Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/B8HrelUy9bYGyo-udBZpXQ76dPg.roa
File:                     B8HrelUy9bYGyo-udBZpXQ76dPg.roa (raw, json)
Hash identifier:          1JcwupsyhEziaGEtjnyo+5LdSyy6jIrto6vLWzkI9l8=
Subject key identifier:   07:C1:EB:7A:55:32:F5:B6:06:CA:8F:AE:74:16:69:5D:0E:FA:74:F8
Certificate issuer:       /CN=494d7873416510a2fb2346ef342280155522713b
Certificate serial:       0194221FE3C78184E93A1196C18A85CD9001
Authority key identifier: 49:4D:78:73:41:65:10:A2:FB:23:46:EF:34:22:80:15:55:22:71:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/B8HrelUy9bYGyo-udBZpXQ76dPg.roa
Signing time:             Wed 01 Jan 2025 13:48:22 +0000
ROA not before:           Wed 01 Jan 2025 13:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61272
IP address blocks:        2a02:e00:ffe7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e3:c7:81:84:e9:3a:11:96:c1:8a:85:cd:90:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=494d7873416510a2fb2346ef342280155522713b
        Validity
            Not Before: Jan  1 13:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07c1eb7a5532f5b606ca8fae7416695d0efa74f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:20:ce:58:6b:ab:17:b4:8d:95:c0:36:4b:f9:
                    8d:39:57:79:58:6a:70:25:f1:65:fb:cc:5e:60:fa:
                    06:69:59:ce:d2:ff:ef:80:30:85:59:cc:c1:40:f6:
                    ee:8d:b0:9e:c9:7a:6c:b8:77:68:9a:86:3f:56:27:
                    6d:16:bb:0f:fa:94:6a:bb:1e:ad:34:be:35:b3:4c:
                    87:16:3e:d4:f8:1f:ab:08:80:df:22:21:41:50:97:
                    39:d3:9c:0d:c3:27:13:28:97:a7:2b:f7:27:5c:5c:
                    cb:0c:d8:91:a1:22:11:66:f5:91:4f:e3:58:73:a1:
                    63:e1:46:dd:ee:fb:71:df:aa:ee:1e:44:6b:fe:73:
                    6c:4c:00:66:26:93:a1:c9:0e:c9:cf:50:25:ee:41:
                    4b:d7:0e:b1:e3:d0:e8:a5:88:c6:4a:32:d4:fd:a3:
                    64:77:36:8a:6f:53:5b:01:38:f5:1f:c1:54:ec:5b:
                    8f:cf:9d:52:ed:c1:34:49:c5:17:2b:06:5c:ed:49:
                    94:b5:28:92:8d:2e:57:cc:35:d2:b1:d3:8f:78:42:
                    23:18:78:22:b0:73:3f:20:7b:e5:00:38:e2:3a:8b:
                    2b:cc:97:1d:ce:6d:78:16:78:30:9c:97:b4:d6:cb:
                    4d:be:aa:34:a3:17:b1:4c:ac:d9:1e:bd:ce:56:48:
                    9c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:C1:EB:7A:55:32:F5:B6:06:CA:8F:AE:74:16:69:5D:0E:FA:74:F8
            X509v3 Authority Key Identifier:
                keyid:49:4D:78:73:41:65:10:A2:FB:23:46:EF:34:22:80:15:55:22:71:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/B8HrelUy9bYGyo-udBZpXQ76dPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e00:ffe7::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:a8:49:92:fa:46:3a:16:11:b7:a0:f9:2f:aa:4f:96:89:f4:
         f3:9a:fb:3b:50:8f:0e:75:65:eb:78:a6:50:9b:c3:8d:c5:a8:
         fc:b3:f5:ef:8c:33:2f:08:0d:d1:be:fc:e6:53:43:0b:98:dd:
         5f:d1:e5:29:6d:59:76:09:d2:fd:ca:da:c4:b0:2b:b3:87:cc:
         a6:cd:78:da:47:62:00:f2:e5:d2:cf:7f:55:4e:3f:c1:85:bd:
         2d:36:4e:b2:db:77:d1:83:51:5e:cf:b5:62:d9:df:86:2e:03:
         68:5c:7b:35:ac:84:d6:ee:3d:3e:d6:22:47:92:7f:27:49:d3:
         d1:c3:89:80:fe:ed:27:3a:81:c6:53:43:61:3a:28:a5:98:70:
         7e:b1:79:20:c9:f0:d6:f6:38:5d:ca:32:48:f0:bf:25:11:d3:
         7e:18:07:67:ea:87:76:75:09:bc:e6:75:03:7f:c3:da:bf:c8:
         e7:86:e1:30:7b:a3:34:2a:26:e4:35:0c:6b:1e:09:38:c2:f0:
         e9:8f:4e:d4:9f:b1:70:90:67:79:ff:ae:d4:88:e2:29:46:37:
         e8:f0:2b:4f:a0:01:da:cc:9d:45:bb:73:45:f7:e6:8b:75:68:
         13:cf:dc:15:9c:d3:86:c1:83:aa:e4:a9:a5:a4:4a:26:9c:47:
         77:09:d4:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH+PHgYTpOhGWwYqFzZABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NGQ3ODczNDE2NTEwYTJmYjIzNDZlZjM0MjI4MDE1NTUy
MjcxM2IwHhcNMjUwMTAxMTM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2MxZWI3YTU1MzJmNWI2MDZjYThmYWU3NDE2Njk1ZDBlZmE3NGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CDOWGurF7SNlcA2S/mNOVd5WGpw
JfFl+8xeYPoGaVnO0v/vgDCFWczBQPbujbCeyXpsuHdomoY/VidtFrsP+pRqux6t
NL41s0yHFj7U+B+rCIDfIiFBUJc505wNwycTKJenK/cnXFzLDNiRoSIRZvWRT+NY
c6Fj4Ubd7vtx36ruHkRr/nNsTABmJpOhyQ7Jz1Al7kFL1w6x49DopYjGSjLU/aNk
dzaKb1NbATj1H8FU7FuPz51S7cE0ScUXKwZc7UmUtSiSjS5XzDXSsdOPeEIjGHgi
sHM/IHvlADjiOosrzJcdzm14FngwnJe01stNvqo0oxexTKzZHr3OVkicnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAfB63pVMvW2BsqPrnQWaV0O+nT4MB8GA1UdIwQY
MBaAFElNeHNBZRCi+yNG7zQigBVVInE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1UxNGMwRmxFS0w3STBidk5DS0FGVlVpY1RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yOGY3YTYtZTFiYS00OTc4LTkxMjIt
ZTE4ZTdiMmFjNTM2LzEvQjhIcmVsVXk5YllHeW8tdWRCWnBYUTc2ZFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yOGY3YTYtZTFiYS00OTc4LTkxMjItZTE4ZTdiMmFjNTM2
LzEvU1UxNGMwRmxFS0w3STBidk5DS0FGVlVpY1RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIOAP/n
MA0GCSqGSIb3DQEBCwUAA4IBAQBeqEmS+kY6FhG3oPkvqk+WifTzmvs7UI8OdWXr
eKZQm8ONxaj8s/XvjDMvCA3RvvzmU0MLmN1f0eUpbVl2CdL9ytrEsCuzh8ymzXja
R2IA8uXSz39VTj/Bhb0tNk6y23fRg1Fez7Vi2d+GLgNoXHs1rITW7j0+1iJHkn8n
SdPRw4mA/u0nOoHGU0NhOiilmHB+sXkgyfDW9jhdyjJI8L8lEdN+GAdn6od2dQm8
5nUDf8Pav8jnhuEwe6M0KibkNQxrHgk4wvDpj07Un7FwkGd5/67UiOIpRjfo8CtP
oAHazJ1Fu3NF9+aLdWgTz9wVnNOGwYOq5KmlpEomnEd3CdRE
-----END CERTIFICATE-----