Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/jM1YgWmy2GId9RrRHD2eCt5uEkY.roa
File:                     jM1YgWmy2GId9RrRHD2eCt5uEkY.roa (raw, json)
Hash identifier:          FJlOiEFx70fBY0faFBArkzBpPcwwjFx1jHn/hvq1UOg=
Subject key identifier:   8C:CD:58:81:69:B2:D8:62:1D:F5:1A:D1:1C:3D:9E:0A:DE:6E:12:46
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747EA0083EF2AF733EF0047E6C07A15
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/jM1YgWmy2GId9RrRHD2eCt5uEkY.roa
Signing time:             Thu 02 Jan 2025 13:50:11 +0000
ROA not before:           Thu 02 Jan 2025 13:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210977
IP address blocks:        2a0e:c7c1::/45 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ea:00:83:ef:2a:f7:33:ef:00:47:e6:c0:7a:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ccd588169b2d8621df51ad11c3d9e0ade6e1246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:bd:68:8c:3f:2c:86:c8:b6:7d:f2:9c:a8:e8:
                    34:2f:17:ab:5b:53:88:f3:4f:78:09:43:92:bf:79:
                    62:be:02:1a:de:44:2a:72:6a:98:ff:2a:94:29:e8:
                    5e:6f:6c:e7:02:fc:52:07:23:84:ae:e3:4d:d4:cf:
                    85:c4:cb:90:2c:9a:d8:7d:f4:f5:20:44:fe:8f:4f:
                    17:60:49:d9:5b:78:7c:bd:6c:46:b5:a6:3d:30:06:
                    02:26:d8:b3:ab:04:c0:f1:92:df:24:01:b0:f2:f4:
                    91:86:53:73:e0:f2:6d:2e:b2:2e:3f:69:b8:e0:23:
                    d2:8a:06:d3:ac:6f:c4:98:6c:de:04:a5:39:e4:1a:
                    1e:2f:a2:bc:c6:37:9a:26:0b:fa:36:89:5e:5e:33:
                    ba:7b:e0:b1:69:75:c7:71:16:37:1d:2c:de:cd:f2:
                    f4:25:d8:52:88:69:5b:c2:2e:5e:24:a0:ed:7a:23:
                    78:8b:0a:86:07:d9:a9:94:b5:28:b2:d9:77:f7:b2:
                    64:40:18:79:69:a1:6c:65:1e:39:92:c5:bf:99:4b:
                    16:93:4a:b0:81:3d:1a:55:6c:1c:aa:89:ef:96:26:
                    f7:5f:a1:36:ce:4d:f0:c3:7a:9a:03:6d:1d:f1:5d:
                    7e:c7:ca:8e:d1:89:25:d5:6b:66:9b:5c:5e:a0:e5:
                    4f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:CD:58:81:69:B2:D8:62:1D:F5:1A:D1:1C:3D:9E:0A:DE:6E:12:46
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/jM1YgWmy2GId9RrRHD2eCt5uEkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:c7c1::/45

    Signature Algorithm: sha256WithRSAEncryption
         02:c4:25:16:22:d4:8e:96:9a:cb:88:c9:65:6f:89:6b:6b:56:
         77:39:e4:7b:0d:34:06:8a:df:63:f6:40:fc:9c:6c:b9:d4:7d:
         58:74:79:68:e6:e4:d2:10:b8:4f:0e:68:ce:60:c8:da:d0:75:
         87:84:7f:ae:ad:95:dd:53:46:93:0b:be:52:29:2d:9e:3f:0b:
         40:f3:9a:ed:cc:78:bc:b3:7b:02:b7:3e:9d:7f:54:d5:75:86:
         82:b9:17:10:91:41:d7:03:d7:d5:27:30:5a:9c:c3:ab:40:34:
         d1:bf:a8:9f:7d:73:f4:0b:65:9c:8b:fa:68:1c:69:96:2d:d5:
         0f:c1:f4:1f:89:74:be:c4:33:25:ef:c5:b3:10:5f:ed:0b:c8:
         77:5e:c2:61:94:07:44:33:6b:43:2e:16:07:46:15:fd:bd:de:
         39:ad:97:8b:ec:71:ab:99:9a:75:3b:e2:a5:14:c4:75:d8:97:
         83:b7:f9:77:cb:84:e5:53:1f:c8:1b:b9:1f:1c:a7:c9:52:00:
         a5:e6:73:0f:2f:1f:c0:b6:19:5f:72:36:54:c1:39:f9:e8:42:
         b3:94:6f:8b:bf:b8:a2:d2:93:17:ee:95:60:93:c8:f5:4f:4d:
         f7:6c:4e:88:2b:f8:d1:ea:67:2a:89:dd:4c:a7:94:e5:28:de:
         51:6b:03:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR+oAg+8q9zPvAEfmwHoVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2NkNTg4MTY5YjJkODYyMWRmNTFhZDExYzNkOWUwYWRlNmUxMjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzr1ojD8shsi2ffKcqOg0LxerW1OI
8094CUOSv3livgIa3kQqcmqY/yqUKeheb2znAvxSByOEruNN1M+FxMuQLJrYffT1
IET+j08XYEnZW3h8vWxGtaY9MAYCJtizqwTA8ZLfJAGw8vSRhlNz4PJtLrIuP2m4
4CPSigbTrG/EmGzeBKU55BoeL6K8xjeaJgv6NoleXjO6e+CxaXXHcRY3HSzezfL0
JdhSiGlbwi5eJKDteiN4iwqGB9mplLUostl397JkQBh5aaFsZR45ksW/mUsWk0qw
gT0aVWwcqonvlib3X6E2zk3ww3qaA20d8V1+x8qO0Ykl1Wtmm1xeoOVPoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIzNWIFpsthiHfUa0Rw9ngrebhJGMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvak0xWWdXbXkyR0lkOVJyUkhEMmVDdDV1RWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg7HwQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQACxCUWItSOlprLiMllb4lra1Z3OeR7DTQGit9j
9kD8nGy51H1YdHlo5uTSELhPDmjOYMja0HWHhH+urZXdU0aTC75SKS2ePwtA85rt
zHi8s3sCtz6df1TVdYaCuRcQkUHXA9fVJzBanMOrQDTRv6iffXP0C2Wci/poHGmW
LdUPwfQfiXS+xDMl78WzEF/tC8h3XsJhlAdEM2tDLhYHRhX9vd45rZeL7HGrmZp1
O+KlFMR12JeDt/l3y4TlUx/IG7kfHKfJUgCl5nMPLx/AthlfcjZUwTn56EKzlG+L
v7ii0pMX7pVgk8j1T033bE6IK/jR6mcqid1Mp5TlKN5RawPE
-----END CERTIFICATE-----