Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/OyleDCJuItn5rb7Tu1FF41SGnIM.roa
File:                     OyleDCJuItn5rb7Tu1FF41SGnIM.roa (raw, json)
Hash identifier:          NIrCILYYnwCBc1TH192ieqPQbIJfxuvDv8fbOe6H8Yw=
Subject key identifier:   3B:29:5E:0C:22:6E:22:D9:F9:AD:BE:D3:BB:51:45:E3:54:86:9C:83
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747DD1AE0E786EDFF0B493000E238E1
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/OyleDCJuItn5rb7Tu1FF41SGnIM.roa
Signing time:             Thu 02 Jan 2025 13:50:08 +0000
ROA not before:           Thu 02 Jan 2025 13:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205117
IP address blocks:        2a0b:b87:ffe3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:dd:1a:e0:e7:86:ed:ff:0b:49:30:00:e2:38:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b295e0c226e22d9f9adbed3bb5145e354869c83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7a:1f:ab:1f:2a:fc:d1:ac:44:e8:57:37:f8:
                    4c:6c:46:0a:ea:de:fc:ac:6b:f1:02:62:d0:54:fa:
                    5e:fd:98:13:c3:85:09:31:82:c7:5c:09:66:b5:f6:
                    78:51:c9:38:d1:54:4d:67:a2:68:c4:f1:19:cf:e2:
                    43:e3:6f:71:6b:60:81:12:62:d8:64:f6:c7:ca:c3:
                    4f:7d:ef:c6:51:fe:66:7b:94:e6:d3:e8:41:31:2b:
                    3f:74:de:fb:79:bc:ec:4d:b0:ec:4f:ab:dd:d2:ad:
                    7b:1b:59:62:62:ef:d4:8a:a9:ed:95:b8:f8:80:e8:
                    f4:9d:95:28:25:9d:65:da:4e:c8:fe:73:dd:52:7f:
                    e2:c0:1f:e4:00:c2:9d:39:f2:42:44:0e:12:84:95:
                    1c:bc:6b:2d:92:06:7f:3f:1e:3d:69:94:36:bf:8b:
                    70:3a:57:a6:c1:34:03:7f:62:e6:7a:b6:47:e4:af:
                    5c:ca:b4:6f:f3:02:a6:56:f7:2b:ab:5f:39:70:12:
                    ba:91:42:93:1c:77:a5:40:46:a6:fd:30:a2:e0:be:
                    46:bb:2b:e1:71:05:c8:3f:06:5e:42:aa:74:f5:bc:
                    9a:ca:f4:2b:a4:e7:b7:2e:99:cb:ab:9c:83:db:c2:
                    79:7b:82:bf:18:3a:42:82:71:d6:4f:6d:d5:a9:a7:
                    9d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:29:5E:0C:22:6E:22:D9:F9:AD:BE:D3:BB:51:45:E3:54:86:9C:83
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/OyleDCJuItn5rb7Tu1FF41SGnIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffe3::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:c6:f6:d0:fc:a9:1d:24:cd:5b:94:70:bf:59:46:39:2b:38:
         52:ff:38:fa:29:6c:e9:5c:4c:7e:2f:49:69:36:0c:92:05:c2:
         76:18:d2:a3:c5:dc:fb:01:1b:48:08:03:f8:6d:03:59:8b:a5:
         14:7f:d3:70:dd:23:1a:ec:50:06:52:50:84:f1:41:7f:60:5b:
         38:d1:a4:e4:e2:ea:d6:e6:8e:30:67:08:aa:86:39:67:15:6e:
         f2:06:bf:28:9e:43:4e:4d:81:f5:5d:a9:35:d2:55:2b:ce:91:
         63:63:3f:41:5b:0c:c8:57:eb:1b:71:27:ef:6d:bb:5f:a2:a3:
         c3:74:fb:d6:11:7b:54:d4:6d:56:56:3a:fc:c2:3b:b6:57:e8:
         09:18:2f:e1:4e:e4:03:56:82:6d:7e:ad:1d:ae:c6:eb:84:89:
         b1:e8:a9:ca:99:44:fa:e4:7b:d3:ae:cb:0b:30:da:82:07:91:
         3d:37:b2:34:26:18:68:d1:ef:bf:67:d8:6d:f4:d1:22:37:1c:
         06:22:da:e8:ec:b6:f4:10:e7:10:1c:59:1f:cb:8d:90:24:df:
         49:7a:f3:4b:e9:71:28:cb:75:23:68:18:cd:9e:6d:cc:dc:aa:
         83:7b:2e:a9:91:61:d1:e3:22:1d:6e:26:3f:81:b4:2a:52:f9:
         96:8c:92:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR90a4OeG7f8LSTAA4jjhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjI5NWUwYzIyNmUyMmQ5ZjlhZGJlZDNiYjUxNDVlMzU0ODY5YzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3ofqx8q/NGsROhXN/hMbEYK6t78
rGvxAmLQVPpe/ZgTw4UJMYLHXAlmtfZ4Uck40VRNZ6JoxPEZz+JD429xa2CBEmLY
ZPbHysNPfe/GUf5me5Tm0+hBMSs/dN77ebzsTbDsT6vd0q17G1liYu/Uiqntlbj4
gOj0nZUoJZ1l2k7I/nPdUn/iwB/kAMKdOfJCRA4ShJUcvGstkgZ/Px49aZQ2v4tw
OlemwTQDf2LmerZH5K9cyrRv8wKmVvcrq185cBK6kUKTHHelQEam/TCi4L5Guyvh
cQXIPwZeQqp09byayvQrpOe3LpnLq5yD28J5e4K/GDpCgnHWT23VqaedAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDspXgwibiLZ+a2+07tRReNUhpyDMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvT3lsZURDSnVJdG41cmI3VHUxRkY0MVNHbklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh//j
MA0GCSqGSIb3DQEBCwUAA4IBAQBVxvbQ/KkdJM1blHC/WUY5KzhS/zj6KWzpXEx+
L0lpNgySBcJ2GNKjxdz7ARtICAP4bQNZi6UUf9Nw3SMa7FAGUlCE8UF/YFs40aTk
4urW5o4wZwiqhjlnFW7yBr8onkNOTYH1Xak10lUrzpFjYz9BWwzIV+sbcSfvbbtf
oqPDdPvWEXtU1G1WVjr8wju2V+gJGC/hTuQDVoJtfq0drsbrhImx6KnKmUT65HvT
rssLMNqCB5E9N7I0Jhho0e+/Z9ht9NEiNxwGItro7Lb0EOcQHFkfy42QJN9JevNL
6XEoy3UjaBjNnm3M3KqDey6pkWHR4yIdbiY/gbQqUvmWjJJL
-----END CERTIFICATE-----