Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/rTXg68wsMIftLmpexV7EYbNGuq0.roa
File:                     rTXg68wsMIftLmpexV7EYbNGuq0.roa (raw, json)
Hash identifier:          oUuz6Mh1F7BCjTAodcbrClwpt+TS4kM1ywRGR/A1/uk=
Subject key identifier:   AD:35:E0:EB:CC:2C:30:87:ED:2E:6A:5E:C5:5E:C4:61:B3:46:BA:AD
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       01942823CB8BDD2F16AFAD8D5FCCF36FB8F7
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/rTXg68wsMIftLmpexV7EYbNGuq0.roa
Signing time:             Thu 02 Jan 2025 17:50:21 +0000
ROA not before:           Thu 02 Jan 2025 17:50:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15890
IP address blocks:        2a00:ec83::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 04:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:cb:8b:dd:2f:16:af:ad:8d:5f:cc:f3:6f:b8:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 17:50:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad35e0ebcc2c3087ed2e6a5ec55ec461b346baad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0a:f3:6a:18:70:09:ef:1a:52:13:88:d8:f2:
                    7f:06:24:71:d9:b5:41:04:cc:ee:59:50:b8:ff:40:
                    09:a3:82:d3:74:71:77:74:5e:08:24:de:2c:9a:c4:
                    15:f7:50:cf:85:99:41:d4:5a:5b:b4:f7:c5:c5:8b:
                    72:9b:76:a9:53:ae:18:6e:07:c3:4a:cc:7b:a1:8f:
                    c2:0b:dd:85:c2:69:b3:87:05:4c:5b:3b:59:ab:e2:
                    eb:7a:10:2f:55:aa:88:ed:a8:3f:2f:de:af:ce:e7:
                    77:d1:bc:85:a4:65:1a:80:fa:11:ae:7d:fb:dc:a3:
                    72:db:43:f6:e2:1c:41:67:57:29:e5:cd:db:ee:d5:
                    f6:80:b7:7f:67:93:be:79:e9:a8:df:80:75:90:48:
                    fa:a5:85:15:be:98:a1:3c:dc:af:83:59:8f:84:f4:
                    a2:b2:02:36:25:d5:54:95:d5:10:4b:e5:93:c3:e2:
                    f4:54:c0:03:d8:c9:0e:63:da:eb:8f:37:e5:80:30:
                    7d:0d:04:ed:59:27:68:23:e5:11:1c:02:96:b3:79:
                    97:59:b8:4d:2c:c1:8f:fc:c0:66:8c:98:e5:b6:fd:
                    01:5b:b3:d0:a5:c3:98:22:d3:50:cb:a4:d9:e6:59:
                    29:5d:95:63:3e:67:18:ab:34:52:a7:d8:eb:37:ac:
                    91:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:35:E0:EB:CC:2C:30:87:ED:2E:6A:5E:C5:5E:C4:61:B3:46:BA:AD
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/rTXg68wsMIftLmpexV7EYbNGuq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ec83::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:2d:16:43:fd:c9:24:96:20:3d:54:f9:7f:99:3e:38:7c:51:
         69:e9:06:c3:c7:49:a7:d0:0a:f1:38:95:54:6f:0e:11:11:15:
         63:56:30:a5:22:e2:52:d0:75:b6:86:63:f6:11:29:93:35:21:
         d9:b8:d9:3b:1b:4d:cd:d0:b1:86:b3:15:55:87:cc:15:5c:f4:
         5f:45:1a:af:0a:57:5c:47:36:00:00:75:10:4a:88:53:1b:55:
         1f:f6:be:df:e3:c3:5e:f0:85:af:9d:85:2c:a6:c7:d4:e4:6b:
         37:e2:8f:35:f7:44:2a:f3:8e:f1:10:7d:dd:68:05:4f:9a:7d:
         f0:c5:7d:95:77:78:2f:2f:5d:74:65:84:26:34:cb:4a:c9:fb:
         b5:f2:6c:7b:66:1d:e3:38:08:db:4e:81:93:26:32:e9:57:3d:
         5e:79:b7:b1:3b:0a:ed:bc:2b:be:59:11:80:7f:cf:32:36:d2:
         9a:f7:cd:3b:ec:90:ea:dd:b2:2c:7e:ca:e3:c0:ae:46:bd:b3:
         27:87:1c:c0:27:ad:ce:21:38:eb:48:85:0d:34:46:1c:7e:dc:
         59:59:62:18:30:80:d7:3c:6b:67:33:2c:14:00:9b:e5:e5:b6:
         62:16:a1:6d:dc:de:6c:ab:b6:87:5e:ab:8f:8d:a9:68:64:91:
         15:ef:fe:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQoI8uL3S8Wr62NX8zzb7j3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjUwMTAyMTc1MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDM1ZTBlYmNjMmMzMDg3ZWQyZTZhNWVjNTVlYzQ2MWIzNDZiYWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgrzahhwCe8aUhOI2PJ/BiRx2bVB
BMzuWVC4/0AJo4LTdHF3dF4IJN4smsQV91DPhZlB1FpbtPfFxYtym3apU64YbgfD
Ssx7oY/CC92FwmmzhwVMWztZq+LrehAvVaqI7ag/L96vzud30byFpGUagPoRrn37
3KNy20P24hxBZ1cp5c3b7tX2gLd/Z5O+eemo34B1kEj6pYUVvpihPNyvg1mPhPSi
sgI2JdVUldUQS+WTw+L0VMAD2MkOY9rrjzflgDB9DQTtWSdoI+URHAKWs3mXWbhN
LMGP/MBmjJjltv0BW7PQpcOYItNQy6TZ5lkpXZVjPmcYqzRSp9jrN6yR6QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK014OvMLDCH7S5qXsVexGGzRrqtMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvclRYZzY4d3NNSWZ0TG1wZXhWN0VZYk5HdXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgDsgzAN
BgkqhkiG9w0BAQsFAAOCAQEAdy0WQ/3JJJYgPVT5f5k+OHxRaekGw8dJp9AK8TiV
VG8OEREVY1YwpSLiUtB1toZj9hEpkzUh2bjZOxtNzdCxhrMVVYfMFVz0X0UarwpX
XEc2AAB1EEqIUxtVH/a+3+PDXvCFr52FLKbH1ORrN+KPNfdEKvOO8RB93WgFT5p9
8MV9lXd4Ly9ddGWEJjTLSsn7tfJse2Yd4zgI206BkyYy6Vc9Xnm3sTsK7bwrvlkR
gH/PMjbSmvfNO+yQ6t2yLH7K48CuRr2zJ4ccwCetziE460iFDTRGHH7cWVliGDCA
1zxrZzMsFACb5eW2YhahbdzebKu2h16rj42paGSRFe/+JQ==
-----END CERTIFICATE-----