Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nHDs3RKK5JmocntHFXl3WdaaBCQ.roa
File:                     nHDs3RKK5JmocntHFXl3WdaaBCQ.roa (raw, json)
Hash identifier:          L+QGIxxgLBMXvtVUteJ98szeEsM45qlCm09usGQrVkI=
Subject key identifier:   9C:70:EC:DD:12:8A:E4:99:A8:72:7B:47:15:79:77:59:D6:9A:04:24
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747D19CAA34CEEC6E14973AD257C287
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nHDs3RKK5JmocntHFXl3WdaaBCQ.roa
Signing time:             Thu 02 Jan 2025 13:50:05 +0000
ROA not before:           Thu 02 Jan 2025 13:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        2a0b:7080:20::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d1:9c:aa:34:ce:ec:6e:14:97:3a:d2:57:c2:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c70ecdd128ae499a8727b4715797759d69a0424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:17:fb:4a:bd:52:a1:50:43:3e:7a:f7:29:ea:
                    a4:31:b3:00:d7:36:49:19:41:e5:38:4b:d3:0b:49:
                    f6:43:2d:dd:72:b0:31:05:37:f7:59:39:97:a4:a8:
                    b9:b6:7a:70:22:27:3d:22:38:d6:ff:c8:f4:17:82:
                    3e:1e:95:cf:30:5c:12:6a:c0:1c:86:2c:68:63:3a:
                    0b:d4:6e:69:06:e1:8a:21:e9:79:ac:d9:6a:b0:4a:
                    d8:0d:bd:53:67:8a:fe:52:4d:93:b5:ce:3b:46:a9:
                    24:01:2a:f2:81:a1:14:2c:f6:e8:9b:7d:9b:ca:2b:
                    6e:21:28:51:83:36:7e:1f:ce:49:3d:c1:84:96:9a:
                    3d:29:61:85:fe:bb:8a:d9:f0:f8:1c:07:30:8c:f3:
                    70:70:97:2d:33:91:31:a5:21:9e:75:1d:c4:c8:10:
                    49:4e:f4:26:a7:29:f6:ae:b7:ac:9c:2a:30:7e:45:
                    ec:15:c5:78:c4:e3:ee:f0:75:91:77:33:18:90:97:
                    42:ab:89:35:b9:a6:6a:86:62:c1:ab:1d:59:55:60:
                    52:47:77:ba:3b:a0:97:57:15:49:80:8a:f1:37:4e:
                    4e:9a:a8:b5:ad:f1:25:0e:d6:ee:45:08:b1:d2:a9:
                    e1:83:f6:a5:96:e2:c0:bf:14:d7:a8:e9:1c:c8:7a:
                    90:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:70:EC:DD:12:8A:E4:99:A8:72:7B:47:15:79:77:59:D6:9A:04:24
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nHDs3RKK5JmocntHFXl3WdaaBCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7080:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         93:f7:ab:0b:67:61:2a:0c:a7:1d:ca:db:3e:a2:02:86:aa:11:
         52:50:d8:8c:05:c8:61:f3:42:cc:45:b5:bd:74:69:97:7e:a3:
         39:a8:c0:54:9f:76:e8:21:83:62:30:22:ea:5b:69:82:c6:f4:
         19:96:2e:cb:9a:14:f2:f5:90:cb:ca:ad:32:29:fb:17:0c:1b:
         c4:60:94:3f:2d:d1:00:0c:66:e5:36:2a:79:b0:63:2a:a5:6c:
         60:e4:a7:96:e8:84:26:75:9e:68:76:42:74:4c:02:08:b6:7e:
         cb:48:37:89:88:cd:1c:b0:b1:2a:4f:bb:ef:f4:d3:96:47:5f:
         1b:5b:5d:54:cf:f4:c5:50:eb:f0:9f:b4:b4:ed:85:24:aa:4a:
         45:7f:12:14:ec:72:7f:a9:e7:cd:d7:d4:d7:84:b3:de:b3:c8:
         00:03:a4:79:73:8f:70:3f:61:00:04:45:00:cd:06:54:e4:26:
         3a:c0:14:23:7a:27:43:bc:e9:d3:3b:7a:43:c7:76:9d:1b:ec:
         a8:81:56:0c:5d:7f:cc:cb:7a:a5:eb:a6:2e:e2:a6:69:8d:57:
         0c:a8:91:4e:63:12:0e:72:ba:14:bc:71:28:9b:5f:5b:5f:ab:
         8c:fa:6e:fe:e5:54:8d:17:87:20:18:57:c0:31:de:9b:bf:79:
         41:3e:28:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR9GcqjTO7G4UlzrSV8KHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzcwZWNkZDEyOGFlNDk5YTg3MjdiNDcxNTc5Nzc1OWQ2OWEwNDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhf7Sr1SoVBDPnr3KeqkMbMA1zZJ
GUHlOEvTC0n2Qy3dcrAxBTf3WTmXpKi5tnpwIic9IjjW/8j0F4I+HpXPMFwSasAc
hixoYzoL1G5pBuGKIel5rNlqsErYDb1TZ4r+Uk2Ttc47RqkkASrygaEULPbom32b
yituIShRgzZ+H85JPcGElpo9KWGF/ruK2fD4HAcwjPNwcJctM5ExpSGedR3EyBBJ
TvQmpyn2rresnCowfkXsFcV4xOPu8HWRdzMYkJdCq4k1uaZqhmLBqx1ZVWBSR3e6
O6CXVxVJgIrxN05Omqi1rfElDtbuRQix0qnhg/alluLAvxTXqOkcyHqQRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJxw7N0SiuSZqHJ7RxV5d1nWmgQkMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbkhEczNSS0s1Sm1vY250SEZYbDNXZGFhQkNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgtwgAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQCT96sLZ2EqDKcdyts+ogKGqhFSUNiMBchh80LM
RbW9dGmXfqM5qMBUn3boIYNiMCLqW2mCxvQZli7LmhTy9ZDLyq0yKfsXDBvEYJQ/
LdEADGblNip5sGMqpWxg5KeW6IQmdZ5odkJ0TAIItn7LSDeJiM0csLEqT7vv9NOW
R18bW11Uz/TFUOvwn7S07YUkqkpFfxIU7HJ/qefN19TXhLPes8gAA6R5c49wP2EA
BEUAzQZU5CY6wBQjeidDvOnTO3pDx3adG+yogVYMXX/My3ql66Yu4qZpjVcMqJFO
YxIOcroUvHEom19bX6uM+m7+5VSNF4cgGFfAMd6bv3lBPiil
-----END CERTIFICATE-----