Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/G7_pBwgIb18W0bzx0vE-1R_iK4c.roa
File:                     G7_pBwgIb18W0bzx0vE-1R_iK4c.roa (raw, json)
Hash identifier:          /gR04o7RTMGFCWJfgbmLvJDeNPnpOC+Ybn3q4mrVCbg=
Subject key identifier:   1B:BF:E9:07:08:08:6F:5F:16:D1:BC:F1:D2:F1:3E:D5:1F:E2:2B:87
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       01942747BE42EEFA3B3BB0D8EB95FDB9D0CE
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/G7_pBwgIb18W0bzx0vE-1R_iK4c.roa
Signing time:             Thu 02 Jan 2025 13:50:00 +0000
ROA not before:           Thu 02 Jan 2025 13:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49581
IP address blocks:        2a05:b0c7:1200::/39 maxlen: 39
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:be:42:ee:fa:3b:3b:b0:d8:eb:95:fd:b9:d0:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  2 13:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bbfe90708086f5f16d1bcf1d2f13ed51fe22b87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:15:40:f5:72:45:78:01:77:4a:31:0c:1f:b8:
                    bb:fe:b5:c7:1d:0f:2a:04:71:c3:1d:01:ff:a9:d5:
                    35:83:09:bd:c7:0e:2f:fa:a5:4b:9a:22:46:31:c9:
                    2f:3c:ca:d3:b9:25:29:de:40:4c:af:2e:70:d3:bc:
                    15:35:a2:e2:ab:b9:fb:d5:3e:91:b7:b9:06:f7:58:
                    8a:24:35:ab:b8:36:d2:48:ae:7c:0a:02:4b:dc:ba:
                    cb:1f:b5:d3:06:fb:22:52:5d:e6:3a:0b:97:ca:bc:
                    76:f2:93:b0:d1:18:68:d6:e2:1e:aa:f6:53:77:6f:
                    ef:54:04:7a:fd:22:ad:53:8a:27:9d:7d:4a:84:dd:
                    0f:ad:39:19:e2:ac:aa:c9:05:c1:06:1e:e7:d6:a5:
                    e2:a0:b1:09:b0:84:81:a6:00:66:31:b4:cd:c2:84:
                    a0:5f:ea:af:07:17:25:35:41:bb:b5:d9:89:d9:a5:
                    27:92:74:5f:e3:0c:2f:f9:ec:be:2d:6c:4b:93:87:
                    54:b0:01:26:bf:01:ed:0e:cb:46:6f:c1:83:f4:4d:
                    67:2b:2f:5c:63:ba:78:04:65:63:04:31:f8:1e:99:
                    4b:b1:69:8b:89:4f:4b:97:84:4d:ec:71:72:d3:f9:
                    8a:c2:3d:62:05:c0:2a:8d:8a:2b:dd:2c:ba:15:04:
                    aa:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:BF:E9:07:08:08:6F:5F:16:D1:BC:F1:D2:F1:3E:D5:1F:E2:2B:87
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/G7_pBwgIb18W0bzx0vE-1R_iK4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c7:1200::/39

    Signature Algorithm: sha256WithRSAEncryption
         95:59:fa:fd:7d:1a:32:79:8a:34:19:8f:32:f2:db:24:59:6e:
         96:da:79:65:ee:3c:c3:7e:19:ca:54:c3:6b:4d:59:23:55:10:
         7b:e7:de:4d:99:9d:01:fb:e3:57:43:b7:5e:1f:e4:0f:23:98:
         55:73:71:60:ce:bb:d0:b2:65:60:02:72:fe:68:a1:e7:7a:e7:
         7b:2a:95:57:13:26:4c:61:c8:6f:40:17:f3:f4:29:00:6d:5d:
         22:13:df:1f:6c:a1:b3:c7:02:a5:d2:5c:3d:fc:d2:ff:da:23:
         cb:e2:0c:ed:c0:e4:e6:fd:c2:f6:ec:99:5b:c3:80:8f:0c:37:
         6d:11:00:94:07:69:04:6e:35:f3:00:f3:8a:bb:96:3d:13:13:
         fc:5f:06:1f:92:cb:a3:58:ef:c8:58:bf:ba:dd:4a:bb:ba:77:
         cd:f1:50:ae:0f:63:43:4e:86:32:c6:00:42:3e:f8:7c:db:85:
         4d:ae:30:13:84:98:9b:32:86:e6:8b:bd:3d:d0:e9:1b:bb:ed:
         a0:2e:d4:3f:32:54:a3:be:4f:33:18:54:59:a5:46:ff:b7:69:
         39:fe:c2:df:9d:4d:c6:ff:2b:64:d6:12:69:b8:fb:2c:58:1c:
         e3:f4:d2:89:a5:f5:89:5e:6a:75:27:26:f4:84:c4:bd:c9:9f:
         30:e4:38:dd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnR75C7vo7O7DY65X9udDOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjUwMTAyMTM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmJmZTkwNzA4MDg2ZjVmMTZkMWJjZjFkMmYxM2VkNTFmZTIyYjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBVA9XJFeAF3SjEMH7i7/rXHHQ8q
BHHDHQH/qdU1gwm9xw4v+qVLmiJGMckvPMrTuSUp3kBMry5w07wVNaLiq7n71T6R
t7kG91iKJDWruDbSSK58CgJL3LrLH7XTBvsiUl3mOguXyrx28pOw0Rho1uIeqvZT
d2/vVAR6/SKtU4onnX1KhN0PrTkZ4qyqyQXBBh7n1qXioLEJsISBpgBmMbTNwoSg
X+qvBxclNUG7tdmJ2aUnknRf4wwv+ey+LWxLk4dUsAEmvwHtDstGb8GD9E1nKy9c
Y7p4BGVjBDH4HplLsWmLiU9Ll4RN7HFy0/mKwj1iBcAqjYor3Sy6FQSqMwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBu/6QcICG9fFtG88dLxPtUf4iuHMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvRzdfcEJ3Z0liMThXMGJ6eDB2RS0xUl9pSzRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKgWwxxIw
DQYJKoZIhvcNAQELBQADggEBAJVZ+v19GjJ5ijQZjzLy2yRZbpbaeWXuPMN+GcpU
w2tNWSNVEHvn3k2ZnQH741dDt14f5A8jmFVzcWDOu9CyZWACcv5ooed653sqlVcT
JkxhyG9AF/P0KQBtXSIT3x9sobPHAqXSXD380v/aI8viDO3A5Ob9wvbsmVvDgI8M
N20RAJQHaQRuNfMA84q7lj0TE/xfBh+Sy6NY78hYv7rdSru6d83xUK4PY0NOhjLG
AEI++HzbhU2uMBOEmJsyhuaLvT3Q6Ru77aAu1D8yVKO+TzMYVFmlRv+3aTn+wt+d
Tcb/K2TWEmm4+yxYHOP00oml9YleanUnJvSExL3JnzDkON0=
-----END CERTIFICATE-----