Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/356qaAYQpDV5m2Riq8A1jSL_myc.roa
File:                     356qaAYQpDV5m2Riq8A1jSL_myc.roa (raw, json)
Hash identifier:          J+LALyAXIHBq3+bBLiTSfwMeZdohnuBRZTHDVc6I9II=
Subject key identifier:   DF:9E:AA:68:06:10:A4:35:79:9B:64:62:AB:C0:35:8D:22:FF:9B:27
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       0194228DB9547B28AAE9BFB01C59B35F382D
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/356qaAYQpDV5m2Riq8A1jSL_myc.roa
Signing time:             Wed 01 Jan 2025 15:48:20 +0000
ROA not before:           Wed 01 Jan 2025 15:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50104
IP address blocks:        2a01:e281:a764::/48 maxlen: 48
                          2a01:e281:b300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:55:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:b9:54:7b:28:aa:e9:bf:b0:1c:59:b3:5f:38:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Jan  1 15:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df9eaa680610a435799b6462abc0358d22ff9b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:03:a7:b3:b6:89:74:c7:31:f6:e4:3e:6b:36:
                    12:dd:f3:31:33:a1:41:1b:4b:2a:d2:6d:3b:34:86:
                    12:fe:b9:0a:4b:78:0d:ad:0d:5c:6e:ed:e9:87:ea:
                    8b:42:ba:00:9b:6c:1b:54:f6:24:eb:d3:cc:3f:5b:
                    00:8c:00:83:a9:36:31:40:e2:fe:f0:bb:6e:8e:f5:
                    83:c4:e7:89:66:a5:3c:f5:57:30:d8:78:59:1b:5e:
                    4d:c8:a1:60:2a:3d:8a:78:7c:64:32:c5:b1:f7:a9:
                    7e:a7:ea:98:f4:1d:15:f8:08:d9:1c:cb:04:12:93:
                    c2:93:06:ed:4e:9b:4f:72:a2:7a:b7:76:3c:9a:82:
                    7f:c0:85:61:a2:d1:9a:32:5e:35:56:47:25:ac:d6:
                    9d:b5:3c:18:3a:90:a0:91:a8:4b:92:9d:97:b8:92:
                    28:11:d4:42:28:d2:42:f4:cc:79:70:bc:73:1b:a5:
                    51:a2:46:75:ab:ef:41:80:d2:92:6d:19:7f:10:f5:
                    5b:35:cb:1e:fb:b3:88:fc:ae:a6:a1:19:fe:83:2e:
                    f1:f5:dd:13:0c:a7:3c:80:f0:5c:52:d1:e2:f6:d8:
                    0b:07:03:fd:29:53:8b:d7:bc:fa:b9:c9:cc:0a:b4:
                    4a:3e:d6:04:5d:2a:3f:8f:ae:e6:69:e2:4c:3f:a9:
                    0d:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:9E:AA:68:06:10:A4:35:79:9B:64:62:AB:C0:35:8D:22:FF:9B:27
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/356qaAYQpDV5m2Riq8A1jSL_myc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:a764::/48
                  2a01:e281:b300::/40

    Signature Algorithm: sha256WithRSAEncryption
         12:cb:c6:fb:cf:86:52:47:09:fd:3e:b1:b9:6a:37:64:98:b6:
         d0:ac:0c:f3:8b:54:64:78:6b:46:d1:58:24:d1:9d:f9:0f:00:
         02:58:20:d0:09:b7:f1:0d:d4:0e:0b:81:62:f9:3c:0c:a6:c9:
         5d:b4:cb:0c:7a:94:a4:64:28:f6:58:1c:e2:69:0e:89:ae:29:
         99:57:45:e8:a5:a2:4b:cb:fe:a3:80:90:b4:21:8e:cb:3c:cc:
         ba:0d:b0:14:23:8c:4d:98:ba:c2:4b:56:08:2c:41:38:46:c6:
         5d:a6:70:5f:3a:e5:f4:7b:59:50:2c:67:11:19:fe:9f:5a:da:
         f3:dc:c4:48:f9:7c:73:f8:78:ab:af:16:55:b9:d3:3f:32:cc:
         0c:bb:09:e1:44:f9:58:94:10:6f:5b:d5:bd:d7:68:76:c1:ec:
         82:36:09:d9:8c:4a:f8:66:02:92:b1:95:64:a3:14:e3:4a:db:
         86:bc:8d:1a:ad:0d:6b:40:13:cc:38:80:42:41:9b:18:e2:a2:
         33:70:7f:d9:fd:65:ac:d7:14:16:dc:b6:64:86:58:9a:6b:b7:
         a8:bf:2b:d1:80:15:11:aa:c4:35:f4:ae:fd:a8:6c:e8:1c:ea:
         a0:89:52:50:69:e6:eb:3c:80:b3:8f:3d:2d:6d:e3:e6:de:28:
         eb:5d:95:43
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQijblUeyiq6b+wHFmzXzgtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjUwMTAxMTU0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjllYWE2ODA2MTBhNDM1Nzk5YjY0NjJhYmMwMzU4ZDIyZmY5YjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwOns7aJdMcx9uQ+azYS3fMxM6FB
G0sq0m07NIYS/rkKS3gNrQ1cbu3ph+qLQroAm2wbVPYk69PMP1sAjACDqTYxQOL+
8LtujvWDxOeJZqU89Vcw2HhZG15NyKFgKj2KeHxkMsWx96l+p+qY9B0V+AjZHMsE
EpPCkwbtTptPcqJ6t3Y8moJ/wIVhotGaMl41VkclrNadtTwYOpCgkahLkp2XuJIo
EdRCKNJC9Mx5cLxzG6VRokZ1q+9BgNKSbRl/EPVbNcse+7OI/K6moRn+gy7x9d0T
DKc8gPBcUtHi9tgLBwP9KVOL17z6ucnMCrRKPtYEXSo/j67maeJMP6kNVwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFN+eqmgGEKQ1eZtkYqvANY0i/5snMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvMzU2cWFBWVFwRFY1bTJSaXE4QTFqU0xfbXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKgHigadk
AwYAKgHigbMwDQYJKoZIhvcNAQELBQADggEBABLLxvvPhlJHCf0+sblqN2SYttCs
DPOLVGR4a0bRWCTRnfkPAAJYINAJt/EN1A4LgWL5PAymyV20ywx6lKRkKPZYHOJp
DomuKZlXReilokvL/qOAkLQhjss8zLoNsBQjjE2YusJLVggsQThGxl2mcF865fR7
WVAsZxEZ/p9a2vPcxEj5fHP4eKuvFlW50z8yzAy7CeFE+ViUEG9b1b3XaHbB7II2
CdmMSvhmApKxlWSjFONK24a8jRqtDWtAE8w4gEJBmxjiojNwf9n9ZazXFBbctmSG
WJprt6i/K9GAFRGqxDX0rv2obOgc6qCJUlBp5us8gLOPPS1t4+beKOtdlUM=
-----END CERTIFICATE-----