Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/czoe1RLJsx9dA2fYE94xeHxNmO4.roa
File:                     czoe1RLJsx9dA2fYE94xeHxNmO4.roa (raw, json)
Hash identifier:          BpNazVz7pSpyIXBvYFGh8xCscfLMGwTUrkPmKZ9aKwA=
Subject key identifier:   73:3A:1E:D5:12:C9:B3:1F:5D:03:67:D8:13:DE:31:78:7C:4D:98:EE
Certificate issuer:       /CN=8ce735129f777a25bf84727206bf978d9a1db200
Certificate serial:       019421B19AD8F656A253146E7AE82A9117DC
Authority key identifier: 8C:E7:35:12:9F:77:7A:25:BF:84:72:72:06:BF:97:8D:9A:1D:B2:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jOc1Ep93eiW_hHJyBr-XjZodsgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/czoe1RLJsx9dA2fYE94xeHxNmO4.roa
Signing time:             Wed 01 Jan 2025 11:47:55 +0000
ROA not before:           Wed 01 Jan 2025 11:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47530
IP address blocks:        2a03:e60:8000::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/jOc1Ep93eiW_hHJyBr-XjZodsgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/jOc1Ep93eiW_hHJyBr-XjZodsgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jOc1Ep93eiW_hHJyBr-XjZodsgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9a:d8:f6:56:a2:53:14:6e:7a:e8:2a:91:17:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ce735129f777a25bf84727206bf978d9a1db200
        Validity
            Not Before: Jan  1 11:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=733a1ed512c9b31f5d0367d813de31787c4d98ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:71:4f:c9:f3:43:34:50:b5:2d:43:fc:f9:3b:
                    63:d7:a2:00:8a:b9:15:33:e9:cb:81:0e:33:41:ee:
                    75:d2:de:59:12:6b:fa:30:ff:56:8f:23:f7:50:9f:
                    6a:6f:85:82:cb:04:f2:f8:90:35:c3:a5:2d:12:92:
                    80:aa:49:37:2c:21:a0:c4:2c:d0:a4:de:6d:ae:4c:
                    9e:d6:dc:a7:87:aa:49:fd:27:cd:51:68:bf:db:f6:
                    57:e9:64:70:2b:76:09:54:de:b3:1b:cc:34:f2:24:
                    7d:51:d4:db:a8:88:e6:07:b7:de:1f:db:a3:f7:0c:
                    20:39:ff:9e:e2:88:2d:e6:e0:ff:a7:22:ac:3d:65:
                    23:a4:4a:75:96:cc:d8:c3:1d:12:55:c7:4c:8f:e4:
                    bb:d6:e8:38:31:74:cb:8f:a5:25:7c:43:37:ee:23:
                    63:ab:1a:63:2e:d3:71:c5:c1:80:c9:19:6d:5b:71:
                    6f:86:c0:e8:5c:b2:45:eb:c3:f2:38:35:2c:88:ed:
                    43:ca:9c:76:db:a4:aa:17:8a:da:90:c5:b5:c4:44:
                    fc:14:98:7a:5e:eb:62:53:32:e3:51:9c:65:bd:ab:
                    69:47:04:94:13:89:a0:d1:d6:0c:a3:d4:69:56:68:
                    b7:d0:89:65:1a:ac:49:05:7a:e1:b7:ab:64:89:0b:
                    ef:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:3A:1E:D5:12:C9:B3:1F:5D:03:67:D8:13:DE:31:78:7C:4D:98:EE
            X509v3 Authority Key Identifier:
                keyid:8C:E7:35:12:9F:77:7A:25:BF:84:72:72:06:BF:97:8D:9A:1D:B2:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jOc1Ep93eiW_hHJyBr-XjZodsgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/czoe1RLJsx9dA2fYE94xeHxNmO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/jOc1Ep93eiW_hHJyBr-XjZodsgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:e60:8000::/46

    Signature Algorithm: sha256WithRSAEncryption
         6c:91:ea:19:79:5b:83:8c:23:7c:01:dc:cf:da:1d:11:7d:fa:
         d3:a1:49:84:05:ea:74:b4:b7:23:ea:e1:b5:05:59:b9:13:9a:
         69:a9:91:f7:7c:38:58:08:8c:0a:30:b3:40:10:46:9a:60:ef:
         08:b3:6c:7c:84:9e:20:91:80:dc:be:f1:48:7b:15:38:c0:e4:
         da:29:05:8c:00:f5:2e:a6:35:af:a2:f0:b5:c7:e0:45:45:47:
         60:1d:dd:b5:0d:fe:8e:43:b2:65:12:87:00:e2:72:c2:02:95:
         3f:f0:4b:df:2e:dc:46:ec:fb:88:d9:9d:78:44:ec:9e:60:60:
         58:64:0a:b4:8e:97:f7:ba:8e:bb:92:4c:64:b8:d9:f1:bf:44:
         ab:aa:9a:47:83:53:cf:61:29:5b:b1:3e:35:f4:f5:99:25:35:
         dd:51:e5:b0:b8:a2:11:3e:08:79:6f:14:3b:1c:c8:11:28:11:
         ca:9d:e5:8f:1f:0a:b3:40:b5:90:42:a7:63:d9:02:83:31:db:
         f5:3a:8b:64:83:b9:94:a1:36:9e:e4:32:36:a8:10:19:47:e9:
         a2:ee:f7:45:59:67:50:3f:64:5c:70:90:28:dd:b5:9d:25:ea:
         6e:68:c5:89:3d:1d:8b:b7:cc:1e:cd:1c:fa:ad:0e:6f:3e:b2:
         f0:74:e4:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhsZrY9laiUxRueugqkRfcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZTczNTEyOWY3NzdhMjViZjg0NzI3MjA2YmY5NzhkOWEx
ZGIyMDAwHhcNMjUwMTAxMTE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzNhMWVkNTEyYzliMzFmNWQwMzY3ZDgxM2RlMzE3ODdjNGQ5OGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHFPyfNDNFC1LUP8+Ttj16IAirkV
M+nLgQ4zQe510t5ZEmv6MP9WjyP3UJ9qb4WCywTy+JA1w6UtEpKAqkk3LCGgxCzQ
pN5trkye1tynh6pJ/SfNUWi/2/ZX6WRwK3YJVN6zG8w08iR9UdTbqIjmB7feH9uj
9wwgOf+e4ogt5uD/pyKsPWUjpEp1lszYwx0SVcdMj+S71ug4MXTLj6UlfEM37iNj
qxpjLtNxxcGAyRltW3FvhsDoXLJF68PyODUsiO1Dypx226SqF4rakMW1xET8FJh6
XutiUzLjUZxlvatpRwSUE4mg0dYMo9RpVmi30IllGqxJBXrht6tkiQvvAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHM6HtUSybMfXQNn2BPeMXh8TZjuMB8GA1UdIwQY
MBaAFIznNRKfd3olv4Rycga/l42aHbIAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak9jMUVwOTNlaVdfaEhKeUJyLVhqWm9kc2dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9lZGU0YTMtOGYyMC00MDBhLWI4NzYt
Zjc4YzIyMDY1NzVhLzEvY3pvZTFSTEpzeDlkQTJmWUU5NHhlSHhObU80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9lZGU0YTMtOGYyMC00MDBhLWI4NzYtZjc4YzIyMDY1NzVh
LzEvak9jMUVwOTNlaVdfaEhKeUJyLVhqWm9kc2dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgMOYIAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBskeoZeVuDjCN8AdzP2h0RffrToUmEBep0tLcj
6uG1BVm5E5ppqZH3fDhYCIwKMLNAEEaaYO8Is2x8hJ4gkYDcvvFIexU4wOTaKQWM
APUupjWvovC1x+BFRUdgHd21Df6OQ7JlEocA4nLCApU/8EvfLtxG7PuI2Z14ROye
YGBYZAq0jpf3uo67kkxkuNnxv0SrqppHg1PPYSlbsT419PWZJTXdUeWwuKIRPgh5
bxQ7HMgRKBHKneWPHwqzQLWQQqdj2QKDMdv1Ootkg7mUoTae5DI2qBAZR+mi7vdF
WWdQP2RccJAo3bWdJepuaMWJPR2Lt8wezRz6rQ5vPrLwdOQy
-----END CERTIFICATE-----