Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/83e1fe-3d48-4cd6-a60b-6b27336d269e/1/Jf1OKx1njasgUepF7NPQjYFePjY.roa
File:                     Jf1OKx1njasgUepF7NPQjYFePjY.roa (raw, json)
Hash identifier:          +FbY8K3ltw3fRzjGzqv270MBVQe3sjgedLIQtn2lOs0=
Subject key identifier:   25:FD:4E:2B:1D:67:8D:AB:20:51:EA:45:EC:D3:D0:8D:81:5E:3E:36
Certificate issuer:       /CN=9c7122f2f7fa530bf1a8ffcf96a930f69b30f786
Certificate serial:       019427B58BE9236A78D6E2E08958AF0755C8
Authority key identifier: 9C:71:22:F2:F7:FA:53:0B:F1:A8:FF:CF:96:A9:30:F6:9B:30:F7:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nHEi8vf6UwvxqP_Plqkw9psw94Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/83e1fe-3d48-4cd6-a60b-6b27336d269e/1/Jf1OKx1njasgUepF7NPQjYFePjY.roa
Signing time:             Thu 02 Jan 2025 15:49:56 +0000
ROA not before:           Thu 02 Jan 2025 15:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213792
IP address blocks:        2a01:e0c0::/32 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/83e1fe-3d48-4cd6-a60b-6b27336d269e/1/nHEi8vf6UwvxqP_Plqkw9psw94Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/83e1fe-3d48-4cd6-a60b-6b27336d269e/1/nHEi8vf6UwvxqP_Plqkw9psw94Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nHEi8vf6UwvxqP_Plqkw9psw94Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:8b:e9:23:6a:78:d6:e2:e0:89:58:af:07:55:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c7122f2f7fa530bf1a8ffcf96a930f69b30f786
        Validity
            Not Before: Jan  2 15:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25fd4e2b1d678dab2051ea45ecd3d08d815e3e36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:a3:0c:ac:9f:7c:76:7f:d7:f6:25:93:ee:fc:
                    8a:b7:7d:5e:f2:da:e4:ed:6b:44:a6:d8:a1:55:3b:
                    c9:e2:63:e9:25:fd:5b:ef:54:40:58:f5:3e:56:88:
                    7b:14:7d:21:30:74:3f:e6:7f:b0:16:cf:60:65:63:
                    c3:29:dc:4a:17:15:8a:ce:d4:c3:85:5c:2b:22:84:
                    b7:9c:17:df:90:f4:5c:a6:55:e1:5f:34:5c:73:60:
                    80:28:48:67:f1:d7:e5:58:96:ad:e4:f3:8c:78:8f:
                    56:48:d9:74:bb:ef:95:45:6f:5f:eb:79:94:fe:cd:
                    8e:87:5e:3d:14:e7:0d:a6:c3:77:02:fa:d7:fa:42:
                    66:9a:7f:76:77:44:21:8f:dc:73:41:c9:66:ae:04:
                    87:15:0e:0b:56:b2:4a:3e:76:9e:55:5d:91:cd:ec:
                    8f:06:4d:29:cf:10:16:00:bb:de:88:78:60:94:d9:
                    aa:2d:3b:f9:60:05:f2:48:d1:08:2a:d8:0e:b5:6a:
                    84:12:43:0b:dd:37:bf:4c:9f:43:39:9e:c6:2b:16:
                    9a:07:e3:1f:7d:87:f8:51:96:c5:15:16:9b:fa:4a:
                    39:d7:7a:69:70:46:2d:d7:e0:5f:a1:b8:db:da:f1:
                    07:45:12:c1:5e:ff:44:81:12:fd:88:3f:98:02:7b:
                    f2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:FD:4E:2B:1D:67:8D:AB:20:51:EA:45:EC:D3:D0:8D:81:5E:3E:36
            X509v3 Authority Key Identifier:
                keyid:9C:71:22:F2:F7:FA:53:0B:F1:A8:FF:CF:96:A9:30:F6:9B:30:F7:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nHEi8vf6UwvxqP_Plqkw9psw94Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/83e1fe-3d48-4cd6-a60b-6b27336d269e/1/Jf1OKx1njasgUepF7NPQjYFePjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/83e1fe-3d48-4cd6-a60b-6b27336d269e/1/nHEi8vf6UwvxqP_Plqkw9psw94Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e0c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:47:7d:5c:76:f8:fd:9c:08:45:1c:a6:07:32:62:f4:17:df:
         03:3b:a1:27:c3:38:b1:68:73:c9:f6:94:34:cb:ed:d1:c4:88:
         56:7b:56:2b:ec:c0:43:a1:2b:9b:30:10:e4:1b:ae:21:47:89:
         76:6a:b6:87:f3:2c:cb:57:a6:17:31:57:3b:ed:bf:ab:d5:c1:
         dc:fa:5e:12:a0:43:e8:fe:09:4f:08:3c:f8:9a:65:05:49:94:
         68:51:b4:94:c0:55:ee:82:09:6e:ec:85:91:34:b2:17:b9:ba:
         71:4e:f9:5a:a1:19:95:a2:4c:af:61:30:fd:35:52:7a:4b:86:
         3a:7b:a6:d1:bc:55:4f:82:89:c8:0d:21:c2:92:20:d9:35:9b:
         65:77:a9:82:af:33:2e:a6:a3:52:ba:40:09:ed:82:ac:fa:93:
         ad:66:79:3d:b7:1a:d3:02:ab:00:5a:74:cd:ba:b2:ca:7f:4a:
         ae:96:d0:f4:87:51:2c:97:8c:60:72:e1:60:fe:5b:ce:13:d2:
         ef:4b:47:a2:ba:13:6f:ad:68:06:1c:8b:31:4e:e0:06:11:75:
         a3:43:cc:5d:aa:5f:11:12:2c:da:9f:3b:81:71:36:13:6c:7d:
         2b:63:70:b8:ad:06:2e:77:72:5d:73:5f:e5:61:9f:f8:26:a0:
         ab:79:3b:60
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntYvpI2p41uLgiVivB1XIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNzEyMmYyZjdmYTUzMGJmMWE4ZmZjZjk2YTkzMGY2OWIz
MGY3ODYwHhcNMjUwMTAyMTU0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWZkNGUyYjFkNjc4ZGFiMjA1MWVhNDVlY2QzZDA4ZDgxNWUzZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qMMrJ98dn/X9iWT7vyKt31e8trk
7WtEptihVTvJ4mPpJf1b71RAWPU+Voh7FH0hMHQ/5n+wFs9gZWPDKdxKFxWKztTD
hVwrIoS3nBffkPRcplXhXzRcc2CAKEhn8dflWJat5POMeI9WSNl0u++VRW9f63mU
/s2Oh149FOcNpsN3AvrX+kJmmn92d0Qhj9xzQclmrgSHFQ4LVrJKPnaeVV2RzeyP
Bk0pzxAWALveiHhglNmqLTv5YAXySNEIKtgOtWqEEkML3Te/TJ9DOZ7GKxaaB+Mf
fYf4UZbFFRab+ko513ppcEYt1+Bfobjb2vEHRRLBXv9EgRL9iD+YAnvyEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCX9TisdZ42rIFHqRezT0I2BXj42MB8GA1UdIwQY
MBaAFJxxIvL3+lML8aj/z5apMPabMPeGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkhFaTh2ZjZVd3Z4cVBfUGxxa3c5cHN3OTRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS84M2UxZmUtM2Q0OC00Y2Q2LWE2MGIt
NmIyNzMzNmQyNjllLzEvSmYxT0t4MW5qYXNnVWVwRjdOUFFqWUZlUGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS84M2UxZmUtM2Q0OC00Y2Q2LWE2MGItNmIyNzMzNmQyNjll
LzEvbkhFaTh2ZjZVd3Z4cVBfUGxxa3c5cHN3OTRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgHgwDAN
BgkqhkiG9w0BAQsFAAOCAQEAa0d9XHb4/ZwIRRymBzJi9BffAzuhJ8M4sWhzyfaU
NMvt0cSIVntWK+zAQ6ErmzAQ5BuuIUeJdmq2h/Msy1emFzFXO+2/q9XB3PpeEqBD
6P4JTwg8+JplBUmUaFG0lMBV7oIJbuyFkTSyF7m6cU75WqEZlaJMr2Ew/TVSekuG
Onum0bxVT4KJyA0hwpIg2TWbZXepgq8zLqajUrpACe2CrPqTrWZ5Pbca0wKrAFp0
zbqyyn9KrpbQ9IdRLJeMYHLhYP5bzhPS70tHoroTb61oBhyLMU7gBhF1o0PMXapf
ERIs2p87gXE2E2x9K2NwuK0GLndyXXNf5WGf+Cagq3k7YA==
-----END CERTIFICATE-----