Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/DFgAMB_c4WeZyOx-eglKZBMeXuM.roa
File:                     DFgAMB_c4WeZyOx-eglKZBMeXuM.roa (raw, json)
Hash identifier:          X7EnRSIwEjRtkMbUxZKI4C9GzuFGjpE6JJQKft4XunM=
Subject key identifier:   0C:58:00:30:1F:DC:E1:67:99:C8:EC:7E:7A:09:4A:64:13:1E:5E:E3
Certificate issuer:       /CN=505127723ea0cfd0724713b291734caa353e20ea
Certificate serial:       019423D715B70801B4C4504696D0B1DC601A
Authority key identifier: 50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/DFgAMB_c4WeZyOx-eglKZBMeXuM.roa
Signing time:             Wed 01 Jan 2025 21:48:05 +0000
ROA not before:           Wed 01 Jan 2025 21:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        2a07:a900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:15:b7:08:01:b4:c4:50:46:96:d0:b1:dc:60:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505127723ea0cfd0724713b291734caa353e20ea
        Validity
            Not Before: Jan  1 21:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c5800301fdce16799c8ec7e7a094a64131e5ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:5f:c5:23:3a:3a:fd:aa:72:a8:96:53:10:ed:
                    ec:9a:1a:86:76:40:fd:c1:ef:2f:23:42:a8:f5:dd:
                    0c:80:76:db:fd:f6:8e:29:f2:b2:38:85:df:6b:e9:
                    07:bb:64:53:4f:3e:7c:23:07:be:90:14:03:9e:ac:
                    6a:43:6a:80:02:8e:88:32:1d:10:fd:f0:14:97:50:
                    05:c9:82:a5:09:ec:3d:ec:33:dc:43:60:fc:b1:32:
                    3a:31:e0:e6:cb:5f:e6:1b:5e:52:9f:a8:d2:c6:a6:
                    04:1d:b4:04:5f:6f:12:10:fd:34:d2:50:ab:e3:1a:
                    55:63:81:00:ab:f0:17:85:75:2a:07:84:8c:4f:db:
                    76:df:4d:bd:ee:91:01:81:77:b6:fe:88:cf:3d:49:
                    9a:50:dc:f6:fb:36:9c:b8:f3:a2:51:ed:e7:3a:e5:
                    f4:7a:f4:68:43:30:3e:ef:7e:bc:1e:76:b5:85:82:
                    93:19:e4:a4:f1:61:2b:e5:8a:75:bf:0c:35:c9:cb:
                    5d:d9:50:e3:d9:75:59:03:a3:d4:ff:82:fd:b3:cc:
                    d4:6a:f9:2e:0e:9a:87:80:6b:f0:4d:f8:95:c6:64:
                    e4:f4:75:8c:29:11:c4:6c:7c:9e:31:3c:b5:2e:7a:
                    a2:1d:24:f8:e2:54:b0:39:bc:d8:81:4a:3d:f2:ab:
                    63:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:58:00:30:1F:DC:E1:67:99:C8:EC:7E:7A:09:4A:64:13:1E:5E:E3
            X509v3 Authority Key Identifier:
                keyid:50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/DFgAMB_c4WeZyOx-eglKZBMeXuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:a900::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:14:ec:22:4c:40:d0:29:f7:08:9b:7e:8e:64:a0:43:ca:74:
         a9:80:cd:59:55:d5:8a:13:57:55:ff:8c:6b:bb:81:ce:d8:29:
         d4:0e:e1:b2:7b:99:d7:a9:2e:8d:e1:41:ab:c4:6c:b4:7b:19:
         19:89:36:00:28:39:5b:6a:63:5b:e5:5d:23:f9:b0:9f:8f:e8:
         2c:82:b6:fe:61:d8:b5:8d:fe:17:c6:39:b6:de:a2:07:37:c4:
         21:b7:7f:a2:ba:71:77:0e:62:c4:46:4c:d8:0d:bd:e7:64:55:
         58:20:e0:dd:dc:a7:af:06:62:c1:35:be:25:81:ba:16:4e:65:
         72:85:9e:5c:ea:fc:62:a8:06:43:14:64:41:4b:f0:7d:8e:06:
         b1:3c:c5:97:59:2b:cf:a1:88:93:a1:6f:a1:f5:c4:52:89:10:
         7f:d6:6c:c1:3b:50:bf:5d:99:13:1d:8a:e5:2f:e3:a7:5b:90:
         45:08:3d:b7:cb:28:f5:4d:76:15:bf:f9:67:2a:43:85:47:59:
         c3:ee:19:ff:64:f2:c0:22:83:67:f6:3e:5a:a5:52:87:88:51:
         a1:49:29:67:43:8f:01:6a:49:93:5b:67:fb:e4:47:a1:c1:03:
         ae:78:ee:07:f2:4c:f3:20:69:d8:02:03:2d:04:af:5a:1e:06:
         24:14:e5:33
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQj1xW3CAG0xFBGltCx3GAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTEyNzcyM2VhMGNmZDA3MjQ3MTNiMjkxNzM0Y2FhMzUz
ZTIwZWEwHhcNMjUwMTAxMjE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzU4MDAzMDFmZGNlMTY3OTljOGVjN2U3YTA5NGE2NDEzMWU1ZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1l/FIzo6/apyqJZTEO3smhqGdkD9
we8vI0Ko9d0MgHbb/faOKfKyOIXfa+kHu2RTTz58Iwe+kBQDnqxqQ2qAAo6IMh0Q
/fAUl1AFyYKlCew97DPcQ2D8sTI6MeDmy1/mG15Sn6jSxqYEHbQEX28SEP000lCr
4xpVY4EAq/AXhXUqB4SMT9t230297pEBgXe2/ojPPUmaUNz2+zacuPOiUe3nOuX0
evRoQzA+7368Hna1hYKTGeSk8WEr5Yp1vww1yctd2VDj2XVZA6PU/4L9s8zUavku
DpqHgGvwTfiVxmTk9HWMKRHEbHyeMTy1LnqiHST44lSwObzYgUo98qtjZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAxYADAf3OFnmcjsfnoJSmQTHl7jMB8GA1UdIwQY
MBaAFFBRJ3I+oM/QckcTspFzTKo1PiDqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZFbmNqNmd6OUJ5UnhPeWtYTk1xalUtSU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hOTA0MjMtMGI0Yi00OTlmLWJlNjYt
NTU2MDhiNjk0NDU2LzEvREZnQU1CX2M0V2VaeU94LWVnbEtaQk1lWHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hOTA0MjMtMGI0Yi00OTlmLWJlNjYtNTU2MDhiNjk0NDU2
LzEvVUZFbmNqNmd6OUJ5UnhPeWtYTk1xalUtSU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgepADAN
BgkqhkiG9w0BAQsFAAOCAQEApRTsIkxA0Cn3CJt+jmSgQ8p0qYDNWVXVihNXVf+M
a7uBztgp1A7hsnuZ16kujeFBq8RstHsZGYk2ACg5W2pjW+VdI/mwn4/oLIK2/mHY
tY3+F8Y5tt6iBzfEIbd/orpxdw5ixEZM2A2952RVWCDg3dynrwZiwTW+JYG6Fk5l
coWeXOr8YqgGQxRkQUvwfY4GsTzFl1krz6GIk6FvofXEUokQf9ZswTtQv12ZEx2K
5S/jp1uQRQg9t8so9U12Fb/5ZypDhUdZw+4Z/2TywCKDZ/Y+WqVSh4hRoUkpZ0OP
AWpJk1tn++RHocEDrnjuB/JM8yBp2AIDLQSvWh4GJBTlMw==
-----END CERTIFICATE-----