Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/S074YuodosP0UuUo6De4P_sFXFs.roa
File:                     S074YuodosP0UuUo6De4P_sFXFs.roa (raw, json)
Hash identifier:          pyM9pUqd+rcNeRhYxGuF9WXwPo5DNw77BSKM8YnWbDw=
Subject key identifier:   4B:4E:F8:62:EA:1D:A2:C3:F4:52:E5:28:E8:37:B8:3F:FB:05:5C:5B
Certificate issuer:       /CN=f3b90781dbbebdb8ec42baf66488059ea5866aac
Certificate serial:       01942521F6D0BEA6FBA3FE2F60487D56D727
Authority key identifier: F3:B9:07:81:DB:BE:BD:B8:EC:42:BA:F6:64:88:05:9E:A5:86:6A:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/S074YuodosP0UuUo6De4P_sFXFs.roa
Signing time:             Thu 02 Jan 2025 03:49:30 +0000
ROA not before:           Thu 02 Jan 2025 03:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12400
IP address blocks:        2a03:6947:c00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f6:d0:be:a6:fb:a3:fe:2f:60:48:7d:56:d7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b90781dbbebdb8ec42baf66488059ea5866aac
        Validity
            Not Before: Jan  2 03:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b4ef862ea1da2c3f452e528e837b83ffb055c5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2f:48:f0:1e:77:c1:7f:8f:89:d3:75:db:3e:
                    1b:69:7d:6c:59:5f:e5:97:f0:ae:3c:30:50:30:2a:
                    76:ff:a5:71:52:0d:61:fb:96:01:36:72:14:83:0e:
                    45:e5:de:d7:f7:fb:1e:09:9d:20:c1:e0:e9:9f:d3:
                    67:05:8e:cf:cc:23:0f:4c:c4:45:cc:69:71:b2:5a:
                    00:99:88:d1:b2:26:3f:6d:12:3f:c8:c0:2e:7d:84:
                    40:13:e1:e2:ba:7a:11:1b:bb:fb:f8:31:ca:03:d1:
                    06:a1:e2:2e:15:2f:af:76:6a:f7:4d:ed:ec:d3:08:
                    ea:44:23:22:88:5b:d8:eb:fb:d8:e4:97:c5:33:e1:
                    7b:2b:41:d8:6d:b5:b6:64:34:3a:d0:3d:67:58:96:
                    94:6d:ad:c8:05:28:4e:f8:ab:ce:c1:9a:e6:1b:a3:
                    d2:8c:ad:b9:89:f5:08:17:04:32:8e:1a:4f:14:ab:
                    6c:75:eb:a1:27:7e:06:12:10:21:fd:f4:fc:8f:49:
                    98:27:19:7e:4f:ac:b2:2a:65:ea:7f:85:ff:76:0e:
                    9d:06:48:06:6e:fb:e5:11:5f:17:bc:8f:5a:99:da:
                    e0:e2:5e:09:0d:db:b9:2f:27:dd:5f:3b:2e:46:12:
                    25:7c:94:e9:9d:e4:04:d3:5b:4b:11:e5:2e:6b:0a:
                    0c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:4E:F8:62:EA:1D:A2:C3:F4:52:E5:28:E8:37:B8:3F:FB:05:5C:5B
            X509v3 Authority Key Identifier:
                keyid:F3:B9:07:81:DB:BE:BD:B8:EC:42:BA:F6:64:88:05:9E:A5:86:6A:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/S074YuodosP0UuUo6De4P_sFXFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:6947:c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         3f:2b:6b:af:64:38:fd:b8:0e:d0:1d:0b:2d:03:28:e7:6d:49:
         03:bf:ef:60:fa:46:a8:a7:44:b4:da:ba:6f:fd:35:3f:29:be:
         03:23:86:aa:2c:ce:ae:1c:c6:53:91:c7:da:c9:c3:9e:d0:6e:
         a4:a7:54:66:8a:6b:dc:26:01:a0:bb:89:a0:33:ab:6b:e9:55:
         84:c0:a3:05:d4:d4:cb:a8:a4:47:9b:56:74:6e:a6:b4:91:bb:
         9e:78:b8:6b:e0:a5:d7:5f:4b:06:87:a5:9d:1e:b2:a4:46:b6:
         9c:0d:e8:6a:9f:dd:60:c1:95:5f:1f:5c:1e:73:b2:99:70:aa:
         97:70:26:b4:66:b7:06:77:68:46:45:99:c8:6a:83:ed:b9:cc:
         9a:dc:c9:0d:96:2f:81:bb:f8:ff:59:d5:26:a5:6b:77:8f:7e:
         ea:eb:ed:f4:ff:64:76:45:79:eb:c7:22:33:55:a2:21:47:58:
         76:1f:d0:5d:d0:24:95:83:7f:31:dd:0d:20:92:ca:01:af:71:
         4f:06:81:af:b3:14:ad:44:68:51:46:38:b9:00:45:b4:dc:f9:
         d5:f0:70:aa:1d:c4:8c:24:23:09:51:56:c9:ad:a3:0d:48:47:
         8d:b6:c2:e4:00:5a:af:3d:74:08:01:3b:d9:5d:68:f6:bc:8d:
         95:19:8d:d1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIfbQvqb7o/4vYEh9VtcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjkwNzgxZGJiZWJkYjhlYzQyYmFmNjY0ODgwNTllYTU4
NjZhYWMwHhcNMjUwMTAyMDM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjRlZjg2MmVhMWRhMmMzZjQ1MmU1MjhlODM3YjgzZmZiMDU1YzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi9I8B53wX+PidN12z4baX1sWV/l
l/CuPDBQMCp2/6VxUg1h+5YBNnIUgw5F5d7X9/seCZ0gweDpn9NnBY7PzCMPTMRF
zGlxsloAmYjRsiY/bRI/yMAufYRAE+HiunoRG7v7+DHKA9EGoeIuFS+vdmr3Te3s
0wjqRCMiiFvY6/vY5JfFM+F7K0HYbbW2ZDQ60D1nWJaUba3IBShO+KvOwZrmG6PS
jK25ifUIFwQyjhpPFKtsdeuhJ34GEhAh/fT8j0mYJxl+T6yyKmXqf4X/dg6dBkgG
bvvlEV8XvI9amdrg4l4JDdu5LyfdXzsuRhIlfJTpneQE01tLEeUuawoM/wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEtO+GLqHaLD9FLlKOg3uD/7BVxbMB8GA1UdIwQY
MBaAFPO5B4Hbvr247EK69mSIBZ6lhmqsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdrSGdkdS12YmpzUXJyMlpJZ0ZucVdHYXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi84YzU4MDgtMzE2NS00MWRjLTkwYTAt
M2VmNWViN2M4NTk4LzEvUzA3NFl1b2Rvc1AwVXVVbzZEZTRQX3NGWEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi84YzU4MDgtMzE2NS00MWRjLTkwYTAtM2VmNWViN2M4NTk4
LzEvODdrSGdkdS12YmpzUXJyMlpJZ0ZucVdHYXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgNpRwww
DQYJKoZIhvcNAQELBQADggEBAD8ra69kOP24DtAdCy0DKOdtSQO/72D6RqinRLTa
um/9NT8pvgMjhqoszq4cxlORx9rJw57QbqSnVGaKa9wmAaC7iaAzq2vpVYTAowXU
1MuopEebVnRuprSRu554uGvgpddfSwaHpZ0esqRGtpwN6Gqf3WDBlV8fXB5zsplw
qpdwJrRmtwZ3aEZFmchqg+25zJrcyQ2WL4G7+P9Z1Sala3ePfurr7fT/ZHZFeevH
IjNVoiFHWHYf0F3QJJWDfzHdDSCSygGvcU8Gga+zFK1EaFFGOLkARbTc+dXwcKod
xIwkIwlRVsmtow1IR422wuQAWq89dAgBO9ldaPa8jZUZjdE=
-----END CERTIFICATE-----