Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/0EOjf23f5uNRl8AKwLrSjcuzQ-M.roa
File:                     0EOjf23f5uNRl8AKwLrSjcuzQ-M.roa (raw, json)
Hash identifier:          TiKzyeJ1GrbpU3aFoto+cFftuRE3qJmGtPjLqVBjD3g=
Subject key identifier:   D0:43:A3:7F:6D:DF:E6:E3:51:97:C0:0A:C0:BA:D2:8D:CB:B3:43:E3
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       0194DA9022521B9996F2E39BAA37F248F1B7
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/0EOjf23f5uNRl8AKwLrSjcuzQ-M.roa
Signing time:             Thu 06 Feb 2025 09:21:06 +0000
ROA not before:           Thu 06 Feb 2025 09:21:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210675
IP address blocks:        2a00:7180:8014::/46 maxlen: 46
                          2a04:800:4000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 04:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:da:90:22:52:1b:99:96:f2:e3:9b:aa:37:f2:48:f1:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Feb  6 09:21:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d043a37f6ddfe6e35197c00ac0bad28dcbb343e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6f:7a:48:f5:78:07:cf:72:6b:4d:11:06:c3:
                    03:38:f5:38:2d:7f:4a:4f:91:0f:b5:2a:e7:3a:e7:
                    72:03:c5:5c:12:f5:95:40:03:48:60:fd:dc:91:06:
                    d0:43:1d:90:8d:27:79:99:2b:af:85:71:b3:64:30:
                    97:b9:82:ee:25:77:e7:24:25:16:1b:d4:e4:33:89:
                    ca:49:8b:ab:58:48:b3:f3:06:a3:a6:3e:77:8d:63:
                    ed:01:23:b1:6b:da:ed:4b:7d:35:2e:88:0c:ea:2e:
                    3a:82:ce:23:c8:a9:18:1b:b3:25:b4:2e:4a:90:2c:
                    38:93:6b:98:0a:37:0e:da:b5:80:aa:cf:52:53:de:
                    88:ee:31:af:55:c6:f4:c5:32:3c:39:4d:c5:f0:f7:
                    b1:fb:88:9c:b6:ba:de:b6:e5:7d:46:6c:4c:0b:ae:
                    7c:67:a5:d1:c3:f8:46:d6:e2:18:8e:e0:cf:18:53:
                    0e:72:4c:97:79:05:50:c7:c0:ac:6d:8a:76:e7:66:
                    51:f0:45:5d:a4:ee:eb:aa:88:d1:8a:b7:88:e8:84:
                    fc:8e:8c:d2:95:42:ad:0c:e7:d1:2c:a6:e1:a9:96:
                    a0:54:0f:7d:56:37:de:13:b2:df:05:37:20:27:3e:
                    8e:aa:47:0f:6c:eb:ae:c2:19:0c:3a:95:b6:8e:f5:
                    d1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:43:A3:7F:6D:DF:E6:E3:51:97:C0:0A:C0:BA:D2:8D:CB:B3:43:E3
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/0EOjf23f5uNRl8AKwLrSjcuzQ-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:7180:8014::/46
                  2a04:800:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         91:57:46:eb:43:9b:a1:b7:99:7f:e2:4d:02:ff:3d:51:11:f3:
         28:da:a5:b3:77:52:0e:ff:02:9a:98:a4:79:2a:12:1b:88:47:
         c6:f5:36:d2:86:e9:12:1d:39:d3:47:53:c2:ec:5d:35:7d:fb:
         3f:24:f1:9a:ac:06:92:2d:0a:04:9a:a8:62:05:db:2d:e8:90:
         c3:99:3a:55:a2:ab:63:b0:ec:b9:36:fb:f8:8e:4b:cc:f6:b0:
         77:4c:04:11:ec:2c:2a:6c:ee:fb:b3:96:7a:23:4b:ed:2e:55:
         b4:9a:24:66:51:f8:00:d8:31:c7:c0:41:65:30:a7:bb:e6:94:
         9a:dd:80:96:41:d0:19:8e:c4:92:dd:bf:4a:dd:86:fe:f7:b5:
         8b:5b:c2:14:2d:df:e1:57:6e:35:3e:f0:e2:74:ac:3e:ed:dd:
         4e:b9:fa:9a:c3:54:01:b1:df:82:c4:b5:92:71:05:a9:0c:a5:
         2b:94:34:00:d7:16:6e:da:20:42:6f:4a:a5:dc:f8:00:05:d5:
         81:c3:26:9c:43:23:67:07:f6:bd:ce:e2:03:0a:eb:d4:3f:6a:
         c9:c0:87:6f:31:9d:16:d0:9a:70:a2:66:9f:a9:74:ba:22:c4:
         b9:09:c1:2c:43:e5:de:47:45:2a:29:09:a1:14:94:02:22:5e:
         b8:63:42:c6
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZTakCJSG5mW8uObqjfySPG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjUwMjA2MDkyMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDQzYTM3ZjZkZGZlNmUzNTE5N2MwMGFjMGJhZDI4ZGNiYjM0M2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqm96SPV4B89ya00RBsMDOPU4LX9K
T5EPtSrnOudyA8VcEvWVQANIYP3ckQbQQx2QjSd5mSuvhXGzZDCXuYLuJXfnJCUW
G9TkM4nKSYurWEiz8wajpj53jWPtASOxa9rtS301LogM6i46gs4jyKkYG7MltC5K
kCw4k2uYCjcO2rWAqs9SU96I7jGvVcb0xTI8OU3F8Pex+4ictrretuV9RmxMC658
Z6XRw/hG1uIYjuDPGFMOckyXeQVQx8CsbYp252ZR8EVdpO7rqojRireI6IT8jozS
lUKtDOfRLKbhqZagVA99VjfeE7LfBTcgJz6OqkcPbOuuwhkMOpW2jvXR8QIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFNBDo39t3+bjUZfACsC60o3Ls0PjMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvMEVPamYyM2Y1dU5SbDhBS3dMclNqY3V6US1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcCKgBxgIAU
AwYEKgQIAEAwDQYJKoZIhvcNAQELBQADggEBAJFXRutDm6G3mX/iTQL/PVER8yja
pbN3Ug7/ApqYpHkqEhuIR8b1NtKG6RIdOdNHU8LsXTV9+z8k8ZqsBpItCgSaqGIF
2y3okMOZOlWiq2Ow7Lk2+/iOS8z2sHdMBBHsLCps7vuzlnojS+0uVbSaJGZR+ADY
McfAQWUwp7vmlJrdgJZB0BmOxJLdv0rdhv73tYtbwhQt3+FXbjU+8OJ0rD7t3U65
+prDVAGx34LEtZJxBakMpSuUNADXFm7aIEJvSqXc+AAF1YHDJpxDI2cH9r3O4gMK
69Q/asnAh28xnRbQmnCiZp+pdLoixLkJwSxD5d5HRSopCaEUlAIiXrhjQsY=
-----END CERTIFICATE-----