Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/3DUEt-aAns-v1SVe6cG9Jeqaah4.roa
File:                     3DUEt-aAns-v1SVe6cG9Jeqaah4.roa (raw, json)
Hash identifier:          80+E6/cb26cmgMWADgR9cowpvlm1kb/qW3Qt9g0U5L8=
Subject key identifier:   DC:35:04:B7:E6:80:9E:CF:AF:D5:25:5E:E9:C1:BD:25:EA:9A:6A:1E
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       019427B636DBEA3CEBBDAD0C285E3D68F2A3
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/3DUEt-aAns-v1SVe6cG9Jeqaah4.roa
Signing time:             Thu 02 Jan 2025 15:50:40 +0000
ROA not before:           Thu 02 Jan 2025 15:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203038
IP address blocks:        2a0a:3507:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:36:db:ea:3c:eb:bd:ad:0c:28:5e:3d:68:f2:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan  2 15:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc3504b7e6809ecfafd5255ee9c1bd25ea9a6a1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9c:6d:b7:00:27:b8:c5:f3:47:71:62:05:3d:
                    ee:60:2e:e9:d7:e3:87:bd:38:ae:f4:4a:c0:8f:43:
                    63:13:17:78:fe:55:7b:07:74:65:21:c4:60:6d:7e:
                    31:db:56:33:ce:cc:e3:ec:fd:f3:7e:18:34:84:b8:
                    7d:22:0e:fd:35:b5:62:43:5d:f6:d8:d3:90:3e:37:
                    76:0c:17:f6:10:ff:41:6b:e4:18:36:4f:b1:6d:a5:
                    13:20:c2:0b:51:f7:7c:f7:74:c1:11:ad:c9:05:80:
                    b9:cf:e5:7f:9c:88:3e:db:c8:93:d8:99:36:8f:2e:
                    d2:03:b5:df:8a:17:a4:d4:5f:ba:c0:78:a1:93:0f:
                    7a:2a:0e:b8:00:35:e5:9f:62:b4:59:47:61:c0:18:
                    52:9c:63:ea:04:b6:4a:d5:6b:17:fc:f1:10:d6:19:
                    c7:a6:1f:11:f9:2c:6e:cc:54:e6:6c:be:5e:3f:ba:
                    52:56:55:e5:22:04:7f:ba:15:a6:f2:ce:dd:5c:69:
                    fc:fc:74:7a:cb:74:8f:45:27:f4:20:34:85:5d:b5:
                    b3:95:ad:73:fc:c0:a1:0b:81:0d:b9:db:9d:65:d1:
                    2a:9b:bf:cb:5e:f2:bc:4e:d5:e3:aa:6b:23:b4:df:
                    a9:b1:1b:91:f8:eb:94:71:1a:70:c7:a8:74:1c:43:
                    f5:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:35:04:B7:E6:80:9E:CF:AF:D5:25:5E:E9:C1:BD:25:EA:9A:6A:1E
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/3DUEt-aAns-v1SVe6cG9Jeqaah4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:3507:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:5c:b9:11:56:eb:74:aa:93:a8:ac:c8:18:65:dc:d2:88:76:
         8b:6c:dd:c0:f6:03:fe:75:8a:d1:0e:c2:79:92:52:22:67:51:
         ea:d6:b3:b7:de:16:11:d0:e1:79:cf:4d:b6:ee:78:ce:27:33:
         a9:ae:a3:81:2d:82:8b:13:21:ae:59:54:70:55:a6:4c:4a:6a:
         4b:7e:39:5c:75:c0:cd:5f:24:be:ce:5b:11:1d:ea:e1:40:83:
         42:73:2e:cf:66:2e:20:86:e3:06:92:27:2c:64:bc:2c:3f:c7:
         07:20:9a:5b:ee:fd:97:ea:f2:ec:e6:ea:5f:f0:3d:33:6a:68:
         13:6f:66:d7:c8:53:cf:5f:6e:96:de:6e:b8:c1:b2:20:66:a6:
         a0:ce:0e:4c:b9:17:0d:1e:49:22:8e:d6:25:58:93:37:7d:24:
         7b:ed:90:81:4a:1d:88:17:c0:dd:e6:99:ea:3d:ce:60:cf:c9:
         c3:05:df:d9:58:16:7f:76:c0:04:a7:90:bf:6f:eb:ef:53:f6:
         15:13:20:cd:9c:0d:0c:3c:06:bc:0b:7f:80:e8:2d:a0:8d:84:
         c8:55:a5:fd:12:1b:00:69:aa:a7:d4:df:07:6a:38:8c:6f:6e:
         ee:8b:2c:f7:7c:48:72:7b:7b:6e:e1:49:d9:17:c2:2d:74:98:
         46:4c:6e:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntjbb6jzrva0MKF49aPKjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjUwMTAyMTU1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzM1MDRiN2U2ODA5ZWNmYWZkNTI1NWVlOWMxYmQyNWVhOWE2YTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpxttwAnuMXzR3FiBT3uYC7p1+OH
vTiu9ErAj0NjExd4/lV7B3RlIcRgbX4x21Yzzszj7P3zfhg0hLh9Ig79NbViQ132
2NOQPjd2DBf2EP9Ba+QYNk+xbaUTIMILUfd893TBEa3JBYC5z+V/nIg+28iT2Jk2
jy7SA7Xfihek1F+6wHihkw96Kg64ADXln2K0WUdhwBhSnGPqBLZK1WsX/PEQ1hnH
ph8R+SxuzFTmbL5eP7pSVlXlIgR/uhWm8s7dXGn8/HR6y3SPRSf0IDSFXbWzla1z
/MChC4ENududZdEqm7/LXvK8TtXjqmsjtN+psRuR+OuUcRpwx6h0HEP1nQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNw1BLfmgJ7Pr9UlXunBvSXqmmoeMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvM0RVRXQtYUFucy12MVNWZTZjRzlKZXFhYWg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgo1BwAB
MA0GCSqGSIb3DQEBCwUAA4IBAQA2XLkRVut0qpOorMgYZdzSiHaLbN3A9gP+dYrR
DsJ5klIiZ1Hq1rO33hYR0OF5z0227njOJzOprqOBLYKLEyGuWVRwVaZMSmpLfjlc
dcDNXyS+zlsRHerhQINCcy7PZi4ghuMGkicsZLwsP8cHIJpb7v2X6vLs5upf8D0z
amgTb2bXyFPPX26W3m64wbIgZqagzg5MuRcNHkkijtYlWJM3fSR77ZCBSh2IF8Dd
5pnqPc5gz8nDBd/ZWBZ/dsAEp5C/b+vvU/YVEyDNnA0MPAa8C3+A6C2gjYTIVaX9
EhsAaaqn1N8HajiMb27uiyz3fEhye3tu4UnZF8ItdJhGTG4r
-----END CERTIFICATE-----