Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/doTkTINLFVROWpT2utaeKFTTyfg.roa
File:                     doTkTINLFVROWpT2utaeKFTTyfg.roa (raw, json)
Hash identifier:          JBSOler1D5ArGxteRfH6QxI8GrNqgOUNUjr08yLOppA=
Subject key identifier:   76:84:E4:4C:83:4B:15:54:4E:5A:94:F6:BA:D6:9E:28:54:D3:C9:F8
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       01941FFA0634D1668C5449A1C6F574BD837A
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/doTkTINLFVROWpT2utaeKFTTyfg.roa
Signing time:             Wed 01 Jan 2025 03:47:46 +0000
ROA not before:           Wed 01 Jan 2025 03:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207083
IP address blocks:        2a0a:c3c5:9000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:06:34:d1:66:8c:54:49:a1:c6:f5:74:bd:83:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 03:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7684e44c834b15544e5a94f6bad69e2854d3c9f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d5:c8:de:0b:ac:80:9c:13:28:1d:96:5e:54:
                    7e:82:8c:de:51:44:2f:20:16:5e:68:51:62:00:05:
                    56:c7:76:6d:92:06:9d:24:70:38:f2:3b:2d:1e:97:
                    d4:c9:d1:77:01:7a:92:c4:8a:a1:87:a4:79:b2:26:
                    5c:16:eb:1a:b5:fa:0a:e7:e0:ae:5b:cd:a7:42:56:
                    d1:0f:4c:b6:72:d9:ba:b7:08:a1:b9:c0:0e:c8:41:
                    db:7a:73:41:fb:b8:59:48:ba:a4:3c:be:53:48:5a:
                    33:05:50:cd:ef:48:00:8f:87:c4:f5:3c:d1:7a:c6:
                    62:af:4d:85:55:35:1a:6f:81:ca:6c:7e:f5:c3:6a:
                    eb:15:95:cc:5f:a0:79:75:89:06:02:7c:6f:f3:a1:
                    d6:ea:cb:1b:5f:da:68:d6:72:51:e9:47:1b:f0:6c:
                    5b:21:3c:b7:08:ed:f2:42:b0:e7:10:e6:ea:99:30:
                    bd:90:8d:82:75:72:7d:74:91:a5:af:2d:7b:3d:ba:
                    fb:28:3d:44:68:77:ff:00:16:be:70:34:94:a2:79:
                    7e:42:f1:7c:07:56:ec:1f:58:37:76:6b:8a:a2:a8:
                    93:22:df:92:f7:ca:35:01:3e:26:f4:b8:ce:9e:57:
                    16:5b:33:ea:c8:cb:87:48:3e:45:ad:85:78:52:51:
                    b2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:84:E4:4C:83:4B:15:54:4E:5A:94:F6:BA:D6:9E:28:54:D3:C9:F8
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/doTkTINLFVROWpT2utaeKFTTyfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:c3c5:9000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1e:36:34:8e:0c:a5:8a:42:a6:d7:3e:24:95:ad:91:b9:95:5e:
         aa:87:c3:0a:dd:6b:4f:61:7b:ef:fd:b9:59:70:a7:f2:14:75:
         20:72:e8:6f:09:96:d0:45:2b:db:5b:63:68:13:9b:32:dc:d7:
         00:5a:81:df:70:2a:61:e8:09:12:1d:4c:b3:32:61:c6:0f:4c:
         3c:9d:2e:19:30:f9:9e:37:9c:f4:98:48:d8:fd:e8:f6:bb:be:
         0c:38:91:8f:e1:14:8c:2e:aa:0d:0a:d5:d3:f4:bb:f2:4a:4e:
         7b:28:72:1c:8f:0b:ad:a8:bd:d9:fb:c5:5b:33:90:f5:ad:38:
         ed:70:de:a7:07:36:e0:bf:91:f7:d4:3b:7a:18:16:89:55:c2:
         06:73:c7:1e:5f:2f:fd:b2:24:3a:5b:a8:b7:29:49:17:cb:f9:
         7d:4f:d5:71:2c:3b:00:68:f4:cb:95:82:e0:7f:c1:1d:b3:d0:
         d0:1b:c9:4b:d3:a6:3c:80:56:d6:0b:48:eb:37:a7:db:2f:04:
         ef:68:b5:b4:72:f4:f8:eb:6e:09:3c:bc:9a:cd:00:8f:78:05:
         a5:68:5d:55:f5:0a:23:b9:cf:6d:15:d3:af:35:97:60:7f:7d:
         98:65:cc:3f:27:ea:c6:a1:76:71:90:ba:56:7d:e0:28:3e:36:
         de:00:f0:46
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQf+gY00WaMVEmhxvV0vYN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUwMTAxMDM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njg0ZTQ0YzgzNGIxNTU0NGU1YTk0ZjZiYWQ2OWUyODU0ZDNjOWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtXI3gusgJwTKB2WXlR+gozeUUQv
IBZeaFFiAAVWx3ZtkgadJHA48jstHpfUydF3AXqSxIqhh6R5siZcFusatfoK5+Cu
W82nQlbRD0y2ctm6twihucAOyEHbenNB+7hZSLqkPL5TSFozBVDN70gAj4fE9TzR
esZir02FVTUab4HKbH71w2rrFZXMX6B5dYkGAnxv86HW6ssbX9po1nJR6Ucb8Gxb
ITy3CO3yQrDnEObqmTC9kI2CdXJ9dJGlry17Pbr7KD1EaHf/ABa+cDSUonl+QvF8
B1bsH1g3dmuKoqiTIt+S98o1AT4m9LjOnlcWWzPqyMuHSD5FrYV4UlGyVwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHaE5EyDSxVUTlqU9rrWnihU08n4MB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvZG9Ua1RJTkxGVlJPV3BUMnV0YWVLRlRUeWZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgrDxZAw
DQYJKoZIhvcNAQELBQADggEBAB42NI4MpYpCptc+JJWtkbmVXqqHwwrda09he+/9
uVlwp/IUdSBy6G8JltBFK9tbY2gTmzLc1wBagd9wKmHoCRIdTLMyYcYPTDydLhkw
+Z43nPSYSNj96Pa7vgw4kY/hFIwuqg0K1dP0u/JKTnsochyPC62ovdn7xVszkPWt
OO1w3qcHNuC/kffUO3oYFolVwgZzxx5fL/2yJDpbqLcpSRfL+X1P1XEsOwBo9MuV
guB/wR2z0NAbyUvTpjyAVtYLSOs3p9svBO9otbRy9Pjrbgk8vJrNAI94BaVoXVX1
CiO5z20V0681l2B/fZhlzD8n6sahdnGQulZ94Cg+Nt4A8EY=
-----END CERTIFICATE-----