Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/DXe2QCeg44oSwSjch2B9InQFKjo.roa
File:                     DXe2QCeg44oSwSjch2B9InQFKjo.roa (raw, json)
Hash identifier:          K6OnR7hdUcOFhOpAS0quOhv9TOcSZTKYV24C7+i6Ykc=
Subject key identifier:   0D:77:B6:40:27:A0:E3:8A:12:C1:28:DC:87:60:7D:22:74:05:2A:3A
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       019424454545D75AD7FE0FAC34428A8B2690
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/DXe2QCeg44oSwSjch2B9InQFKjo.roa
Signing time:             Wed 01 Jan 2025 23:48:26 +0000
ROA not before:           Wed 01 Jan 2025 23:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207885
IP address blocks:        2a0b:6b86:1100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:45:45:d7:5a:d7:fe:0f:ac:34:42:8a:8b:26:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 23:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d77b64027a0e38a12c128dc87607d2274052a3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:53:46:77:9c:ad:8b:14:90:e9:a3:c0:8e:0f:
                    c8:dd:d7:b6:a9:70:24:a1:e6:56:87:a9:c4:63:8a:
                    24:fb:4b:fb:37:11:bc:be:14:f8:f6:25:41:aa:2e:
                    10:9a:c4:5d:35:75:8f:22:22:09:08:b9:bf:49:85:
                    d6:d1:0c:89:21:11:6f:e6:29:df:5b:9e:25:e6:45:
                    2a:1f:fe:1b:e1:e3:8e:5b:1e:a3:64:c8:5c:0e:69:
                    67:20:01:04:9c:00:3e:f0:29:d7:46:aa:52:b2:e3:
                    71:af:85:b9:11:0b:b6:18:82:cc:65:53:90:f2:c2:
                    ef:65:c7:e6:e5:65:f4:f5:d5:b7:ae:38:5d:7e:26:
                    ee:1d:d6:81:8d:ad:a2:a3:fb:75:64:8c:ef:1c:b4:
                    bc:54:97:12:a0:cf:bb:ca:69:39:b3:4b:4c:d5:59:
                    a8:7f:d4:2c:17:7a:9a:20:29:4f:c5:53:ec:d6:97:
                    00:43:a2:bb:36:33:68:8e:7e:a8:a2:a8:eb:1b:18:
                    23:b0:06:9f:a3:d2:5c:c5:2f:96:dc:98:26:2d:17:
                    7e:84:5e:e3:37:eb:4c:b0:92:48:2a:67:6f:6c:94:
                    ad:22:d4:54:ad:c0:7f:f2:ce:be:f5:59:fd:9b:81:
                    83:54:b3:ac:0c:1c:93:0e:27:25:bc:c4:f5:bb:b2:
                    45:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:77:B6:40:27:A0:E3:8A:12:C1:28:DC:87:60:7D:22:74:05:2A:3A
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/DXe2QCeg44oSwSjch2B9InQFKjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:1100::/40

    Signature Algorithm: sha256WithRSAEncryption
         ba:f6:4c:5a:0f:76:f1:53:73:ff:5d:6c:df:cc:46:4e:b4:cf:
         6c:8c:1d:ba:65:c9:08:cd:49:b2:a4:d5:73:57:4b:54:3f:ae:
         0d:72:e2:60:44:2b:67:df:97:a0:39:ea:8a:19:d4:b6:db:77:
         85:b8:2e:7e:56:7a:b6:cc:b8:58:94:41:e7:4d:3e:68:ed:a1:
         21:3a:23:d6:42:9b:40:d5:8e:e9:e1:a2:b7:3f:36:51:97:38:
         b5:42:40:69:fd:0c:93:f8:17:3c:43:b9:f4:0a:f7:bc:ce:3c:
         7a:c1:e5:ce:bd:f6:74:79:13:53:61:7e:06:03:64:7d:80:99:
         87:5b:90:10:b8:6b:b0:24:e1:86:94:87:c4:7a:d2:ea:6a:81:
         3a:73:59:96:d5:f6:98:b1:f6:a6:f7:5f:8a:ad:a4:a5:e5:d0:
         26:a7:7d:f0:10:b6:a7:a3:cf:09:1d:fb:ba:6b:eb:b1:f5:db:
         cf:b7:8a:fd:9f:6c:99:2e:ef:43:4a:01:e1:36:88:85:70:b3:
         9a:10:91:6c:08:d5:98:6a:e9:6d:02:10:dd:cc:ec:43:de:73:
         9f:3a:d8:19:2b:fe:ae:94:0a:49:aa:9c:4b:bd:88:47:87:f4:
         13:2e:47:2f:99:0f:be:8e:e2:64:0a:f6:76:2b:10:4b:3b:ac:
         12:74:6a:e6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQkRUVF11rX/g+sNEKKiyaQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjUwMTAxMjM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDc3YjY0MDI3YTBlMzhhMTJjMTI4ZGM4NzYwN2QyMjc0MDUyYTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVNGd5ytixSQ6aPAjg/I3de2qXAk
oeZWh6nEY4ok+0v7NxG8vhT49iVBqi4QmsRdNXWPIiIJCLm/SYXW0QyJIRFv5inf
W54l5kUqH/4b4eOOWx6jZMhcDmlnIAEEnAA+8CnXRqpSsuNxr4W5EQu2GILMZVOQ
8sLvZcfm5WX09dW3rjhdfibuHdaBja2io/t1ZIzvHLS8VJcSoM+7ymk5s0tM1Vmo
f9QsF3qaIClPxVPs1pcAQ6K7NjNojn6ooqjrGxgjsAafo9JcxS+W3JgmLRd+hF7j
N+tMsJJIKmdvbJStItRUrcB/8s6+9Vn9m4GDVLOsDByTDiclvMT1u7JFJQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFA13tkAnoOOKEsEo3IdgfSJ0BSo6MB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvRFhlMlFDZWc0NG9Td1NqY2gyQjlJblFGS2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhhEw
DQYJKoZIhvcNAQELBQADggEBALr2TFoPdvFTc/9dbN/MRk60z2yMHbplyQjNSbKk
1XNXS1Q/rg1y4mBEK2ffl6A56ooZ1Lbbd4W4Ln5WerbMuFiUQedNPmjtoSE6I9ZC
m0DVjunhorc/NlGXOLVCQGn9DJP4FzxDufQK97zOPHrB5c699nR5E1NhfgYDZH2A
mYdbkBC4a7Ak4YaUh8R60upqgTpzWZbV9pix9qb3X4qtpKXl0CanffAQtqejzwkd
+7pr67H128+3iv2fbJku70NKAeE2iIVws5oQkWwI1Zhq6W0CEN3M7EPec5862Bkr
/q6UCkmqnEu9iEeH9BMuRy+ZD76O4mQK9nYrEEs7rBJ0auY=
-----END CERTIFICATE-----