Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/dc5243-bba4-4acf-a218-2f30252eb442/1/mDUiFexcT2mv6c5O8qGbFAH9b3Y.roa
File:                     mDUiFexcT2mv6c5O8qGbFAH9b3Y.roa (raw, json)
Hash identifier:          pPWVkb6MaBCnVH/KCkJGhD1ngVL39J0MeLmVUJGfUTY=
Subject key identifier:   98:35:22:15:EC:5C:4F:69:AF:E9:CE:4E:F2:A1:9B:14:01:FD:6F:76
Certificate issuer:       /CN=46ccab7479a4e0d8a4177350a00a69bd883b048d
Certificate serial:       0194252216837D69E77078165B6ACE5A636E
Authority key identifier: 46:CC:AB:74:79:A4:E0:D8:A4:17:73:50:A0:0A:69:BD:88:3B:04:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RsyrdHmk4NikF3NQoAppvYg7BI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/dc5243-bba4-4acf-a218-2f30252eb442/1/mDUiFexcT2mv6c5O8qGbFAH9b3Y.roa
Signing time:             Thu 02 Jan 2025 03:49:38 +0000
ROA not before:           Thu 02 Jan 2025 03:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41960
IP address blocks:        2a00:d220::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/dc5243-bba4-4acf-a218-2f30252eb442/1/RsyrdHmk4NikF3NQoAppvYg7BI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/dc5243-bba4-4acf-a218-2f30252eb442/1/RsyrdHmk4NikF3NQoAppvYg7BI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RsyrdHmk4NikF3NQoAppvYg7BI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:16:83:7d:69:e7:70:78:16:5b:6a:ce:5a:63:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ccab7479a4e0d8a4177350a00a69bd883b048d
        Validity
            Not Before: Jan  2 03:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98352215ec5c4f69afe9ce4ef2a19b1401fd6f76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:67:6e:a4:2e:67:7f:c7:3b:a3:bb:8c:bb:b3:
                    f5:db:ce:6a:cd:9e:02:cb:43:d6:29:57:c4:95:a3:
                    32:8d:14:a1:66:0e:3d:82:17:81:6d:c7:34:ab:00:
                    9d:bf:9a:39:7e:12:44:bc:42:71:63:d6:a9:83:f6:
                    95:45:39:f4:fb:e4:f2:a6:3b:09:cc:d0:5f:8a:ff:
                    93:54:14:88:af:d5:9e:91:b7:a5:88:bb:96:7f:e2:
                    50:0b:63:0c:1f:6f:30:39:97:b8:a0:be:50:e2:ff:
                    53:3b:f8:90:e4:22:16:58:35:19:b3:85:3b:cd:90:
                    2f:25:8a:d5:ba:ca:32:6e:bb:6a:9e:7b:a8:e8:fe:
                    ac:99:2d:81:73:15:09:c6:c1:77:93:b8:7d:17:ec:
                    f6:8e:06:9c:b5:ae:80:51:9b:6b:67:38:4b:b0:b4:
                    f5:88:ad:ac:82:0d:82:da:e2:fe:df:a7:45:d2:29:
                    39:ec:e9:d8:c9:6f:15:a1:28:e0:99:de:a7:cf:ae:
                    c5:d5:98:60:ea:2a:b1:6e:51:fc:16:c6:2a:c1:fe:
                    18:d0:65:23:d1:5b:e0:44:04:03:21:b8:f2:3b:c3:
                    e6:2d:b0:0f:71:8d:3c:74:86:8b:3f:e9:f7:de:49:
                    48:f0:c0:06:28:e1:ec:8d:73:39:36:67:88:e9:1f:
                    9b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:35:22:15:EC:5C:4F:69:AF:E9:CE:4E:F2:A1:9B:14:01:FD:6F:76
            X509v3 Authority Key Identifier:
                keyid:46:CC:AB:74:79:A4:E0:D8:A4:17:73:50:A0:0A:69:BD:88:3B:04:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RsyrdHmk4NikF3NQoAppvYg7BI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dc5243-bba4-4acf-a218-2f30252eb442/1/mDUiFexcT2mv6c5O8qGbFAH9b3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dc5243-bba4-4acf-a218-2f30252eb442/1/RsyrdHmk4NikF3NQoAppvYg7BI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:d220::/36

    Signature Algorithm: sha256WithRSAEncryption
         38:8b:dc:ea:b6:49:b8:be:65:06:c4:19:76:01:51:01:eb:55:
         42:f8:c1:76:14:d3:ac:a1:1e:cf:d6:b6:e7:f9:a9:f1:cc:13:
         08:c0:3d:82:d1:64:8a:59:1f:ed:75:57:4c:cf:7e:53:aa:d5:
         0d:da:be:c2:53:3a:11:02:13:e5:45:bb:93:0e:63:7a:d0:12:
         26:59:81:97:4e:af:b4:d1:f6:56:05:3f:08:40:b0:fb:67:35:
         34:ab:93:71:ea:a1:32:40:72:66:82:82:a7:39:bf:26:3c:d4:
         7b:29:e7:ee:55:55:fe:2d:05:24:20:68:a1:24:d9:68:a8:46:
         b6:81:d0:ad:41:c3:6c:af:05:32:35:fa:66:ce:e1:50:96:2b:
         73:c4:78:98:06:54:98:f9:76:d9:a8:0f:8b:1d:04:58:96:ac:
         43:82:bc:31:c3:84:74:8f:d3:92:4b:07:0a:72:c2:42:58:3f:
         48:df:ad:16:e7:87:fc:ba:86:e0:c1:b9:bd:ba:0a:21:cb:88:
         a5:ad:09:0d:73:23:09:75:4f:fb:25:ff:73:bf:a4:2a:a5:88:
         2f:c6:a3:85:f4:ed:df:ba:97:78:b9:b9:ab:b9:11:fc:80:07:
         99:50:82:73:dd:f3:3c:30:91:18:1d:61:f9:4f:bf:a0:ed:b2:
         64:2a:23:32
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIhaDfWnncHgWW2rOWmNuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2Y2NhYjc0NzlhNGUwZDhhNDE3NzM1MGEwMGE2OWJkODgz
YjA0OGQwHhcNMjUwMTAyMDM0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODM1MjIxNWVjNWM0ZjY5YWZlOWNlNGVmMmExOWIxNDAxZmQ2Zjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGdupC5nf8c7o7uMu7P1285qzZ4C
y0PWKVfElaMyjRShZg49gheBbcc0qwCdv5o5fhJEvEJxY9apg/aVRTn0++TypjsJ
zNBfiv+TVBSIr9WekbeliLuWf+JQC2MMH28wOZe4oL5Q4v9TO/iQ5CIWWDUZs4U7
zZAvJYrVusoybrtqnnuo6P6smS2BcxUJxsF3k7h9F+z2jgacta6AUZtrZzhLsLT1
iK2sgg2C2uL+36dF0ik57OnYyW8VoSjgmd6nz67F1Zhg6iqxblH8FsYqwf4Y0GUj
0VvgRAQDIbjyO8PmLbAPcY08dIaLP+n33klI8MAGKOHsjXM5NmeI6R+bXQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJg1IhXsXE9pr+nOTvKhmxQB/W92MB8GA1UdIwQY
MBaAFEbMq3R5pODYpBdzUKAKab2IOwSNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnN5cmRIbWs0TmlrRjNOUW9BcHB2WWc3QkkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kYzUyNDMtYmJhNC00YWNmLWEyMTgt
MmYzMDI1MmViNDQyLzEvbURVaUZleGNUMm12NmM1TzhxR2JGQUg5YjNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kYzUyNDMtYmJhNC00YWNmLWEyMTgtMmYzMDI1MmViNDQy
LzEvUnN5cmRIbWs0TmlrRjNOUW9BcHB2WWc3QkkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgDSIAAw
DQYJKoZIhvcNAQELBQADggEBADiL3Oq2Sbi+ZQbEGXYBUQHrVUL4wXYU06yhHs/W
tuf5qfHMEwjAPYLRZIpZH+11V0zPflOq1Q3avsJTOhECE+VFu5MOY3rQEiZZgZdO
r7TR9lYFPwhAsPtnNTSrk3HqoTJAcmaCgqc5vyY81Hsp5+5VVf4tBSQgaKEk2Wio
RraB0K1Bw2yvBTI1+mbO4VCWK3PEeJgGVJj5dtmoD4sdBFiWrEOCvDHDhHSP05JL
BwpywkJYP0jfrRbnh/y6huDBub26CiHLiKWtCQ1zIwl1T/sl/3O/pCqliC/Go4X0
7d+6l3i5uau5EfyAB5lQgnPd8zwwkRgdYflPv6DtsmQqIzI=
-----END CERTIFICATE-----