Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/cY1SBAGb0C_HOZmr2vnCgfDAOYA.roa
File:                     cY1SBAGb0C_HOZmr2vnCgfDAOYA.roa (raw, json)
Hash identifier:          0UVWxJ+SX4HMn8Zw0fvvKFC9dMd9cGtIUxn1DRI6jR8=
Subject key identifier:   71:8D:52:04:01:9B:D0:2F:C7:39:99:AB:DA:F9:C2:81:F0:C0:39:80
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747E727E376308D93D4813BD063E4E3
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/cY1SBAGb0C_HOZmr2vnCgfDAOYA.roa
Signing time:             Thu 02 Jan 2025 13:50:11 +0000
ROA not before:           Thu 02 Jan 2025 13:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210632
IP address blocks:        2a0b:b87:ff13::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e7:27:e3:76:30:8d:93:d4:81:3b:d0:63:e4:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=718d5204019bd02fc73999abdaf9c281f0c03980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:80:0e:ae:e7:11:03:13:f1:83:14:70:72:63:
                    6e:cf:2d:b2:7e:5c:a7:fb:d1:fa:bd:5e:58:c0:62:
                    13:c8:a7:d3:7d:28:fd:ff:0f:d2:9e:4c:04:37:a4:
                    45:b8:fb:8d:af:b4:cb:65:c2:47:8f:5f:ba:32:b3:
                    6a:8a:ac:72:c0:ed:20:15:55:62:21:78:af:79:0b:
                    f7:7e:c3:e5:d7:a6:b1:5d:70:10:e7:c3:a5:5f:bc:
                    5d:37:a2:06:7b:3b:3d:b2:ef:61:bf:90:80:bf:43:
                    36:bd:3a:13:ba:9e:3f:09:19:98:52:59:ba:82:e3:
                    1c:65:26:af:7f:07:b9:a6:6d:e9:da:cc:87:f1:b8:
                    5f:b3:25:c0:b0:45:4c:75:03:ba:dc:95:6d:bb:a8:
                    9c:99:bf:11:ad:47:be:d8:b9:5f:23:69:8c:af:48:
                    47:6b:25:81:82:dc:53:c6:18:2e:db:80:db:5f:16:
                    aa:b8:6c:d5:92:09:a1:e6:93:b9:22:77:a7:a6:ef:
                    78:9b:6b:1d:25:0e:6d:e8:5f:61:64:6e:76:e2:f6:
                    17:9e:65:f8:1a:64:f7:6b:e0:c5:7f:4b:d3:63:aa:
                    b6:ab:3d:19:86:71:ea:fa:d3:0f:bc:97:02:ee:94:
                    a5:59:38:6e:42:a9:62:82:c8:c5:e9:19:ce:12:d1:
                    1c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:8D:52:04:01:9B:D0:2F:C7:39:99:AB:DA:F9:C2:81:F0:C0:39:80
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/cY1SBAGb0C_HOZmr2vnCgfDAOYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ff13::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:25:39:2c:bf:fe:9f:c3:54:58:5a:21:18:d9:9e:ff:e8:be:
         b9:b8:22:cb:86:0c:e6:c2:43:da:f6:c1:39:73:45:08:f7:b0:
         73:b0:5d:50:ce:30:3d:5d:22:dc:05:41:74:7b:a3:cd:81:c9:
         3b:26:7d:6c:96:d9:3c:e9:00:b0:13:54:6e:0d:f5:18:18:d1:
         d7:e2:e0:97:c5:16:e4:3e:ce:b0:11:7d:ba:e2:70:9f:71:d4:
         7c:20:7e:b4:ef:bd:18:c6:5b:53:34:82:d7:f2:83:c5:93:ce:
         5f:e6:f5:17:40:d5:aa:25:d0:77:2b:c7:21:42:88:37:be:36:
         bd:c3:33:7a:f8:52:d4:39:54:e0:e2:0d:d9:e9:21:63:5f:2d:
         02:cf:4e:cc:54:2b:eb:db:c2:66:c0:75:eb:37:61:d1:11:96:
         fa:df:6f:d4:ba:88:74:2d:2f:65:4f:07:32:2d:ea:27:aa:34:
         86:f9:38:f0:34:d9:77:39:70:f9:40:9f:ac:13:d2:a8:f0:7b:
         69:0e:be:73:f6:9f:f0:f7:b3:d8:57:0e:f8:32:ae:68:a8:c1:
         87:a0:74:88:5b:f3:90:1d:ea:18:b1:db:01:12:4d:a5:9c:c6:
         e1:08:5f:eb:7d:cd:0a:4f:4d:3b:82:d7:f5:c4:d6:9c:6d:af:
         41:cf:67:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR+cn43YwjZPUgTvQY+TjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MThkNTIwNDAxOWJkMDJmYzczOTk5YWJkYWY5YzI4MWYwYzAzOTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYAOrucRAxPxgxRwcmNuzy2yflyn
+9H6vV5YwGITyKfTfSj9/w/SnkwEN6RFuPuNr7TLZcJHj1+6MrNqiqxywO0gFVVi
IXiveQv3fsPl16axXXAQ58OlX7xdN6IGezs9su9hv5CAv0M2vToTup4/CRmYUlm6
guMcZSavfwe5pm3p2syH8bhfsyXAsEVMdQO63JVtu6icmb8RrUe+2LlfI2mMr0hH
ayWBgtxTxhgu24DbXxaquGzVkgmh5pO5Inenpu94m2sdJQ5t6F9hZG524vYXnmX4
GmT3a+DFf0vTY6q2qz0ZhnHq+tMPvJcC7pSlWThuQqligsjF6RnOEtEcPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHGNUgQBm9AvxzmZq9r5woHwwDmAMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvY1kxU0JBR2IwQ19IT1ptcjJ2bkNnZkRBT1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/8T
MA0GCSqGSIb3DQEBCwUAA4IBAQASJTksv/6fw1RYWiEY2Z7/6L65uCLLhgzmwkPa
9sE5c0UI97BzsF1QzjA9XSLcBUF0e6PNgck7Jn1sltk86QCwE1RuDfUYGNHX4uCX
xRbkPs6wEX264nCfcdR8IH60770YxltTNILX8oPFk85f5vUXQNWqJdB3K8chQog3
vja9wzN6+FLUOVTg4g3Z6SFjXy0Cz07MVCvr28JmwHXrN2HREZb632/Uuoh0LS9l
TwcyLeonqjSG+TjwNNl3OXD5QJ+sE9Ko8HtpDr5z9p/w97PYVw74Mq5oqMGHoHSI
W/OQHeoYsdsBEk2lnMbhCF/rfc0KT007gtf1xNacba9Bz2cP
-----END CERTIFICATE-----