:91:6a:ef:dc:97:88:d3:40:78:7a:cc:
                    26:92:0f:f7:43:38:55:0b:9a:fc:07:95:9f:f3:70:
                    18:2d:cf:5a:05:2f:68:f3:4a:fd:5d:70:c9:66:f8:
                    6d:ab:26:fe:a1:15:cb:59:7d:ac:6c:d8:a5:0e:4b:
                    5c:b4:f7:45:3e:8a:d3:61:d7:c7:a2:ea:1c:7f:19:
                    89:00:a5:4e:27:df:c5:08:4e:e0:fc:72:17:90:6e:
                    fa:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:56:D3:F1:6D:83:B8:A4:06:48:AC:93:60:F9:73:8A:37:A4:A5:EB
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/gVbT8W2DuKQGSKyTYPlzijekpes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580:108::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:07:11:7b:ce:47:61:31:07:81:0d:92:b8:35:70:52:3e:2e:
         f4:5e:3f:f0:e8:10:01:d4:ee:53:00:2a:19:e8:b2:1c:82:36:
         22:40:f4:d8:dd:d0:ed:1d:b2:f1:60:1c:84:db:1c:ae:b8:3c:
         ae:99:9f:c8:7e:36:02:14:20:b1:20:5e:f2:e2:bf:90:24:ae:
         e4:6d:13:f3:a3:05:1c:ad:01:f2:a9:54:01:0e:ef:76:fc:4c:
         9c:ee:ea:bc:d4:f9:32:e8:fc:c9:24:dd:9d:23:25:74:cd:4c:
         93:e4:79:31:4c:97:34:98:5a:72:6c:1b:6f:2f:b2:83:aa:bc:
         59:fa:f5:95:04:b3:31:f1:a9:93:45:d6:e1:94:01:7e:13:21:
         60:06:7d:5d:00:9c:39:7b:ed:72:ac:5d:2f:d5:66:4c:18:3c:
         8b:72:8e:f6:3e:75:2b:8e:0b:0f:7b:c5:30:df:8f:cd:2c:3b:
         f3:61:c4:c3:af:9a:c2:bb:c2:62:f1:a5:44:65:ff:c6:32:be:
         a8:99:ae:77:49:bb:2a:c7:df:24:9e:2d:06:d8:8f:99:11:c9:
         5f:85:da:fe:f4:9d:c8:4a:c2:39:94:ea:92:ff:b1:c4:f0:51:
         b3:fa:4f:f2:67:cc:f1:17:b2:17:31:37:8e:c9:5b:96:88:e2:
         ab:40:41:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnRwlVfdKuMoj5JlMA06dLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjUwMTAyMTM0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTU2ZDNmMTZkODNiOGE0MDY0OGFjOTM2MGY5NzM4YTM3YTRhNWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArt7HUdKxBEskYJYUcfbAShinGFvM
rie5x3v5+osXqkfj/mLiKmX1XMwtXWVzXEeuSedUDxbZKUAcvV798uMV++hpTq2V
A/sSpZ9OwSEhL2qGfeQ4Og7kEuDPxmrB6j7TtMQ5h6EO8HMRBOd6V257MdK+/Oxx
kMEzQQg2YMGIVnMUg7l3fvhkPFa9ih9RZLuLtOZypYiQcax+rn8InM5XY/fRqtwL
aZJVkWrv3JeI00B4eswmkg/3QzhVC5r8B5Wf83AYLc9aBS9o80r9XXDJZvhtqyb+
oRXLWX2sbNilDktctPdFPorTYdfHouocfxmJAKVOJ9/FCE7g/HIXkG764wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIFW0/Ftg7ikBkisk2D5c4o3pKXrMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvZ1ZiVDhXMkR1S1FHU0t5VFlQbHppamVrcGVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9lgAEI
MA0GCSqGSIb3DQEBCwUAA4IBAQCNBxF7zkdhMQeBDZK4NXBSPi70Xj/w6BAB1O5T
ACoZ6LIcgjYiQPTY3dDtHbLxYByE2xyuuDyumZ/IfjYCFCCxIF7y4r+QJK7kbRPz
owUcrQHyqVQBDu92/Eyc7uq81Pky6PzJJN2dIyV0zUyT5HkxTJc0mFpybBtvL7KD
qrxZ+vWVBLMx8amTRdbhlAF+EyFgBn1dAJw5e+1yrF0v1WZMGDyLco72PnUrjgsP
e8Uw34/NLDvzYcTDr5rCu8Ji8aVEZf/GMr6oma53Sbsqx98kni0G2I+ZEclfhdr+
9J3ISsI5lOqS/7HE8FGz+k/yZ8zxF7IXMTeOyVuWiOKrQEHF
-----END CERTIFICATE-----