Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/gd86nab0qf28eq3d5pPFq5e9rZo.roa
File:                     gd86nab0qf28eq3d5pPFq5e9rZo.roa (raw, json)
Hash identifier:          OleM9BzJjHgCcSMlxVVC1tH0LyJmqbhh/CO/g3APccs=
Subject key identifier:   81:DF:3A:9D:A6:F4:A9:FD:BC:7A:AD:DD:E6:93:C5:AB:97:BD:AD:9A
Certificate issuer:       /CN=d881e5777cce990c0b2b0f4c29cc8d2cf9afe83b
Certificate serial:       01942144056D4F50331D5C7C5616B45F0A56
Authority key identifier: D8:81:E5:77:7C:CE:99:0C:0B:2B:0F:4C:29:CC:8D:2C:F9:AF:E8:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2IHld3zOmQwLKw9MKcyNLPmv6Ds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/gd86nab0qf28eq3d5pPFq5e9rZo.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.33.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/2IHld3zOmQwLKw9MKcyNLPmv6Ds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/2IHld3zOmQwLKw9MKcyNLPmv6Ds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2IHld3zOmQwLKw9MKcyNLPmv6Ds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:05:6d:4f:50:33:1d:5c:7c:56:16:b4:5f:0a:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d881e5777cce990c0b2b0f4c29cc8d2cf9afe83b
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81df3a9da6f4a9fdbc7aaddde693c5ab97bdad9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d8:a7:d5:9b:19:40:a7:5d:24:36:ed:eb:b8:
                    59:ee:cb:80:e3:cc:32:b1:20:41:73:d3:de:2b:27:
                    b5:e4:9b:af:ff:30:94:95:40:f5:69:d6:d4:f7:44:
                    66:0a:58:03:6c:f6:6e:b5:3f:13:b2:f7:28:b0:07:
                    c1:1a:68:43:f6:42:15:15:f7:b6:e3:c4:b8:a4:30:
                    e9:41:28:07:89:19:b5:be:cc:99:f5:c1:74:7b:f2:
                    b4:50:93:05:9e:ea:a2:d0:e7:cb:b5:fa:30:66:fa:
                    29:7a:52:08:f2:64:59:2a:89:9f:f4:78:f3:a2:c1:
                    c5:69:bd:19:66:22:7d:00:0d:3a:07:cf:32:75:44:
                    23:49:1b:b4:c8:60:aa:fa:bf:8e:56:ad:96:fd:cc:
                    f7:a4:9c:b8:8b:e0:4a:37:e6:00:21:62:26:b9:ac:
                    6d:73:71:b9:58:ee:d8:73:bf:12:2c:b4:8d:52:fa:
                    84:51:d1:81:66:60:49:4c:70:f8:56:64:6b:5e:28:
                    ec:16:4a:09:44:0b:c5:b9:ed:04:97:4e:c7:98:73:
                    15:16:91:8e:30:6b:76:7e:65:e0:f6:5e:36:00:bb:
                    60:35:45:28:13:e5:5d:0a:72:4e:b9:d3:6a:cf:11:
                    5c:84:e7:43:36:3c:73:b0:20:fc:7a:63:30:41:61:
                    d0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:DF:3A:9D:A6:F4:A9:FD:BC:7A:AD:DD:E6:93:C5:AB:97:BD:AD:9A
            X509v3 Authority Key Identifier:
                keyid:D8:81:E5:77:7C:CE:99:0C:0B:2B:0F:4C:29:CC:8D:2C:F9:AF:E8:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2IHld3zOmQwLKw9MKcyNLPmv6Ds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/gd86nab0qf28eq3d5pPFq5e9rZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/3c95f3-dc3d-48eb-b6d7-d835de08bcf6/1/2IHld3zOmQwLKw9MKcyNLPmv6Ds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.33.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5e:a9:f9:36:c2:43:7a:2c:45:9d:3d:0c:2e:7d:67:3d:8a:8b:
         6c:0e:21:f6:de:e4:d8:dc:99:17:87:5c:24:2d:a2:5c:3c:8d:
         1e:33:2c:36:75:c9:10:64:41:ea:92:6e:3b:c4:3d:bd:54:15:
         72:c8:f5:a4:a4:05:b5:3a:72:d6:29:10:74:16:09:f0:09:47:
         b2:58:22:ca:2f:0e:20:ef:ee:af:a7:87:0a:a1:eb:7b:35:83:
         48:3e:e8:9d:d5:ab:ac:0d:2c:e5:71:c6:87:f4:d2:7f:e7:ed:
         31:54:af:cd:7d:36:bd:1c:73:be:70:ba:9b:61:72:58:aa:73:
         5e:08:e6:bf:0e:8a:09:4e:5b:21:f1:c2:4e:6b:db:05:56:07:
         44:c7:fa:1b:60:7a:b9:43:73:e9:04:b1:14:d6:70:c1:69:02:
         2b:89:45:9b:45:b0:cf:f1:e6:01:1e:90:86:84:b1:6d:29:11:
         3f:bc:25:ac:13:21:8f:24:ae:64:1b:45:92:5f:da:72:90:50:
         9e:27:e5:58:36:e9:c9:82:69:22:47:41:be:bb:f5:e5:6f:ca:
         7f:e8:c2:ba:c5:c1:3b:70:d4:0b:42:78:c8:85:95:6d:b2:83:
         cb:dd:e1:d0:21:16:61:a8:16:b6:3f:55:6d:f2:48:3c:18:b6:
         db:b2:1e:3e
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQhRAVtT1AzHVx8Vha0XwpWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ODFlNTc3N2NjZTk5MGMwYjJiMGY0YzI5Y2M4ZDJjZjlh
ZmU4M2IwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWRmM2E5ZGE2ZjRhOWZkYmM3YWFkZGRlNjkzYzVhYjk3YmRhZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9in1ZsZQKddJDbt67hZ7suA48wy
sSBBc9PeKye15Juv/zCUlUD1adbU90RmClgDbPZutT8TsvcosAfBGmhD9kIVFfe2
48S4pDDpQSgHiRm1vsyZ9cF0e/K0UJMFnuqi0OfLtfowZvopelII8mRZKomf9Hjz
osHFab0ZZiJ9AA06B88ydUQjSRu0yGCq+r+OVq2W/cz3pJy4i+BKN+YAIWImuaxt
c3G5WO7Yc78SLLSNUvqEUdGBZmBJTHD4VmRrXijsFkoJRAvFue0El07HmHMVFpGO
MGt2fmXg9l42ALtgNUUoE+VdCnJOudNqzxFchOdDNjxzsCD8emMwQWHQhwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIHfOp2m9Kn9vHqt3eaTxauXva2aMB8GA1UdIwQY
MBaAFNiB5Xd8zpkMCysPTCnMjSz5r+g7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMklIbGQzek9tUXdMS3c5TUtjeU5MUG12NkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8zYzk1ZjMtZGMzZC00OGViLWI2ZDct
ZDgzNWRlMDhiY2Y2LzEvZ2Q4Nm5hYjBxZjI4ZXEzZDVwUEZxNWU5clpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8zYzk1ZjMtZGMzZC00OGViLWI2ZDctZDgzNWRlMDhiY2Y2
LzEvMklIbGQzek9tUXdMS3c5TUtjeU5MUG12NkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjSEwDQYJ
KoZIhvcNAQELBQADggEBAF6p+TbCQ3osRZ09DC59Zz2Ki2wOIfbe5NjcmReHXCQt
olw8jR4zLDZ1yRBkQeqSbjvEPb1UFXLI9aSkBbU6ctYpEHQWCfAJR7JYIsovDiDv
7q+nhwqh63s1g0g+6J3Vq6wNLOVxxof00n/n7TFUr819Nr0cc75wupthcliqc14I
5r8OiglOWyHxwk5r2wVWB0TH+htgerlDc+kEsRTWcMFpAiuJRZtFsM/x5gEekIaE
sW0pET+8JawTIY8krmQbRZJf2nKQUJ4n5Vg26cmCaSJHQb679eVvyn/owrrFwTtw
1AtCeMiFlW2yg8vd4dAhFmGoFrY/VW3ySDwYttuyHj4=
-----END CERTIFICATE-----