Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/IX5R2XsrF811pCyYXDNZoJSyFRA.roa
File:                     IX5R2XsrF811pCyYXDNZoJSyFRA.roa (raw, json)
Hash identifier:          /gZBIGQCMYCl4cQjL9WjQOfClbjeyQFk5ObTpmqIsLs=
Subject key identifier:   21:7E:51:D9:7B:2B:17:CD:75:A4:2C:98:5C:33:59:A0:94:B2:15:10
Certificate issuer:       /CN=375a064f301026bc3cf87666d6a820128212a811
Certificate serial:       019421B1FD72EC9F42E28663915E7A9BA1C3
Authority key identifier: 37:5A:06:4F:30:10:26:BC:3C:F8:76:66:D6:A8:20:12:82:12:A8:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1oGTzAQJrw8-HZm1qggEoISqBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/IX5R2XsrF811pCyYXDNZoJSyFRA.roa
Signing time:             Wed 01 Jan 2025 11:48:20 +0000
ROA not before:           Wed 01 Jan 2025 11:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8966
IP address blocks:        2a03:2887:ff0c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/N1oGTzAQJrw8-HZm1qggEoISqBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/N1oGTzAQJrw8-HZm1qggEoISqBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1oGTzAQJrw8-HZm1qggEoISqBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:fd:72:ec:9f:42:e2:86:63:91:5e:7a:9b:a1:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=375a064f301026bc3cf87666d6a820128212a811
        Validity
            Not Before: Jan  1 11:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=217e51d97b2b17cd75a42c985c3359a094b21510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ff:31:d2:40:85:2d:7c:29:81:ef:93:63:73:
                    32:9d:4b:17:d0:96:fb:5a:d0:45:c7:0d:6e:3d:90:
                    d6:5b:15:58:12:74:46:2e:a3:d7:7e:a3:03:f0:f0:
                    1d:28:ec:83:e1:b6:85:e1:84:a1:be:cd:29:c4:e1:
                    59:c9:60:6e:84:a6:3a:0d:25:13:6d:f9:17:2b:ff:
                    6f:9d:64:d3:32:76:9e:c9:0f:57:54:02:43:0d:00:
                    1c:ba:d6:82:1c:5e:94:10:ba:60:60:08:74:5d:4a:
                    8d:76:4f:d9:bf:06:37:71:ed:c1:64:b6:2b:3a:84:
                    0c:e5:9d:47:9c:0c:69:0e:a6:a0:cf:85:80:96:5c:
                    3e:8c:2b:76:b3:f4:67:b1:4d:79:fd:16:c2:26:e2:
                    75:61:1b:a8:bb:ce:0d:9b:8a:21:d1:17:d9:a5:77:
                    72:ca:55:9b:7a:a2:9c:b9:ba:44:6b:f1:2e:9a:cc:
                    ff:72:c4:36:ea:28:bc:7f:c0:59:c2:3c:cd:8b:05:
                    3b:34:e7:f6:7c:09:c1:d0:ae:84:23:b1:bd:71:23:
                    1c:29:ce:72:f8:ab:3f:63:c9:75:d6:15:a5:f0:89:
                    d5:2b:01:17:c9:17:df:48:cd:f4:f6:8d:89:fa:b8:
                    cc:10:6b:f9:0c:68:cf:1f:16:ec:34:8f:a7:f8:cb:
                    66:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:7E:51:D9:7B:2B:17:CD:75:A4:2C:98:5C:33:59:A0:94:B2:15:10
            X509v3 Authority Key Identifier:
                keyid:37:5A:06:4F:30:10:26:BC:3C:F8:76:66:D6:A8:20:12:82:12:A8:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1oGTzAQJrw8-HZm1qggEoISqBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/IX5R2XsrF811pCyYXDNZoJSyFRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/N1oGTzAQJrw8-HZm1qggEoISqBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:2887:ff0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:24:de:80:2d:6a:6e:e6:9e:09:d5:10:89:70:d5:f1:c5:37:
         b3:d2:8d:d5:09:bd:0e:01:e0:0f:66:fb:4f:f7:28:cd:d8:32:
         21:54:40:31:4f:4e:69:6f:49:7c:cb:96:ae:ed:5a:ae:94:70:
         59:af:34:2a:d9:c6:6d:76:54:4e:aa:63:a4:9f:b4:02:ad:e8:
         71:32:dc:17:48:45:a8:56:5d:b6:03:aa:cf:24:c1:ed:d0:f7:
         65:56:47:5c:c2:74:21:cc:91:61:a7:58:54:bc:5b:56:c3:69:
         65:eb:e8:df:7d:4e:70:f5:89:27:28:e3:d0:07:1e:bf:9a:55:
         e7:8a:1e:74:93:92:16:0a:0a:b8:6e:2f:8a:13:9f:c5:44:2b:
         ec:40:2f:d5:d8:6c:8e:92:de:f5:cc:ed:39:42:de:ea:dd:a1:
         cc:ee:d8:61:64:cb:c3:5d:99:55:0d:4a:cc:f9:f7:6d:76:a9:
         57:96:9c:e1:ca:5e:35:c3:aa:98:63:70:86:b8:a5:68:45:1e:
         52:3a:56:87:c0:a6:84:49:8f:dc:0a:6a:31:7e:4f:e8:20:4b:
         e8:ab:f3:2c:12:8d:7a:27:25:e1:b4:c8:96:ed:0d:79:d0:df:
         6e:2f:27:59:91:f7:91:f2:85:78:1f:37:fd:0c:99:68:5a:9b:
         1b:41:f8:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhsf1y7J9C4oZjkV56m6HDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NWEwNjRmMzAxMDI2YmMzY2Y4NzY2NmQ2YTgyMDEyODIx
MmE4MTEwHhcNMjUwMTAxMTE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTdlNTFkOTdiMmIxN2NkNzVhNDJjOTg1YzMzNTlhMDk0YjIxNTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuf8x0kCFLXwpge+TY3MynUsX0Jb7
WtBFxw1uPZDWWxVYEnRGLqPXfqMD8PAdKOyD4baF4YShvs0pxOFZyWBuhKY6DSUT
bfkXK/9vnWTTMnaeyQ9XVAJDDQAcutaCHF6UELpgYAh0XUqNdk/ZvwY3ce3BZLYr
OoQM5Z1HnAxpDqagz4WAllw+jCt2s/RnsU15/RbCJuJ1YRuou84Nm4oh0RfZpXdy
ylWbeqKcubpEa/Eumsz/csQ26ii8f8BZwjzNiwU7NOf2fAnB0K6EI7G9cSMcKc5y
+Ks/Y8l11hWl8InVKwEXyRffSM309o2J+rjMEGv5DGjPHxbsNI+n+Mtm4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCF+Udl7KxfNdaQsmFwzWaCUshUQMB8GA1UdIwQY
MBaAFDdaBk8wECa8PPh2ZtaoIBKCEqgRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFvR1R6QVFKcnc4LUhabTFxZ2dFb0lTcUJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9kYzU4ODEtMzYzMi00NWFmLWJmNTkt
ZjQ0YTU3Y2VkNzNkLzEvSVg1UjJYc3JGODExcEN5WVhETlpvSlN5RlJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9kYzU4ODEtMzYzMi00NWFmLWJmNTktZjQ0YTU3Y2VkNzNk
LzEvTjFvR1R6QVFKcnc4LUhabTFxZ2dFb0lTcUJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMoh/8M
MA0GCSqGSIb3DQEBCwUAA4IBAQAAJN6ALWpu5p4J1RCJcNXxxTez0o3VCb0OAeAP
ZvtP9yjN2DIhVEAxT05pb0l8y5au7VqulHBZrzQq2cZtdlROqmOkn7QCrehxMtwX
SEWoVl22A6rPJMHt0PdlVkdcwnQhzJFhp1hUvFtWw2ll6+jffU5w9YknKOPQBx6/
mlXnih50k5IWCgq4bi+KE5/FRCvsQC/V2GyOkt71zO05Qt7q3aHM7thhZMvDXZlV
DUrM+fdtdqlXlpzhyl41w6qYY3CGuKVoRR5SOlaHwKaESY/cCmoxfk/oIEvoq/Ms
Eo16JyXhtMiW7Q150N9uLydZkfeR8oV4Hzf9DJloWpsbQfj6
-----END CERTIFICATE-----