Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/PnIUOaZTtm2gYot3Ty_z81HaxFg.roa
File:                     PnIUOaZTtm2gYot3Ty_z81HaxFg.roa (raw, json)
Hash identifier:          iyty2fBHEEZGHeVBEkiIUxtySJJdOiac1gbSc8T8xHg=
Subject key identifier:   3E:72:14:39:A6:53:B6:6D:A0:62:8B:77:4F:2F:F3:F3:51:DA:C4:58
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       019420D5F54683C6630B08F17822B5C8C323
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/PnIUOaZTtm2gYot3Ty_z81HaxFg.roa
Signing time:             Wed 01 Jan 2025 07:48:00 +0000
ROA not before:           Wed 01 Jan 2025 07:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203833
IP address blocks:        2a00:11c0:38::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:f5:46:83:c6:63:0b:08:f1:78:22:b5:c8:c3:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan  1 07:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e721439a653b66da0628b774f2ff3f351dac458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:58:83:db:ee:64:d3:c0:4f:b9:f7:48:98:c7:
                    96:ff:ea:90:54:dd:fb:72:77:07:0f:e8:14:54:84:
                    ec:83:72:d9:2b:71:a8:69:a1:d6:07:5a:25:38:3a:
                    5a:f8:0b:34:b0:c6:e4:f5:91:9d:e4:b7:e2:84:99:
                    c6:b5:08:4c:21:dc:31:51:84:00:49:ed:be:f7:6c:
                    87:48:a7:f2:36:2e:84:89:e2:d0:e7:f4:25:0e:aa:
                    be:b9:31:e8:8a:0d:bd:1d:37:0e:02:99:eb:ea:74:
                    65:29:1a:7c:31:c9:93:c3:1a:93:13:2d:eb:bc:d1:
                    18:78:69:40:dd:e8:17:dd:18:5b:aa:94:10:98:58:
                    a1:cd:f0:e7:eb:85:59:33:61:1e:bb:c4:b4:41:1f:
                    2e:f5:ef:f1:2a:bf:44:06:2b:2e:fc:af:f9:31:9d:
                    5d:66:e2:17:5c:22:77:3a:fe:42:97:ee:89:77:a6:
                    8b:94:e6:1e:87:b3:ef:95:ed:72:6d:f3:c1:77:b7:
                    c0:ce:e0:b6:52:32:77:9e:07:df:dc:e8:f0:8a:8a:
                    62:c0:b3:f1:81:ba:f1:0f:f4:03:88:2a:33:9a:90:
                    48:24:81:3b:2c:3b:bc:b3:21:38:7b:37:25:48:c4:
                    ac:16:f3:49:6e:cb:30:3c:c1:61:ed:0e:2b:d0:94:
                    d6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:72:14:39:A6:53:B6:6D:A0:62:8B:77:4F:2F:F3:F3:51:DA:C4:58
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/PnIUOaZTtm2gYot3Ty_z81HaxFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:11c0:38::/48

    Signature Algorithm: sha256WithRSAEncryption
         cd:0f:11:02:0a:a8:1f:dd:5e:8d:01:28:98:19:1a:da:29:23:
         c4:92:1e:71:f9:33:51:2c:ef:c0:13:2d:73:cf:d3:c0:be:95:
         5a:6b:82:ea:26:e6:72:62:c0:dd:c8:ae:06:b4:6e:9a:4c:d0:
         ea:93:f9:ea:7a:c4:02:d4:a3:de:6f:21:ee:bc:85:b2:d8:00:
         54:4f:88:94:48:7d:99:f1:14:d4:d9:e1:68:42:4c:3b:34:5c:
         90:22:c9:26:f6:97:ff:55:3e:04:71:15:c4:cc:e7:79:d8:dd:
         53:a0:66:15:64:ae:d1:4f:78:e9:f3:f7:b7:d0:f9:f6:38:3b:
         f7:e7:b9:09:2a:fd:0e:e3:fb:a0:24:6a:b8:f8:7b:38:5a:29:
         3e:8a:83:9f:18:8f:d7:2f:8c:7f:39:76:ca:54:c1:67:7e:89:
         75:4f:ba:e7:bf:93:15:e0:39:15:03:d9:81:6f:78:c5:29:df:
         d3:6e:68:43:13:de:e9:fb:83:6f:e0:8d:8e:dc:82:a4:8b:bb:
         5a:af:46:b4:70:2d:d5:12:c3:ac:ee:55:30:88:f9:d7:3f:3f:
         1b:63:4a:db:75:72:14:71:60:23:ea:8a:c4:66:9d:68:6e:86:
         a0:33:8d:6a:9b:f9:4a:29:f5:00:b0:81:f0:b1:ef:7f:db:9f:
         a9:b0:cb:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1fVGg8ZjCwjxeCK1yMMjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjUwMTAxMDc0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTcyMTQzOWE2NTNiNjZkYTA2MjhiNzc0ZjJmZjNmMzUxZGFjNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1iD2+5k08BPufdImMeW/+qQVN37
cncHD+gUVITsg3LZK3GoaaHWB1olODpa+As0sMbk9ZGd5LfihJnGtQhMIdwxUYQA
Se2+92yHSKfyNi6EieLQ5/QlDqq+uTHoig29HTcOApnr6nRlKRp8McmTwxqTEy3r
vNEYeGlA3egX3RhbqpQQmFihzfDn64VZM2Eeu8S0QR8u9e/xKr9EBisu/K/5MZ1d
ZuIXXCJ3Ov5Cl+6Jd6aLlOYeh7Pvle1ybfPBd7fAzuC2UjJ3ngff3OjwiopiwLPx
gbrxD/QDiCozmpBIJIE7LDu8syE4ezclSMSsFvNJbsswPMFh7Q4r0JTWkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD5yFDmmU7ZtoGKLd08v8/NR2sRYMB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvUG5JVU9hWlR0bTJnWW90M1R5X3o4MUhheEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgARwAA4
MA0GCSqGSIb3DQEBCwUAA4IBAQDNDxECCqgf3V6NASiYGRraKSPEkh5x+TNRLO/A
Ey1zz9PAvpVaa4LqJuZyYsDdyK4GtG6aTNDqk/nqesQC1KPebyHuvIWy2ABUT4iU
SH2Z8RTU2eFoQkw7NFyQIskm9pf/VT4EcRXEzOd52N1ToGYVZK7RT3jp8/e30Pn2
ODv357kJKv0O4/ugJGq4+Hs4Wik+ioOfGI/XL4x/OXbKVMFnfol1T7rnv5MV4DkV
A9mBb3jFKd/TbmhDE97p+4Nv4I2O3IKki7tar0a0cC3VEsOs7lUwiPnXPz8bY0rb
dXIUcWAj6orEZp1oboagM41qm/lKKfUAsIHwse9/25+psMvt
-----END CERTIFICATE-----