Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/tJb8Ts4XgvLq7IFd612PdAoSex8.roa
File:                     tJb8Ts4XgvLq7IFd612PdAoSex8.roa (raw, json)
Hash identifier:          /2oqwW8TIewEulnC/YwP+6MDX06JT0RuhBb946Sy6pg=
Subject key identifier:   B4:96:FC:4E:CE:17:82:F2:EA:EC:81:5D:EB:5D:8F:74:0A:12:7B:1F
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       01941F8C786352ADE276A477841598EF4C75
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/tJb8Ts4XgvLq7IFd612PdAoSex8.roa
Signing time:             Wed 01 Jan 2025 01:48:07 +0000
ROA not before:           Wed 01 Jan 2025 01:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15585
IP address blocks:        2a07:2904::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:78:63:52:ad:e2:76:a4:77:84:15:98:ef:4c:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  1 01:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b496fc4ece1782f2eaec815deb5d8f740a127b1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:df:73:20:bc:2f:a2:72:48:d4:24:f2:83:2a:
                    9b:d7:f3:f4:bd:6a:1c:5f:0c:58:3d:48:5a:45:c4:
                    f7:8f:12:ea:ae:db:b7:b9:07:3f:07:95:f0:63:81:
                    ac:27:0a:5c:ff:23:76:7e:4b:b1:46:7f:b9:ff:9e:
                    72:39:d2:46:4e:c5:d9:a9:7f:32:10:b9:c5:48:8b:
                    15:20:26:1d:aa:5a:a7:95:d5:1b:cb:c3:5e:ae:cd:
                    a3:79:d1:9e:7b:03:01:6e:f9:98:fe:23:9b:b5:c1:
                    9d:f7:87:44:bb:a1:aa:09:84:f7:80:7d:fe:3b:ea:
                    f0:71:3a:a7:e0:e7:73:12:86:44:03:57:25:c3:92:
                    06:25:65:43:77:67:b3:b4:c1:33:1c:82:63:83:6e:
                    54:4c:40:b2:8a:48:33:33:32:a2:04:ec:9e:78:06:
                    76:bd:40:07:9f:83:3b:a7:6d:af:3c:00:ae:8c:bc:
                    f3:79:f0:22:52:87:d9:ec:d6:9e:25:49:b5:a6:be:
                    8d:49:aa:0b:d5:9a:e3:d0:e5:4a:7f:4f:c0:fe:bd:
                    cd:ae:6d:d3:85:c7:da:6b:20:52:70:50:ee:6c:3e:
                    c5:24:a2:95:e0:aa:4d:d5:63:18:f3:ff:99:ab:ff:
                    8f:07:f2:c0:1a:6e:f5:e0:e3:a6:dc:8c:4d:c9:e5:
                    29:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:96:FC:4E:CE:17:82:F2:EA:EC:81:5D:EB:5D:8F:74:0A:12:7B:1F
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/tJb8Ts4XgvLq7IFd612PdAoSex8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2904::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:6c:f8:e9:5e:9c:8c:12:90:b7:fa:90:f9:32:ed:43:0d:30:
         18:e3:c2:7a:c5:7b:8f:91:1c:ef:23:53:d5:a8:52:64:05:7a:
         ad:35:96:41:c3:f4:30:a6:72:1b:13:cf:b3:67:23:c0:0d:24:
         91:2d:25:cc:43:35:ed:25:f4:80:80:8e:71:56:16:3c:0c:6b:
         d8:32:73:cf:18:c2:c9:fc:c3:1e:95:82:4b:fa:71:34:b6:dc:
         65:0b:5a:c4:23:72:10:b5:35:ee:74:ec:eb:9c:62:ab:37:45:
         30:b1:d5:64:07:0f:98:77:5d:88:ef:84:85:a4:36:1b:b8:a2:
         61:d7:13:a7:07:8d:49:b6:92:ad:84:74:50:db:69:b6:40:8f:
         65:b7:aa:cf:4e:81:1b:44:da:ad:0e:1d:04:fd:b5:73:4b:b6:
         03:a6:0d:88:93:d4:9e:00:bc:72:64:ef:8d:a4:27:47:f9:a5:
         de:a3:ed:a4:d1:8f:71:6d:75:1a:16:7c:60:a9:9b:9b:9d:16:
         8b:9b:c5:b1:21:84:08:f3:88:ae:12:95:99:a8:73:8a:c2:65:
         a2:45:2a:e9:ae:9c:90:75:00:a8:16:4b:b7:a7:3f:fb:29:ce:
         89:86:3a:bc:2f:00:fb:ac:92:08:5e:10:43:69:fa:c4:a8:64:
         66:44:72:b4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjHhjUq3idqR3hBWY70x1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDk2ZmM0ZWNlMTc4MmYyZWFlYzgxNWRlYjVkOGY3NDBhMTI3YjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd9zILwvonJI1CTygyqb1/P0vWoc
XwxYPUhaRcT3jxLqrtu3uQc/B5XwY4GsJwpc/yN2fkuxRn+5/55yOdJGTsXZqX8y
ELnFSIsVICYdqlqnldUby8Ners2jedGeewMBbvmY/iObtcGd94dEu6GqCYT3gH3+
O+rwcTqn4OdzEoZEA1clw5IGJWVDd2eztMEzHIJjg25UTECyikgzMzKiBOyeeAZ2
vUAHn4M7p22vPACujLzzefAiUofZ7NaeJUm1pr6NSaoL1Zrj0OVKf0/A/r3Nrm3T
hcfaayBScFDubD7FJKKV4KpN1WMY8/+Zq/+PB/LAGm714OOm3IxNyeUpwwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLSW/E7OF4Ly6uyBXetdj3QKEnsfMB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvdEpiOFRzNFhndkxxN0lGZDYxMlBkQW9TZXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgcpBDAN
BgkqhkiG9w0BAQsFAAOCAQEAd2z46V6cjBKQt/qQ+TLtQw0wGOPCesV7j5Ec7yNT
1ahSZAV6rTWWQcP0MKZyGxPPs2cjwA0kkS0lzEM17SX0gICOcVYWPAxr2DJzzxjC
yfzDHpWCS/pxNLbcZQtaxCNyELU17nTs65xiqzdFMLHVZAcPmHddiO+EhaQ2G7ii
YdcTpweNSbaSrYR0UNtptkCPZbeqz06BG0TarQ4dBP21c0u2A6YNiJPUngC8cmTv
jaQnR/ml3qPtpNGPcW11GhZ8YKmbm50Wi5vFsSGECPOIrhKVmahzisJlokUq6a6c
kHUAqBZLt6c/+ynOiYY6vC8A+6ySCF4QQ2n6xKhkZkRytA==
-----END CERTIFICATE-----