Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/tyjsD0ArP3_iaj_NTw1cgoyTeVw.roa
File:                     tyjsD0ArP3_iaj_NTw1cgoyTeVw.roa (raw, json)
Hash identifier:          LDwCP/FcdfJ9ijMv6LKxFxZgwe8IUQ9nKMrte+ZPrMk=
Subject key identifier:   B7:28:EC:0F:40:2B:3F:7F:E2:6A:3F:CD:4F:0D:5C:82:8C:93:79:5C
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747E2C0CB523417A38FDD2F25E80C8A
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/tyjsD0ArP3_iaj_NTw1cgoyTeVw.roa
Signing time:             Thu 02 Jan 2025 13:50:09 +0000
ROA not before:           Thu 02 Jan 2025 13:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207892
IP address blocks:        2a0b:b87:ffdb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e2:c0:cb:52:34:17:a3:8f:dd:2f:25:e8:0c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b728ec0f402b3f7fe26a3fcd4f0d5c828c93795c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:38:e2:b3:69:bf:08:bb:a7:bf:e5:e0:d9:f9:
                    da:7f:ed:d4:f9:77:ad:9a:9d:c6:5d:c8:0c:1d:a8:
                    38:ff:00:f2:79:06:5d:27:dd:d0:20:ab:fe:ec:b5:
                    29:73:aa:f9:ad:95:69:ea:6e:60:1d:bc:bd:7b:8e:
                    f9:ca:7f:fd:7d:fb:e8:91:1c:aa:f2:18:6a:8c:ad:
                    2f:57:08:a7:72:b7:9c:68:ec:08:40:b0:2d:42:03:
                    a3:90:ff:22:a9:72:d7:3f:e5:69:c5:35:bc:76:b2:
                    2f:f5:b3:7b:6d:0b:4b:87:e5:a5:bb:54:76:96:90:
                    01:d7:36:ec:dd:ec:94:c7:7f:a3:e1:cf:da:6f:10:
                    bb:fd:af:17:ec:32:95:42:e0:2a:51:a7:e3:de:af:
                    91:48:11:b0:db:b0:89:f1:03:ac:9b:88:88:64:60:
                    d9:72:47:3b:75:c3:1b:cc:26:a5:93:7d:75:b0:e0:
                    c8:8d:04:ec:48:90:68:34:60:76:ee:39:32:e3:4b:
                    1c:98:f0:8e:16:12:1a:a7:a8:bd:90:53:3e:f7:52:
                    b3:ec:7c:27:d5:f6:07:0b:f3:6e:fc:14:31:00:b4:
                    40:91:67:c0:90:94:88:15:bd:c8:20:6b:82:c0:45:
                    7f:66:ab:55:a1:7f:29:02:6b:e9:10:25:08:88:e5:
                    2c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:28:EC:0F:40:2B:3F:7F:E2:6A:3F:CD:4F:0D:5C:82:8C:93:79:5C
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/tyjsD0ArP3_iaj_NTw1cgoyTeVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffdb::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:54:20:46:4c:50:0f:be:00:19:00:ce:32:dc:99:e9:39:eb:
         7e:26:16:ae:b0:f9:94:c1:29:4d:56:0a:db:2c:05:cd:e6:10:
         2d:64:39:d4:e3:7c:18:23:c6:c2:0f:58:0a:7e:be:ec:72:87:
         a5:09:70:eb:2a:4f:5b:32:58:22:6e:ee:f8:be:86:dc:17:e7:
         9e:49:a3:a8:b7:4f:c8:dd:db:d4:9a:7f:f0:0e:b1:17:68:68:
         97:ca:b5:50:bb:86:46:1e:6c:49:96:60:43:f1:15:fd:90:aa:
         e2:99:20:a5:8a:8b:0b:ba:a0:51:57:c3:d5:d2:df:e4:a0:bd:
         3a:a3:2b:97:89:27:82:41:ff:65:9d:af:51:96:90:f8:6f:50:
         75:53:9a:40:e2:b8:ef:e4:73:15:3b:5d:0a:9d:ae:de:48:3e:
         fd:f6:96:2e:99:7f:56:ee:1e:e3:c7:89:17:3a:7f:89:39:79:
         26:6b:38:93:2b:8d:66:7d:08:e4:21:0a:7c:ea:3b:13:21:73:
         fa:b9:f8:ed:8f:53:23:43:31:31:b5:c0:e5:10:4c:d2:2d:31:
         c6:95:be:5e:f6:41:10:cd:66:05:3d:2b:66:9c:f8:47:7c:56:
         79:9f:0e:46:87:56:39:f2:f8:09:fa:38:2e:c4:9f:a5:2c:16:
         93:77:c5:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR+LAy1I0F6OP3S8l6AyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzI4ZWMwZjQwMmIzZjdmZTI2YTNmY2Q0ZjBkNWM4MjhjOTM3OTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Djis2m/CLunv+Xg2fnaf+3U+Xet
mp3GXcgMHag4/wDyeQZdJ93QIKv+7LUpc6r5rZVp6m5gHby9e475yn/9ffvokRyq
8hhqjK0vVwincrecaOwIQLAtQgOjkP8iqXLXP+VpxTW8drIv9bN7bQtLh+Wlu1R2
lpAB1zbs3eyUx3+j4c/abxC7/a8X7DKVQuAqUafj3q+RSBGw27CJ8QOsm4iIZGDZ
ckc7dcMbzCalk311sODIjQTsSJBoNGB27jky40scmPCOFhIap6i9kFM+91Kz7Hwn
1fYHC/Nu/BQxALRAkWfAkJSIFb3IIGuCwEV/ZqtVoX8pAmvpECUIiOUsywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLco7A9AKz9/4mo/zU8NXIKMk3lcMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvdHlqc0QwQXJQM19pYWpfTlR3MWNnb3lUZVZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh//b
MA0GCSqGSIb3DQEBCwUAA4IBAQBDVCBGTFAPvgAZAM4y3JnpOet+JhausPmUwSlN
VgrbLAXN5hAtZDnU43wYI8bCD1gKfr7scoelCXDrKk9bMlgibu74vobcF+eeSaOo
t0/I3dvUmn/wDrEXaGiXyrVQu4ZGHmxJlmBD8RX9kKrimSCliosLuqBRV8PV0t/k
oL06oyuXiSeCQf9lna9RlpD4b1B1U5pA4rjv5HMVO10Kna7eSD799pYumX9W7h7j
x4kXOn+JOXkmaziTK41mfQjkIQp86jsTIXP6ufjtj1MjQzExtcDlEEzSLTHGlb5e
9kEQzWYFPStmnPhHfFZ5nw5Gh1Y58vgJ+jguxJ+lLBaTd8U2
-----END CERTIFICATE-----