Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/ca3uBchX87aQb2BMcNTeitnNyWg.roa
File:                     ca3uBchX87aQb2BMcNTeitnNyWg.roa (raw, json)
Hash identifier:          xEcjhfiSS5Il6V8TFlEtmg3MeQv6IP4QBvRRpLZDmF4=
Subject key identifier:   71:AD:EE:05:C8:57:F3:B6:90:6F:60:4C:70:D4:DE:8A:D9:CD:C9:68
Certificate issuer:       /CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
Certificate serial:       019424B3AF1A6B88456E2AE263EA60C508A1
Authority key identifier: FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/ca3uBchX87aQb2BMcNTeitnNyWg.roa
Signing time:             Thu 02 Jan 2025 01:49:03 +0000
ROA not before:           Thu 02 Jan 2025 01:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47464
IP address blocks:        2a07:ca00::/30 maxlen: 30
                          2a07:ca04::/32 maxlen: 32
                          2a07:ca05::/32 maxlen: 32
                          2a07:ca06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:af:1a:6b:88:45:6e:2a:e2:63:ea:60:c5:08:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
        Validity
            Not Before: Jan  2 01:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71adee05c857f3b6906f604c70d4de8ad9cdc968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9c:d9:73:e6:c2:9d:59:77:4a:34:41:5e:1b:
                    bb:27:3d:90:90:94:73:58:14:41:da:fc:70:e0:98:
                    4e:ca:c3:c3:76:be:43:3d:07:5b:dc:e7:b5:a9:96:
                    ff:f8:d5:24:d0:c8:14:b8:e8:45:13:3f:31:bd:e0:
                    29:51:c5:f2:4a:4b:0f:9e:59:68:a2:55:d3:59:8c:
                    44:b7:67:19:18:67:71:3b:c0:47:98:a0:b9:30:50:
                    6b:17:43:9a:6a:00:40:d5:20:f5:48:42:3e:24:76:
                    b2:cd:06:82:36:0d:75:43:e6:d5:d6:6e:fb:c4:41:
                    13:ec:b5:cb:98:5b:52:8a:13:03:da:ca:fe:22:42:
                    9f:5a:23:c0:4b:59:f4:94:bf:9b:3e:3d:2a:6f:1f:
                    07:8d:ca:f0:90:59:9c:8a:50:8e:b4:47:86:10:ff:
                    ff:78:5e:57:20:dd:e9:45:96:fa:44:23:d0:53:38:
                    fa:92:97:55:2a:46:d1:e0:33:b7:d5:5f:dc:89:18:
                    13:de:2f:e1:f0:9e:75:6b:63:f5:47:98:e8:76:01:
                    e2:dc:fe:78:84:dc:ea:c7:7c:22:3e:d8:99:a9:ac:
                    0e:9c:4c:4a:5e:85:45:7f:61:a1:b5:90:2c:1e:4e:
                    66:e5:2e:47:cd:83:a7:ec:e8:c7:07:49:72:54:21:
                    39:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:AD:EE:05:C8:57:F3:B6:90:6F:60:4C:70:D4:DE:8A:D9:CD:C9:68
            X509v3 Authority Key Identifier:
                keyid:FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/ca3uBchX87aQb2BMcNTeitnNyWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:ca00::-2a07:ca06:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         8d:11:20:44:f8:59:68:79:0f:80:97:e6:5f:65:ee:b3:90:85:
         31:69:24:98:4b:dc:31:81:a9:d2:1e:5a:c6:d7:a4:57:9a:e7:
         f5:bd:9e:ae:c4:55:31:7a:0b:1c:42:57:7c:aa:6f:2a:d9:58:
         00:81:d7:cc:22:c8:a6:96:92:08:66:47:53:a3:d1:7b:13:dd:
         fc:ff:63:8a:5e:87:d9:42:85:52:b9:f3:1a:b9:7e:fd:72:e4:
         ff:89:89:d8:2f:22:30:26:de:93:f7:85:c8:e0:af:3b:da:5f:
         62:f1:63:9a:a6:29:97:2c:86:b4:7c:1e:5c:15:21:03:ed:91:
         cd:94:96:26:77:4a:c2:11:01:b4:d0:cc:da:f6:50:e8:27:f0:
         67:dc:c1:56:36:bd:e5:ca:b0:28:9d:37:98:26:44:26:d6:18:
         26:b7:00:d5:11:5a:41:4b:d4:6b:45:a3:02:cc:a5:68:88:81:
         1d:0f:49:29:27:2d:e6:ee:be:8a:eb:49:29:01:b1:a4:d4:da:
         bf:df:3c:8f:cd:b3:37:09:f1:67:8e:3a:af:bf:1f:d9:d1:34:
         f3:c1:dc:cc:ed:39:ca:da:dd:38:a7:e8:0d:5f:c4:a9:33:09:
         4e:5e:03:2f:f3:ae:9a:8e:05:62:75:8b:6e:0c:a9:aa:b9:ab:
         6a:8f:8e:19
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZQks68aa4hFbiriY+pgxQihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYjI2Mjc2NzI4NzdkMGY2ZGU5YmM0ZTdlMTg2ZWVkZDEz
NTYxMTAwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWFkZWUwNWM4NTdmM2I2OTA2ZjYwNGM3MGQ0ZGU4YWQ5Y2RjOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pzZc+bCnVl3SjRBXhu7Jz2QkJRz
WBRB2vxw4JhOysPDdr5DPQdb3Oe1qZb/+NUk0MgUuOhFEz8xveApUcXySksPnllo
olXTWYxEt2cZGGdxO8BHmKC5MFBrF0OaagBA1SD1SEI+JHayzQaCNg11Q+bV1m77
xEET7LXLmFtSihMD2sr+IkKfWiPAS1n0lL+bPj0qbx8HjcrwkFmcilCOtEeGEP//
eF5XIN3pRZb6RCPQUzj6kpdVKkbR4DO31V/ciRgT3i/h8J51a2P1R5jodgHi3P54
hNzqx3wiPtiZqawOnExKXoVFf2GhtZAsHk5m5S5HzYOn7OjHB0lyVCE5AQIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFHGt7gXIV/O2kG9gTHDU3orZzcloMB8GA1UdIwQY
MBaAFP+yYnZyh30Pbem8Tn4Ybu3RNWEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgt
MTk3NDY5NDc1NThkLzEvY2EzdUJjaFg4N2FRYjJCTWNOVGVpdG5OeVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgtMTk3NDY5NDc1NThk
LzEvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPMA0DBAEqB8oD
BQAqB8oGMA0GCSqGSIb3DQEBCwUAA4IBAQCNESBE+FloeQ+Al+ZfZe6zkIUxaSSY
S9wxganSHlrG16RXmuf1vZ6uxFUxegscQld8qm8q2VgAgdfMIsimlpIIZkdTo9F7
E938/2OKXofZQoVSufMauX79cuT/iYnYLyIwJt6T94XI4K872l9i8WOapimXLIa0
fB5cFSED7ZHNlJYmd0rCEQG00Mza9lDoJ/Bn3MFWNr3lyrAonTeYJkQm1hgmtwDV
EVpBS9RrRaMCzKVoiIEdD0kpJy3m7r6K60kpAbGk1Nq/3zyPzbM3CfFnjjqvvx/Z
0TTzwdzM7TnK2t04p+gNX8SpMwlOXgMv866ajgVidYtuDKmquatqj44Z
-----END CERTIFICATE-----