Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/EzX8r9SezGfrHXal3G77ndNZSkQ.roa
File:                     EzX8r9SezGfrHXal3G77ndNZSkQ.roa (raw, json)
Hash identifier:          lRyvOMQHx/0O9J6AfqIyCwhpd6xrgBYFcMx1h3+O/8g=
Subject key identifier:   13:35:FC:AF:D4:9E:CC:67:EB:1D:76:A5:DC:6E:FB:9D:D3:59:4A:44
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019426D99196F99BB61CAEF5A3C2F7EE4BBC
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/EzX8r9SezGfrHXal3G77ndNZSkQ.roa
Signing time:             Thu 02 Jan 2025 11:49:40 +0000
ROA not before:           Thu 02 Jan 2025 11:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215703
IP address blocks:        2a03:5840:115::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:91:96:f9:9b:b6:1c:ae:f5:a3:c2:f7:ee:4b:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 11:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1335fcafd49ecc67eb1d76a5dc6efb9dd3594a44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:92:90:c4:2b:9f:b9:04:b8:45:fb:dd:14:65:
                    ea:c0:19:78:44:8f:d0:1c:1f:20:40:38:0e:b5:65:
                    3a:56:3f:83:89:2f:5c:11:ac:37:84:9b:f8:df:f8:
                    55:79:28:08:9d:d3:bc:d5:c0:fa:06:af:c9:f5:6b:
                    ab:b8:d7:bd:e0:02:e2:41:c9:c6:46:2f:53:53:6b:
                    ff:68:b5:cb:96:4e:78:a7:d4:64:6a:11:5e:fa:c8:
                    e6:af:69:be:a3:74:d5:9c:2b:e3:e1:4c:e2:ac:5c:
                    bb:e9:42:b9:04:a6:86:b1:29:6b:d3:ba:70:c3:a2:
                    49:7c:29:ed:ec:69:e3:4b:e4:07:bb:3e:6e:cc:dd:
                    28:92:83:ef:33:6d:9d:e5:6e:ed:44:d9:ce:41:03:
                    2b:61:f4:08:eb:bf:ab:5b:74:5e:b2:7a:18:f0:c1:
                    3c:ce:85:e7:dd:a8:b6:ed:5b:85:6a:27:84:45:7a:
                    c0:e5:bf:99:92:99:8f:54:9c:80:e1:3b:ed:49:69:
                    e5:58:e2:1b:13:f8:88:e1:48:a4:73:4c:f3:0c:52:
                    22:8d:8a:a1:10:7b:7c:21:b3:09:17:e1:0d:58:06:
                    bb:e2:61:16:6b:a0:98:0e:8d:54:cf:fc:d4:01:f2:
                    1f:8e:1a:b1:26:78:e7:45:db:9a:97:a9:88:d0:71:
                    e7:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:35:FC:AF:D4:9E:CC:67:EB:1D:76:A5:DC:6E:FB:9D:D3:59:4A:44
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/EzX8r9SezGfrHXal3G77ndNZSkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:115::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:86:c4:6e:9a:a3:76:a2:d9:a3:bb:54:3d:9f:f9:b1:90:00:
         0b:63:ac:82:36:1b:ae:f2:ed:30:7f:7c:8c:5f:b6:10:e0:b3:
         e6:8f:dd:fc:d3:01:e8:6c:84:4c:d6:ee:e3:36:de:39:3a:cc:
         fb:f2:0a:d1:67:1d:f5:15:5c:f1:eb:27:c4:dc:70:1d:a3:95:
         66:63:74:54:98:ef:5d:6d:7a:70:61:46:63:5e:fc:12:fb:89:
         ba:eb:92:4a:fc:24:69:78:1f:57:03:54:fe:b8:4b:0c:be:fc:
         3f:1c:0b:c4:82:8c:b5:13:9d:05:be:de:54:9a:75:48:a0:48:
         18:a1:a4:04:a0:b8:2a:ba:9e:56:2e:ce:53:e8:de:46:35:b0:
         f8:6d:b6:5f:3e:9b:dd:0b:5c:b3:a9:97:1b:92:76:8f:e4:6a:
         76:dc:50:6b:b8:14:d6:69:7d:0e:d6:4a:82:4a:76:28:f0:c4:
         37:e1:a3:b1:63:f6:60:62:e3:60:e2:c6:81:99:93:b9:a8:63:
         d6:48:b0:24:6f:fd:46:66:b1:41:04:0f:60:6c:9a:1e:61:79:
         a5:9e:de:b0:e0:2e:8d:0b:20:62:9d:38:1d:d3:1e:e6:8c:c2:
         ee:25:3a:43:c2:20:31:5b:76:04:c1:16:38:3c:7f:33:01:9e:
         08:08:55:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2ZGW+Zu2HK71o8L37ku8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwMTAyMTE0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzM1ZmNhZmQ0OWVjYzY3ZWIxZDc2YTVkYzZlZmI5ZGQzNTk0YTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZKQxCufuQS4RfvdFGXqwBl4RI/Q
HB8gQDgOtWU6Vj+DiS9cEaw3hJv43/hVeSgIndO81cD6Bq/J9WuruNe94ALiQcnG
Ri9TU2v/aLXLlk54p9RkahFe+sjmr2m+o3TVnCvj4UzirFy76UK5BKaGsSlr07pw
w6JJfCnt7GnjS+QHuz5uzN0okoPvM22d5W7tRNnOQQMrYfQI67+rW3ResnoY8ME8
zoXn3ai27VuFaieERXrA5b+ZkpmPVJyA4TvtSWnlWOIbE/iI4Uikc0zzDFIijYqh
EHt8IbMJF+ENWAa74mEWa6CYDo1Uz/zUAfIfjhqxJnjnRdual6mI0HHnhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBM1/K/Unsxn6x12pdxu+53TWUpEMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvRXpYOHI5U2V6R2ZySFhhbDNHNzduZE5aU2tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEV
MA0GCSqGSIb3DQEBCwUAA4IBAQBJhsRumqN2otmju1Q9n/mxkAALY6yCNhuu8u0w
f3yMX7YQ4LPmj9380wHobIRM1u7jNt45Osz78grRZx31FVzx6yfE3HAdo5VmY3RU
mO9dbXpwYUZjXvwS+4m665JK/CRpeB9XA1T+uEsMvvw/HAvEgoy1E50Fvt5UmnVI
oEgYoaQEoLgqup5WLs5T6N5GNbD4bbZfPpvdC1yzqZcbknaP5Gp23FBruBTWaX0O
1kqCSnYo8MQ34aOxY/ZgYuNg4saBmZO5qGPWSLAkb/1GZrFBBA9gbJoeYXmlnt6w
4C6NCyBinTgd0x7mjMLuJTpDwiAxW3YEwRY4PH8zAZ4ICFXH
-----END CERTIFICATE-----