Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/hXz87hx_B-hbL3xb1XWOpeq_ghU.roa
File:                     hXz87hx_B-hbL3xb1XWOpeq_ghU.roa (raw, json)
Hash identifier:          qgegZ0Q4MVtx4Pfhi+QnSP0PfWput13BxQSPM+9zyGM=
Subject key identifier:   85:7C:FC:EE:1C:7F:07:E8:5B:2F:7C:5B:D5:75:8E:A5:EA:BF:82:15
Certificate issuer:       /CN=c1bf8f3e609072889e74dd0fb4e27f9bac47b3b0
Certificate serial:       0194252179D501A6197EA19727CE1500B71F
Authority key identifier: C1:BF:8F:3E:60:90:72:88:9E:74:DD:0F:B4:E2:7F:9B:AC:47:B3:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/hXz87hx_B-hbL3xb1XWOpeq_ghU.roa
Signing time:             Thu 02 Jan 2025 03:48:57 +0000
ROA not before:           Thu 02 Jan 2025 03:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42655
IP address blocks:        2a03:1240:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:79:d5:01:a6:19:7e:a1:97:27:ce:15:00:b7:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1bf8f3e609072889e74dd0fb4e27f9bac47b3b0
        Validity
            Not Before: Jan  2 03:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=857cfcee1c7f07e85b2f7c5bd5758ea5eabf8215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4b:5a:36:7d:29:b5:e4:cc:21:c2:d1:f8:7b:
                    1b:87:26:e2:df:91:3d:25:e2:01:a3:58:7d:73:8b:
                    ef:4f:a7:e9:d3:d8:a4:d8:39:22:02:2e:7d:f5:c7:
                    1b:d5:ec:4b:1f:28:f0:11:03:ed:f1:7b:45:38:37:
                    7e:05:e6:38:8f:89:a5:e3:17:4b:8f:6a:39:06:dd:
                    54:e0:77:aa:e1:12:d0:cb:97:da:00:4e:eb:89:22:
                    4d:72:e3:82:e8:21:0c:55:77:24:a2:7e:79:ca:6f:
                    dd:a8:5d:59:12:80:dc:2d:ee:4c:11:d7:1c:a3:95:
                    b3:ec:5d:bc:7c:97:55:d5:f6:4e:b1:3a:f0:86:ca:
                    23:37:f6:96:05:12:64:73:db:07:83:0f:98:94:74:
                    1e:27:06:70:5e:79:64:6e:ff:04:69:dd:2a:e4:69:
                    18:48:ea:1a:f5:5e:97:8c:b8:b9:8e:9d:d7:f4:49:
                    f9:59:ec:0a:3c:95:17:58:18:16:3f:de:5f:cc:34:
                    ee:78:1a:72:b7:65:27:74:90:43:bd:de:7e:99:0c:
                    2e:78:39:27:fd:a6:74:eb:85:28:4b:82:c4:b2:96:
                    eb:23:7a:35:5e:f0:16:de:c3:59:a7:e4:30:df:9e:
                    13:00:6f:c2:87:52:3d:7a:f7:35:61:2d:98:06:76:
                    cf:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:7C:FC:EE:1C:7F:07:E8:5B:2F:7C:5B:D5:75:8E:A5:EA:BF:82:15
            X509v3 Authority Key Identifier:
                keyid:C1:BF:8F:3E:60:90:72:88:9E:74:DD:0F:B4:E2:7F:9B:AC:47:B3:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/hXz87hx_B-hbL3xb1XWOpeq_ghU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:1240:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:19:96:c7:41:fd:2b:d3:f6:9b:80:49:b8:85:e1:37:4f:61:
         83:fe:17:ea:d8:0e:0a:e9:32:41:15:9c:3c:20:88:9b:81:ff:
         2a:f0:40:6b:8f:2a:2e:d9:4b:f4:9f:ff:6b:22:76:db:10:8c:
         d7:55:2e:dc:15:87:e9:65:c8:2a:df:f5:38:0f:87:00:ec:f3:
         97:c9:12:80:13:72:10:32:3a:3c:f1:3f:12:54:cc:3e:b7:b9:
         09:2f:f8:0f:8f:42:c7:6e:34:79:32:8d:3d:2f:7b:59:e0:2e:
         4c:9a:1a:4c:77:a6:64:4c:24:5e:7f:e5:8a:21:8e:04:43:41:
         a9:dd:64:1f:32:8d:10:5b:88:c4:ce:22:13:fc:82:06:16:45:
         17:3e:fd:bf:d6:b2:55:1d:8d:04:a6:d4:ff:af:f6:f9:e6:36:
         68:27:1f:2f:63:d1:35:1e:a5:cb:69:f0:4f:a9:00:00:39:c9:
         b6:28:1e:07:74:73:35:25:c7:5c:0a:11:26:3a:68:1b:f4:c7:
         a3:4d:19:fe:13:c5:27:6a:d9:a4:af:cd:2f:9d:c5:04:12:ec:
         71:e1:a7:a8:a7:f8:30:c7:46:cc:ca:5e:b4:30:e2:30:ba:ff:
         33:91:47:36:c5:52:94:f1:5d:03:72:bf:e0:d8:7f:3f:1c:9b:
         2c:27:8d:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIXnVAaYZfqGXJ84VALcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYmY4ZjNlNjA5MDcyODg5ZTc0ZGQwZmI0ZTI3ZjliYWM0
N2IzYjAwHhcNMjUwMTAyMDM0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTdjZmNlZTFjN2YwN2U4NWIyZjdjNWJkNTc1OGVhNWVhYmY4MjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0taNn0pteTMIcLR+Hsbhybi35E9
JeIBo1h9c4vvT6fp09ik2DkiAi599ccb1exLHyjwEQPt8XtFODd+BeY4j4ml4xdL
j2o5Bt1U4Heq4RLQy5faAE7riSJNcuOC6CEMVXckon55ym/dqF1ZEoDcLe5MEdcc
o5Wz7F28fJdV1fZOsTrwhsojN/aWBRJkc9sHgw+YlHQeJwZwXnlkbv8Ead0q5GkY
SOoa9V6XjLi5jp3X9En5WewKPJUXWBgWP95fzDTueBpyt2UndJBDvd5+mQwueDkn
/aZ064UoS4LEspbrI3o1XvAW3sNZp+Qw354TAG/Ch1I9evc1YS2YBnbP4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIV8/O4cfwfoWy98W9V1jqXqv4IVMB8GA1UdIwQY
MBaAFMG/jz5gkHKInnTdD7Tif5usR7OwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2ItUFBtQ1Fjb2llZE4wUHRPSl9tNnhIczdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9hMWM2YzAtZTc1NC00NzllLTg1MWQt
MGQwZGEwZDEwNDMyLzEvaFh6ODdoeF9CLWhiTDN4YjFYV09wZXFfZ2hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9hMWM2YzAtZTc1NC00NzllLTg1MWQtMGQwZGEwZDEwNDMy
LzEvd2ItUFBtQ1Fjb2llZE4wUHRPSl9tNnhIczdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMSQAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAjGZbHQf0r0/abgEm4heE3T2GD/hfq2A4K6TJB
FZw8IIibgf8q8EBrjyou2Uv0n/9rInbbEIzXVS7cFYfpZcgq3/U4D4cA7POXyRKA
E3IQMjo88T8SVMw+t7kJL/gPj0LHbjR5Mo09L3tZ4C5MmhpMd6ZkTCRef+WKIY4E
Q0Gp3WQfMo0QW4jEziIT/IIGFkUXPv2/1rJVHY0EptT/r/b55jZoJx8vY9E1HqXL
afBPqQAAOcm2KB4HdHM1JcdcChEmOmgb9MejTRn+E8Unatmkr80vncUEEuxx4aeo
p/gwx0bMyl60MOIwuv8zkUc2xVKU8V0Dcr/g2H8/HJssJ41y
-----END CERTIFICATE-----