Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/xnQXO-GdzqYT8xnvf2QfV59I3Xg.roa
File:                     xnQXO-GdzqYT8xnvf2QfV59I3Xg.roa (raw, json)
Hash identifier:          IkteSeKgTvVciupjXV4uEsrUVMFrczMY/lVRc9unK60=
Subject key identifier:   C6:74:17:3B:E1:9D:CE:A6:13:F3:19:EF:7F:64:1F:57:9F:48:DD:78
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019426D98B33E02CDB67C5153A6396FA80F9
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/xnQXO-GdzqYT8xnvf2QfV59I3Xg.roa
Signing time:             Thu 02 Jan 2025 11:49:38 +0000
ROA not before:           Thu 02 Jan 2025 11:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214387
IP address blocks:        2a03:5840:11f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:8b:33:e0:2c:db:67:c5:15:3a:63:96:fa:80:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 11:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c674173be19dcea613f319ef7f641f579f48dd78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:8b:6d:b0:89:92:0f:ad:1d:a2:4f:af:0b:0a:
                    10:cd:d8:03:27:e4:aa:20:45:78:7b:87:1a:44:24:
                    13:21:26:8a:66:be:43:c3:15:89:cc:2d:d4:8d:6b:
                    e4:dc:85:31:43:5f:ef:a7:fb:8d:a3:01:e0:2f:37:
                    82:e4:4c:66:58:f5:04:c1:4d:68:36:8c:91:3a:cd:
                    66:87:ad:6c:62:04:6b:a2:40:c5:4f:c1:5f:d2:9c:
                    be:48:1a:ff:c7:6c:6c:2a:d9:57:b8:1e:0e:32:f1:
                    96:6f:56:1e:11:a5:52:e1:4a:c2:67:f1:c8:d6:3c:
                    6e:a8:76:25:f3:30:e3:15:89:9f:a9:a4:d8:04:c6:
                    74:23:77:5c:ff:e7:4d:a5:85:da:7d:7a:2d:b4:61:
                    fd:66:3a:e6:3d:52:e7:f2:63:2a:4c:72:ab:cf:10:
                    e6:aa:64:1c:1d:b1:e0:1f:bd:f2:24:25:af:32:4d:
                    85:23:21:b7:65:bf:ef:7d:9e:20:6a:75:48:58:57:
                    a2:35:56:d2:20:b2:6b:fa:18:98:a6:ae:be:40:38:
                    3b:e2:95:6b:8b:01:cf:c1:5f:d7:56:2e:cd:ab:54:
                    76:83:2c:fc:7e:4e:ae:74:34:07:f1:b1:b7:bc:ba:
                    cc:e1:ef:cf:27:7a:18:4a:6f:26:b2:83:04:de:06:
                    d5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:74:17:3B:E1:9D:CE:A6:13:F3:19:EF:7F:64:1F:57:9F:48:DD:78
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/xnQXO-GdzqYT8xnvf2QfV59I3Xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:11f::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:6f:1e:d1:55:ce:e7:d6:ff:86:29:69:8f:b2:68:43:ec:b1:
         4e:af:ae:7b:02:a6:40:82:4a:27:14:73:0e:bd:60:e2:20:0e:
         b6:25:e2:dc:3e:ae:8d:03:88:90:5d:bb:61:6a:b9:12:c4:98:
         7a:66:2f:44:a9:31:91:2e:c4:52:d8:a0:12:ba:bb:fd:da:5d:
         2e:14:ba:b2:f0:eb:30:b6:bb:43:72:a3:26:df:7d:49:cb:c8:
         de:f4:02:58:03:79:bc:3a:74:28:f0:1c:7e:c9:56:27:3b:05:
         b5:01:90:7b:eb:fb:b6:d3:06:12:a1:5f:b5:c2:7d:7d:09:79:
         ee:f9:4c:1c:03:30:7d:e7:5f:34:f7:ce:8f:73:a7:cf:a2:67:
         44:f5:ae:e7:5f:68:e0:1f:f6:54:01:d2:2b:1e:b4:7b:f0:b6:
         ed:0f:8b:64:c9:8b:52:c2:2c:cd:d2:e0:af:71:4a:43:a5:a4:
         04:38:d4:a0:bd:2e:61:8e:ac:2a:1a:f7:1f:10:80:20:17:d4:
         de:dc:43:62:64:f8:7e:f9:72:7d:7f:3b:2f:42:2c:41:fd:dc:
         c3:92:fd:9a:86:ea:77:c4:8b:e8:60:f5:ff:d0:c5:15:23:0e:
         37:f5:0a:07:65:ae:7e:bd:7f:95:c3:4e:4d:dc:f7:17:2c:de:
         8f:44:c5:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2Ysz4CzbZ8UVOmOW+oD5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwMTAyMTE0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjc0MTczYmUxOWRjZWE2MTNmMzE5ZWY3ZjY0MWY1NzlmNDhkZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YttsImSD60dok+vCwoQzdgDJ+Sq
IEV4e4caRCQTISaKZr5DwxWJzC3UjWvk3IUxQ1/vp/uNowHgLzeC5ExmWPUEwU1o
NoyROs1mh61sYgRrokDFT8Ff0py+SBr/x2xsKtlXuB4OMvGWb1YeEaVS4UrCZ/HI
1jxuqHYl8zDjFYmfqaTYBMZ0I3dc/+dNpYXafXottGH9ZjrmPVLn8mMqTHKrzxDm
qmQcHbHgH73yJCWvMk2FIyG3Zb/vfZ4ganVIWFeiNVbSILJr+hiYpq6+QDg74pVr
iwHPwV/XVi7Nq1R2gyz8fk6udDQH8bG3vLrM4e/PJ3oYSm8msoME3gbV7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMZ0Fzvhnc6mE/MZ739kH1efSN14MB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEveG5RWE8tR2R6cVlUOHhudmYyUWZWNTlJM1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEf
MA0GCSqGSIb3DQEBCwUAA4IBAQAbbx7RVc7n1v+GKWmPsmhD7LFOr657AqZAgkon
FHMOvWDiIA62JeLcPq6NA4iQXbtharkSxJh6Zi9EqTGRLsRS2KASurv92l0uFLqy
8OswtrtDcqMm331Jy8je9AJYA3m8OnQo8Bx+yVYnOwW1AZB76/u20wYSoV+1wn19
CXnu+UwcAzB95180986Pc6fPomdE9a7nX2jgH/ZUAdIrHrR78LbtD4tkyYtSwizN
0uCvcUpDpaQEONSgvS5hjqwqGvcfEIAgF9Te3ENiZPh++XJ9fzsvQixB/dzDkv2a
hup3xIvoYPX/0MUVIw439QoHZa5+vX+Vw05N3PcXLN6PRMXr
-----END CERTIFICATE-----