Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/uxodH0SAIfY7QfL1CFY1zsVKTTU.roa
File:                     uxodH0SAIfY7QfL1CFY1zsVKTTU.roa (raw, json)
Hash identifier:          MFYf6i70IowcUu2vDq3Z87sRlyhGfcm0kqBV+8MGNH8=
Subject key identifier:   BB:1A:1D:1F:44:80:21:F6:3B:41:F2:F5:08:56:35:CE:C5:4A:4D:35
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       019420D640F44525C6B4EF6DA2EBF2B0E7C2
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/uxodH0SAIfY7QfL1CFY1zsVKTTU.roa
Signing time:             Wed 01 Jan 2025 07:48:19 +0000
ROA not before:           Wed 01 Jan 2025 07:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212845
IP address blocks:        2a07:22c1:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:40:f4:45:25:c6:b4:ef:6d:a2:eb:f2:b0:e7:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb1a1d1f448021f63b41f2f5085635cec54a4d35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2d:6c:34:fd:72:19:d1:43:ba:30:d2:33:8b:
                    15:19:48:cb:3e:86:d1:f3:4f:14:db:bf:a0:56:27:
                    62:c4:f0:65:77:a8:bc:f2:29:e4:4e:21:c1:18:84:
                    28:df:33:45:80:08:5c:81:a4:1a:7c:4b:76:85:8a:
                    5d:df:2c:2e:57:3c:88:11:79:b5:2d:a9:3b:da:76:
                    ec:b1:88:8d:19:98:fa:36:85:fd:7b:3f:f8:bb:9f:
                    8d:f9:34:84:e4:e8:36:e4:51:ca:8e:dc:97:c3:0c:
                    26:9d:03:a6:a6:81:6a:3e:c6:7b:58:f6:cf:32:59:
                    ec:e5:4f:21:c2:d9:61:1a:10:08:7b:9b:a0:7a:1a:
                    67:06:cd:29:42:91:08:f6:80:eb:df:bc:9e:6b:fc:
                    d6:0c:d3:ff:cd:26:79:4e:b6:ac:18:53:f9:37:ce:
                    ba:52:d6:13:6f:0c:04:75:53:8a:de:1e:43:dc:f9:
                    a6:34:b3:f1:4a:7c:c7:55:14:f1:a6:c5:d9:9d:bc:
                    b3:82:79:f9:f4:96:72:e3:95:63:71:a5:db:9a:26:
                    c6:03:69:ba:56:84:79:2e:3e:49:bd:44:ad:53:0b:
                    d9:07:f2:28:da:02:5d:57:b1:ae:2a:df:23:94:77:
                    e5:79:a6:44:9c:15:8e:0d:c1:9a:7e:09:fd:22:6b:
                    2b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:1A:1D:1F:44:80:21:F6:3B:41:F2:F5:08:56:35:CE:C5:4A:4D:35
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/uxodH0SAIfY7QfL1CFY1zsVKTTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:43:40:82:3b:2c:36:48:84:97:f1:df:16:a5:89:cc:11:37:
         a2:ab:ef:50:cc:df:fd:d0:e4:2b:34:07:3a:37:a6:d8:dd:3a:
         76:ce:0e:98:0d:90:54:da:62:0e:3e:b4:b8:56:ad:e1:b8:a7:
         48:be:02:3b:a9:79:a9:26:f9:9c:37:22:32:33:44:5e:5e:8e:
         e6:e3:ab:ea:50:4d:24:a2:c1:45:5a:1e:98:3f:bc:08:d9:21:
         b1:10:7f:76:cc:0e:60:21:e2:91:01:56:92:6a:7d:de:e3:90:
         87:28:92:c3:46:49:c6:c7:dc:60:e7:06:a2:08:76:90:f5:31:
         96:43:48:bd:20:f6:99:9b:49:f6:4e:ac:cd:97:49:c5:0c:6c:
         c9:0e:95:2b:3c:02:28:3f:b2:7b:40:d5:fa:b8:89:d8:bc:86:
         fe:eb:3b:c3:8b:4f:b7:05:c3:79:86:1d:e4:ac:da:07:cf:96:
         0c:5a:9f:2a:7b:b4:ee:4f:b5:e4:36:79:62:b8:a5:7e:8e:70:
         c5:99:b0:ee:42:63:a5:d5:c8:d1:1a:12:5a:a4:f8:f1:f4:49:
         e3:e4:e1:32:fa:ce:3c:fd:0b:83:a6:3d:ee:0e:f5:f6:56:20:
         91:b4:03:eb:91:d8:27:ef:4d:fd:c6:11:d6:3d:82:92:24:ae:
         35:1a:a7:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1kD0RSXGtO9touvysOfCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjUwMTAxMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjFhMWQxZjQ0ODAyMWY2M2I0MWYyZjUwODU2MzVjZWM1NGE0ZDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAty1sNP1yGdFDujDSM4sVGUjLPobR
808U27+gVidixPBld6i88inkTiHBGIQo3zNFgAhcgaQafEt2hYpd3ywuVzyIEXm1
Lak72nbssYiNGZj6NoX9ez/4u5+N+TSE5Og25FHKjtyXwwwmnQOmpoFqPsZ7WPbP
Mlns5U8hwtlhGhAIe5ugehpnBs0pQpEI9oDr37yea/zWDNP/zSZ5TrasGFP5N866
UtYTbwwEdVOK3h5D3PmmNLPxSnzHVRTxpsXZnbyzgnn59JZy45VjcaXbmibGA2m6
VoR5Lj5JvUStUwvZB/Io2gJdV7GuKt8jlHfleaZEnBWODcGafgn9ImsrjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLsaHR9EgCH2O0Hy9QhWNc7FSk01MB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvdXhvZEgwU0FJZlk3UWZMMUNGWTF6c1ZLVFRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgciwQAE
MA0GCSqGSIb3DQEBCwUAA4IBAQC0Q0CCOyw2SISX8d8WpYnMETeiq+9QzN/90OQr
NAc6N6bY3Tp2zg6YDZBU2mIOPrS4Vq3huKdIvgI7qXmpJvmcNyIyM0ReXo7m46vq
UE0kosFFWh6YP7wI2SGxEH92zA5gIeKRAVaSan3e45CHKJLDRknGx9xg5waiCHaQ
9TGWQ0i9IPaZm0n2TqzNl0nFDGzJDpUrPAIoP7J7QNX6uInYvIb+6zvDi0+3BcN5
hh3krNoHz5YMWp8qe7TuT7XkNnliuKV+jnDFmbDuQmOl1cjRGhJapPjx9Enj5OEy
+s48/QuDpj3uDvX2ViCRtAPrkdgn7039xhHWPYKSJK41Gqd8
-----END CERTIFICATE-----