Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/KGg38ybeN3fvyEo89Wp9trP-DE4.roa
File:                     KGg38ybeN3fvyEo89Wp9trP-DE4.roa (raw, json)
Hash identifier:          o4s5h0G+Hrss7Tf1oF8r4jzhp+l0giYxBrA89MUtebs=
Subject key identifier:   28:68:37:F3:26:DE:37:77:EF:C8:4A:3C:F5:6A:7D:B6:B3:FE:0C:4E
Certificate issuer:       /CN=334b09743ed2afd6afb47c58360ee3112a95cd34
Certificate serial:       01941F8C5B1C04B90CC65506BD575482A798
Authority key identifier: 33:4B:09:74:3E:D2:AF:D6:AF:B4:7C:58:36:0E:E3:11:2A:95:CD:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M0sJdD7Sr9avtHxYNg7jESqVzTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/KGg38ybeN3fvyEo89Wp9trP-DE4.roa
Signing time:             Wed 01 Jan 2025 01:47:59 +0000
ROA not before:           Wed 01 Jan 2025 01:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397071
IP address blocks:        2a0c:5e00:7::/48 maxlen: 48
                          2a0c:5e00:7::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/M0sJdD7Sr9avtHxYNg7jESqVzTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/M0sJdD7Sr9avtHxYNg7jESqVzTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M0sJdD7Sr9avtHxYNg7jESqVzTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5b:1c:04:b9:0c:c6:55:06:bd:57:54:82:a7:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=334b09743ed2afd6afb47c58360ee3112a95cd34
        Validity
            Not Before: Jan  1 01:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=286837f326de3777efc84a3cf56a7db6b3fe0c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a1:54:49:bd:d7:62:49:13:5d:57:62:11:8d:
                    e0:04:70:c3:d4:6b:f9:16:d2:71:88:9e:b0:f5:02:
                    40:9e:f8:8e:d2:0f:f7:67:41:cf:12:5e:8b:b4:f1:
                    c7:72:96:97:e1:e5:63:12:d5:75:b7:e9:34:7c:9c:
                    a2:c3:70:17:1b:82:4d:21:24:a0:4f:12:8f:c8:1e:
                    f8:9d:ec:b7:23:44:96:0d:ec:a8:2d:45:38:4f:dd:
                    b4:df:53:75:e9:24:79:04:38:09:b1:79:8d:40:3f:
                    a7:15:01:1b:e7:ab:ae:30:4f:86:df:9e:3e:97:4e:
                    36:ef:9a:f3:b2:b0:27:ae:96:8d:1d:c4:90:2a:47:
                    0b:d7:66:f0:94:d3:ce:a2:98:67:09:08:9c:b3:28:
                    24:c5:b6:5f:d6:1a:a8:51:4c:40:9d:a6:19:d8:56:
                    f0:06:f1:49:8e:06:39:04:89:af:47:09:f3:fe:2c:
                    84:57:e3:b1:db:89:5c:0f:23:4b:92:ab:3b:fc:be:
                    b2:70:8d:9b:ea:0a:da:bd:2e:44:cc:55:d8:02:9f:
                    f2:f6:d2:a4:f8:56:08:b6:ae:6f:b4:c3:5d:1c:c0:
                    75:8d:cc:bf:2c:b6:50:45:1d:f2:7b:7e:06:28:a8:
                    33:95:9e:cc:2f:02:0f:b6:49:42:99:87:30:96:e2:
                    03:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:68:37:F3:26:DE:37:77:EF:C8:4A:3C:F5:6A:7D:B6:B3:FE:0C:4E
            X509v3 Authority Key Identifier:
                keyid:33:4B:09:74:3E:D2:AF:D6:AF:B4:7C:58:36:0E:E3:11:2A:95:CD:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M0sJdD7Sr9avtHxYNg7jESqVzTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/KGg38ybeN3fvyEo89Wp9trP-DE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/cd410f-9de4-4d82-8091-59e792fe14cc/1/M0sJdD7Sr9avtHxYNg7jESqVzTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:5e00:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:d8:3d:a3:56:1f:85:02:0b:7e:8c:c1:a7:82:50:a3:4f:d9:
         2b:a3:2d:a2:fc:19:85:50:fb:73:6d:9f:b8:e1:63:d5:2c:63:
         f1:d9:52:52:85:96:bc:f5:c9:ed:73:d8:06:87:3a:8d:81:7e:
         7a:34:11:d0:31:e4:72:9f:e4:b9:80:41:b8:6a:88:56:9e:d8:
         05:62:e6:52:78:41:7b:0d:6d:0e:f9:e0:f4:d5:69:79:02:59:
         17:9a:dd:e3:f5:fa:74:73:6b:46:6a:2a:85:00:23:6d:39:3e:
         4d:d6:64:0e:9c:40:77:ad:dd:b7:43:79:2b:2e:32:76:bd:fb:
         66:1d:6f:82:c5:b2:89:42:41:25:85:5b:cf:30:be:c1:60:e4:
         5e:d9:5c:47:8f:44:da:f1:b8:7b:95:ce:9f:f9:46:41:3c:87:
         83:46:a7:a4:71:4a:8d:58:9b:3c:7d:1e:5e:f1:a1:0a:b7:27:
         0c:b3:a3:48:da:c0:7b:39:9a:fa:3c:22:80:ae:81:7c:6b:af:
         d9:53:08:83:ea:52:cc:27:1c:68:08:34:f0:ae:6a:3a:eb:72:
         e0:05:1c:9f:be:64:27:eb:a7:31:36:b7:02:8d:46:6f:81:e0:
         bc:0b:96:35:fc:b9:f2:db:09:83:1a:54:d2:3f:42:3e:b5:a3:
         d1:ce:4a:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjFscBLkMxlUGvVdUgqeYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNGIwOTc0M2VkMmFmZDZhZmI0N2M1ODM2MGVlMzExMmE5
NWNkMzQwHhcNMjUwMTAxMDE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODY4MzdmMzI2ZGUzNzc3ZWZjODRhM2NmNTZhN2RiNmIzZmUwYzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqFUSb3XYkkTXVdiEY3gBHDD1Gv5
FtJxiJ6w9QJAnviO0g/3Z0HPEl6LtPHHcpaX4eVjEtV1t+k0fJyiw3AXG4JNISSg
TxKPyB74ney3I0SWDeyoLUU4T92031N16SR5BDgJsXmNQD+nFQEb56uuME+G354+
l04275rzsrAnrpaNHcSQKkcL12bwlNPOophnCQicsygkxbZf1hqoUUxAnaYZ2Fbw
BvFJjgY5BImvRwnz/iyEV+Ox24lcDyNLkqs7/L6ycI2b6gravS5EzFXYAp/y9tKk
+FYItq5vtMNdHMB1jcy/LLZQRR3ye34GKKgzlZ7MLwIPtklCmYcwluIDfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFChoN/Mm3jd378hKPPVqfbaz/gxOMB8GA1UdIwQY
MBaAFDNLCXQ+0q/Wr7R8WDYO4xEqlc00MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTBzSmREN1NyOWF2dEh4WU5nN2pFU3FWelRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9jZDQxMGYtOWRlNC00ZDgyLTgwOTEt
NTllNzkyZmUxNGNjLzEvS0dnMzh5YmVOM2Z2eUVvODlXcDl0clAtREU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9jZDQxMGYtOWRlNC00ZDgyLTgwOTEtNTllNzkyZmUxNGNj
LzEvTTBzSmREN1NyOWF2dEh4WU5nN2pFU3FWelRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgxeAAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQA12D2jVh+FAgt+jMGnglCjT9kroy2i/BmFUPtz
bZ+44WPVLGPx2VJShZa89cntc9gGhzqNgX56NBHQMeRyn+S5gEG4aohWntgFYuZS
eEF7DW0O+eD01Wl5AlkXmt3j9fp0c2tGaiqFACNtOT5N1mQOnEB3rd23Q3krLjJ2
vftmHW+CxbKJQkElhVvPML7BYORe2VxHj0Ta8bh7lc6f+UZBPIeDRqekcUqNWJs8
fR5e8aEKtycMs6NI2sB7OZr6PCKAroF8a6/ZUwiD6lLMJxxoCDTwrmo663LgBRyf
vmQn66cxNrcCjUZvgeC8C5Y1/Lny2wmDGlTSP0I+taPRzkrP
-----END CERTIFICATE-----