Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/0mOwovSQfaOTpOjMePlA1vJyx3o.roa
File:                     0mOwovSQfaOTpOjMePlA1vJyx3o.roa (raw, json)
Hash identifier:          UKn/uBWWad1ow9KJDqJ57gBdSqtGNkm8IvDuZQii3FA=
Subject key identifier:   D2:63:B0:A2:F4:90:7D:A3:93:A4:E8:CC:78:F9:40:D6:F2:72:C7:7A
Certificate issuer:       /CN=a82a023ebdb12e971e7a8729d826a7924cf7e832
Certificate serial:       0195B7AC2F77CAED50B3137C0930F38ABE5B
Authority key identifier: A8:2A:02:3E:BD:B1:2E:97:1E:7A:87:29:D8:26:A7:92:4C:F7:E8:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qCoCPr2xLpceeocp2Cankkz36DI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/0mOwovSQfaOTpOjMePlA1vJyx3o.roa
Signing time:             Fri 21 Mar 2025 07:47:49 +0000
ROA not before:           Fri 21 Mar 2025 07:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11506
IP address blocks:        2a13:6203:3000::/44 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/qCoCPr2xLpceeocp2Cankkz36DI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/qCoCPr2xLpceeocp2Cankkz36DI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qCoCPr2xLpceeocp2Cankkz36DI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b7:ac:2f:77:ca:ed:50:b3:13:7c:09:30:f3:8a:be:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a82a023ebdb12e971e7a8729d826a7924cf7e832
        Validity
            Not Before: Mar 21 07:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d263b0a2f4907da393a4e8cc78f940d6f272c77a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7c:bd:5b:90:9b:32:ed:4f:69:f5:fa:3d:19:
                    89:49:69:ee:f1:71:f0:0d:e1:6b:5f:28:f5:73:18:
                    38:52:5e:f2:e1:a0:3a:f3:90:d6:ed:10:22:4c:11:
                    d4:df:59:42:28:92:b8:90:8e:06:91:a5:d0:e4:15:
                    04:8b:1c:07:6d:6d:d3:cb:e7:19:ca:a0:fa:3f:41:
                    97:69:9d:58:d1:39:fd:94:b0:09:7e:1b:a8:4e:dd:
                    b8:5a:e4:44:a4:7f:30:32:d8:64:e7:17:9b:f4:ff:
                    70:91:0b:ff:a8:15:f5:9e:9c:7a:45:ee:10:5c:48:
                    24:a7:2e:94:1a:e9:d9:fe:90:0c:6b:56:d3:e4:8f:
                    b7:d8:12:1f:b2:95:69:42:84:f9:02:3d:d9:42:a4:
                    32:81:ae:4d:67:4c:f0:43:30:4b:c0:6e:cd:01:be:
                    9a:aa:52:11:5d:70:a9:f3:98:e7:40:66:b5:20:a2:
                    a4:4b:b3:a9:c8:37:b5:35:47:34:2b:79:6e:a2:99:
                    be:09:68:0a:c4:9a:e9:11:37:91:06:0d:e9:45:01:
                    23:8a:69:1b:f9:83:6e:bc:a3:37:14:55:c0:09:4a:
                    6d:f6:55:cf:d3:1f:b7:65:65:a5:ee:17:53:70:ed:
                    9b:99:e2:c2:e4:5b:3c:38:75:85:57:16:4c:66:a9:
                    97:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:63:B0:A2:F4:90:7D:A3:93:A4:E8:CC:78:F9:40:D6:F2:72:C7:7A
            X509v3 Authority Key Identifier:
                keyid:A8:2A:02:3E:BD:B1:2E:97:1E:7A:87:29:D8:26:A7:92:4C:F7:E8:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qCoCPr2xLpceeocp2Cankkz36DI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/0mOwovSQfaOTpOjMePlA1vJyx3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/317ddd-687d-458a-9ff5-22fc588bc66f/1/qCoCPr2xLpceeocp2Cankkz36DI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:6203:3000::/44

    Signature Algorithm: sha256WithRSAEncryption
         53:96:8f:3e:42:cd:0b:d4:cc:95:97:bc:d7:1c:c1:9b:e6:fe:
         43:1f:47:bf:c9:e5:63:cf:ee:d5:a7:6e:02:fc:63:e9:79:2e:
         5d:0f:cd:90:cc:0e:3c:33:c1:0c:8d:d2:c6:63:0e:77:51:3d:
         38:64:16:f1:97:ff:e9:9a:e7:5a:03:70:49:78:9b:c1:d4:45:
         e0:11:02:b0:6f:96:1e:1a:e9:f1:55:c3:4f:07:a0:7f:d1:80:
         00:74:95:c8:77:bb:9d:4b:52:dd:80:4e:d6:82:77:ef:4f:35:
         11:42:0d:bd:10:b7:46:71:88:b6:c3:61:81:ef:cf:78:6d:8b:
         25:0d:c9:ef:4f:83:8a:55:e4:d0:83:a0:1d:f3:dd:d7:c7:90:
         ed:3d:6b:bf:fb:7d:92:dd:16:3f:4a:60:d5:d7:db:13:ba:b2:
         41:1d:65:b1:e6:54:93:43:69:ba:2a:1a:23:cd:68:3f:d8:10:
         3f:71:98:97:65:ad:8c:1a:a0:c2:99:25:6a:eb:16:98:ef:4d:
         0b:ce:ed:66:90:de:b2:c1:c5:cb:90:5b:de:5b:41:f5:1b:03:
         73:6d:e6:b2:fa:e0:d5:15:23:b1:6d:f4:19:9d:b7:ad:e7:57:
         0f:83:d2:55:65:7e:66:d9:f6:37:50:8d:70:44:1a:16:96:8a:
         a8:94:13:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZW3rC93yu1QsxN8CTDzir5bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MmEwMjNlYmRiMTJlOTcxZTdhODcyOWQ4MjZhNzkyNGNm
N2U4MzIwHhcNMjUwMzIxMDc0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjYzYjBhMmY0OTA3ZGEzOTNhNGU4Y2M3OGY5NDBkNmYyNzJjNzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3y9W5CbMu1PafX6PRmJSWnu8XHw
DeFrXyj1cxg4Ul7y4aA685DW7RAiTBHU31lCKJK4kI4GkaXQ5BUEixwHbW3Ty+cZ
yqD6P0GXaZ1Y0Tn9lLAJfhuoTt24WuREpH8wMthk5xeb9P9wkQv/qBX1npx6Re4Q
XEgkpy6UGunZ/pAMa1bT5I+32BIfspVpQoT5Aj3ZQqQyga5NZ0zwQzBLwG7NAb6a
qlIRXXCp85jnQGa1IKKkS7OpyDe1NUc0K3luopm+CWgKxJrpETeRBg3pRQEjimkb
+YNuvKM3FFXACUpt9lXP0x+3ZWWl7hdTcO2bmeLC5Fs8OHWFVxZMZqmXFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNJjsKL0kH2jk6TozHj5QNbycsd6MB8GA1UdIwQY
MBaAFKgqAj69sS6XHnqHKdgmp5JM9+gyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUNvQ1ByMnhMcGNlZW9jcDJDYW5ra3ozNkRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8zMTdkZGQtNjg3ZC00NThhLTlmZjUt
MjJmYzU4OGJjNjZmLzEvMG1Pd292U1FmYU9UcE9qTWVQbEExdkp5eDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8zMTdkZGQtNjg3ZC00NThhLTlmZjUtMjJmYzU4OGJjNjZm
LzEvcUNvQ1ByMnhMcGNlZW9jcDJDYW5ra3ozNkRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhNiAzAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBTlo8+Qs0L1MyVl7zXHMGb5v5DH0e/yeVjz+7V
p24C/GPpeS5dD82QzA48M8EMjdLGYw53UT04ZBbxl//pmudaA3BJeJvB1EXgEQKw
b5YeGunxVcNPB6B/0YAAdJXId7udS1LdgE7WgnfvTzURQg29ELdGcYi2w2GB7894
bYslDcnvT4OKVeTQg6Ad893Xx5DtPWu/+32S3RY/SmDV19sTurJBHWWx5lSTQ2m6
KhojzWg/2BA/cZiXZa2MGqDCmSVq6xaY700Lzu1mkN6ywcXLkFveW0H1GwNzbeay
+uDVFSOxbfQZnbet51cPg9JVZX5m2fY3UI1wRBoWloqolBPM
-----END CERTIFICATE-----