Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/DcjYYjhsHbjRz2BRwn39VxHlNjI.roa
File:                     DcjYYjhsHbjRz2BRwn39VxHlNjI.roa (raw, json)
Hash identifier:          Nq8VddF1MFSrpuvT27YW3AJCDDZOvbday1gSYp2MpMA=
Subject key identifier:   0D:C8:D8:62:38:6C:1D:B8:D1:CF:60:51:C2:7D:FD:57:11:E5:36:32
Certificate issuer:       /CN=7e3150f8c67063121027328954968d08d4cf329a
Certificate serial:       01973C346C00FF9F5F17DC915AD272CD8295
Authority key identifier: 7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/DcjYYjhsHbjRz2BRwn39VxHlNjI.roa
Signing time:             Wed 04 Jun 2025 18:29:17 +0000
ROA not before:           Wed 04 Jun 2025 18:29:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203062
IP address blocks:        2a06:2c80:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3c:34:6c:00:ff:9f:5f:17:dc:91:5a:d2:72:cd:82:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e3150f8c67063121027328954968d08d4cf329a
        Validity
            Not Before: Jun  4 18:29:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0dc8d862386c1db8d1cf6051c27dfd5711e53632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a5:37:cf:72:03:ef:ca:e6:93:00:9b:5e:4c:
                    84:c8:00:0e:10:21:95:64:54:97:dd:4b:9c:c6:fa:
                    24:a3:56:62:2b:0a:98:72:43:3d:bc:ff:83:48:6e:
                    29:77:0e:4f:ac:ad:0d:99:c3:49:cf:aa:e4:ae:a7:
                    6e:44:56:02:a9:62:b6:4f:85:c7:d5:74:d1:c6:04:
                    fc:fe:a5:6b:f4:d9:8c:02:01:c7:b1:1a:48:49:da:
                    44:d4:8c:3d:26:32:f9:d4:9d:0c:71:e3:a2:a9:44:
                    1e:33:17:37:df:18:cd:77:e0:59:45:4f:fc:2e:b3:
                    ce:ca:81:5b:f5:ca:f0:44:08:98:f2:f0:ec:dd:59:
                    76:a5:c2:c3:ac:6b:3b:3b:7c:d0:f1:54:4b:f3:23:
                    86:26:78:29:f8:13:33:19:53:ae:38:f4:83:c2:5a:
                    3e:a5:18:5b:26:f4:b4:7b:c8:b3:fe:ec:fa:4e:c1:
                    86:bc:a6:9a:0d:35:21:ea:0b:9e:fc:58:bf:9a:9d:
                    20:2a:ec:d6:d2:25:14:d4:84:88:0d:72:71:50:31:
                    ce:67:69:1c:75:27:17:02:43:a4:90:39:61:24:9f:
                    a9:b5:10:7b:ec:fb:3d:27:c8:cb:7f:0c:39:5b:d5:
                    11:d7:5b:53:e8:a0:b3:41:74:62:d1:dc:53:03:99:
                    16:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:C8:D8:62:38:6C:1D:B8:D1:CF:60:51:C2:7D:FD:57:11:E5:36:32
            X509v3 Authority Key Identifier:
                keyid:7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/DcjYYjhsHbjRz2BRwn39VxHlNjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:2c80:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         07:3a:b7:4a:0a:b6:01:c8:76:d4:fa:d4:56:50:55:60:97:32:
         1b:84:02:c3:43:1e:5d:1a:f3:37:98:12:95:57:11:10:c6:7c:
         73:8e:f7:94:5a:f2:36:df:fa:eb:02:9f:86:56:28:4a:ad:dd:
         28:39:60:d4:ea:33:55:82:d1:32:b9:e0:a7:bb:4a:5c:3b:33:
         5d:09:97:9e:49:47:06:a7:5b:86:c5:94:81:68:b0:87:62:37:
         ea:1e:de:d3:40:15:6a:1b:bc:dc:b2:de:4c:e1:2a:da:bd:0a:
         fe:11:0e:f7:16:3c:2a:57:cf:cd:df:05:6e:8c:6c:c3:cc:96:
         96:97:d4:d3:ff:9e:82:2f:0e:59:b1:dd:dd:33:01:ac:c6:14:
         73:cb:87:03:c2:50:e8:f2:e2:4d:5b:15:2e:47:ea:96:20:59:
         9a:4a:61:8f:81:24:cb:2c:c5:bd:87:a7:c7:9f:0f:87:a9:39:
         f7:a2:7c:1b:34:20:3d:05:9f:34:42:4b:a3:91:ff:35:35:f8:
         dd:0c:eb:b5:d1:e0:34:e3:12:e5:3f:f8:6a:82:f4:7c:83:40:
         ce:8e:5d:7f:0e:81:85:f2:e0:5a:e6:3a:69:ec:44:bf:6e:71:
         58:ee:8f:7c:25:e5:aa:aa:c4:6f:ac:ef:6a:ab:53:54:de:37:
         a4:cb:d7:f1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZc8NGwA/59fF9yRWtJyzYKVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMzE1MGY4YzY3MDYzMTIxMDI3MzI4OTU0OTY4ZDA4ZDRj
ZjMyOWEwHhcNMjUwNjA0MTgyOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGM4ZDg2MjM4NmMxZGI4ZDFjZjYwNTFjMjdkZmQ1NzExZTUzNjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqU3z3ID78rmkwCbXkyEyAAOECGV
ZFSX3Uucxvoko1ZiKwqYckM9vP+DSG4pdw5PrK0NmcNJz6rkrqduRFYCqWK2T4XH
1XTRxgT8/qVr9NmMAgHHsRpISdpE1Iw9JjL51J0MceOiqUQeMxc33xjNd+BZRU/8
LrPOyoFb9crwRAiY8vDs3Vl2pcLDrGs7O3zQ8VRL8yOGJngp+BMzGVOuOPSDwlo+
pRhbJvS0e8iz/uz6TsGGvKaaDTUh6gue/Fi/mp0gKuzW0iUU1ISIDXJxUDHOZ2kc
dScXAkOkkDlhJJ+ptRB77Ps9J8jLfww5W9UR11tT6KCzQXRi0dxTA5kW9wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFA3I2GI4bB240c9gUcJ9/VcR5TYyMB8GA1UdIwQY
MBaAFH4xUPjGcGMSECcyiVSWjQjUzzKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAt
OTM1ZTQxOGJkYmU3LzEvRGNqWVlqaHNIYmpSejJCUnduMzlWeEhsTmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAtOTM1ZTQxOGJkYmU3
LzEvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgYsgBAw
DQYJKoZIhvcNAQELBQADggEBAAc6t0oKtgHIdtT61FZQVWCXMhuEAsNDHl0a8zeY
EpVXERDGfHOO95Ra8jbf+usCn4ZWKEqt3Sg5YNTqM1WC0TK54Ke7Slw7M10Jl55J
RwanW4bFlIFosIdiN+oe3tNAFWobvNyy3kzhKtq9Cv4RDvcWPCpXz83fBW6MbMPM
lpaX1NP/noIvDlmx3d0zAazGFHPLhwPCUOjy4k1bFS5H6pYgWZpKYY+BJMssxb2H
p8efD4epOfeifBs0ID0FnzRCS6OR/zU1+N0M67XR4DTjEuU/+GqC9HyDQM6OXX8O
gYXy4FrmOmnsRL9ucVjuj3wl5aqqxG+s72qrU1TeN6TL1/E=
-----END CERTIFICATE-----