Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/8I731pLlO7OZA-KP6_7Tyd0X0p8.roa
File:                     8I731pLlO7OZA-KP6_7Tyd0X0p8.roa (raw, json)
Hash identifier:          AgOQfpoBY8oNnSKqmzrHEGGLFBw8XUwNyYW1y0VgcFQ=
Subject key identifier:   F0:8E:F7:D6:92:E5:3B:B3:99:03:E2:8F:EB:FE:D3:C9:DD:17:D2:9F
Certificate issuer:       /CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
Certificate serial:       0194221F7A63D6C7B0C7513DC85D681ED3AB
Authority key identifier: 29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/8I731pLlO7OZA-KP6_7Tyd0X0p8.roa
Signing time:             Wed 01 Jan 2025 13:47:55 +0000
ROA not before:           Wed 01 Jan 2025 13:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        2a01:e900:f0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:7a:63:d6:c7:b0:c7:51:3d:c8:5d:68:1e:d3:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
        Validity
            Not Before: Jan  1 13:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f08ef7d692e53bb39903e28febfed3c9dd17d29f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:35:9a:91:70:b5:a1:08:f5:0d:5e:ee:5f:cb:
                    d4:f0:d1:9f:03:fa:6a:7d:bc:d0:d9:e7:38:9b:01:
                    dc:49:f2:9d:09:3d:1b:b6:48:5b:9b:3f:1e:24:ed:
                    99:ed:8d:ac:2c:c7:38:51:fb:95:f5:0d:eb:3b:93:
                    5e:23:da:07:ea:a6:f0:ea:6d:43:29:a5:bb:01:34:
                    ff:cb:91:8c:18:78:38:54:32:7b:b2:0d:10:4f:13:
                    f9:32:b9:99:59:cd:48:18:c8:3b:44:ea:56:ab:93:
                    e9:46:2f:33:e4:5e:7a:da:b5:04:e0:b6:7b:51:c1:
                    f4:c7:d2:01:80:f8:50:24:dd:3c:13:83:a3:e4:69:
                    a4:9a:63:92:ea:65:3f:26:bc:5f:a2:11:e9:dd:e2:
                    9c:d0:d1:e8:6e:7c:af:c1:b4:b3:19:1e:68:79:c2:
                    75:fa:8a:99:2b:d2:f3:53:09:a9:75:33:d8:44:cd:
                    cf:86:bf:98:34:06:32:df:12:b9:f6:c4:85:f8:2a:
                    c5:d0:7b:70:e0:19:1e:b8:b4:11:92:86:6c:61:f1:
                    57:dd:05:89:31:3c:59:a1:cc:59:8c:45:b2:1c:9c:
                    a6:f4:59:66:7f:ae:51:44:56:f0:71:d7:e5:f1:4f:
                    78:db:5e:76:31:c0:24:43:00:d8:2e:b2:eb:f7:75:
                    1a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:8E:F7:D6:92:E5:3B:B3:99:03:E2:8F:EB:FE:D3:C9:DD:17:D2:9F
            X509v3 Authority Key Identifier:
                keyid:29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/8I731pLlO7OZA-KP6_7Tyd0X0p8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e900:f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:1e:a1:76:7d:8c:36:95:7c:dd:1e:4a:e3:70:7a:10:a3:6d:
         d7:3d:56:f2:97:6e:bd:8e:e0:0a:08:80:6a:67:cb:1e:f3:b5:
         93:0a:2f:c7:52:72:87:b7:5b:07:ef:85:8d:a2:59:1b:97:0c:
         e6:ab:19:05:b7:18:4c:e5:64:78:64:2d:99:94:4d:0f:46:c6:
         05:98:e4:db:23:d0:0b:4d:d4:fc:ff:68:28:99:3a:ad:43:48:
         eb:02:d0:78:e6:2b:d6:05:cb:dd:98:ab:84:17:27:15:70:91:
         be:79:33:75:22:cf:02:61:e2:fc:be:b8:49:fa:f5:75:96:66:
         5e:46:e4:dc:e1:b9:c4:ce:e4:fd:b1:bc:15:5b:49:51:60:e2:
         96:b3:aa:1c:0d:ca:c8:fb:4c:d9:8f:55:64:a4:6c:d0:61:7b:
         00:6e:35:8b:c1:ae:b6:f4:94:c1:96:90:4e:aa:d0:57:40:b3:
         30:c1:19:40:08:6b:ac:26:2d:c7:44:a3:0c:91:d7:fe:1e:2a:
         88:2b:f2:fc:af:0d:2c:90:83:a3:d7:85:d7:de:ad:22:b1:56:
         80:d9:16:9e:c5:ef:79:06:0c:f1:71:9f:38:21:77:02:db:d1:
         00:ca:b1:0a:2e:d0:a5:44:9f:d7:2c:66:cf:e3:e9:5a:d0:ed:
         ca:93:cb:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH3pj1sewx1E9yF1oHtOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjhiNGUwZWY4MTA2ZjBlMTJhYjhlNTAxZDJhYTRlMzZi
NzgzYzIwHhcNMjUwMTAxMTM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDhlZjdkNjkyZTUzYmIzOTkwM2UyOGZlYmZlZDNjOWRkMTdkMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTWakXC1oQj1DV7uX8vU8NGfA/pq
fbzQ2ec4mwHcSfKdCT0btkhbmz8eJO2Z7Y2sLMc4UfuV9Q3rO5NeI9oH6qbw6m1D
KaW7ATT/y5GMGHg4VDJ7sg0QTxP5MrmZWc1IGMg7ROpWq5PpRi8z5F562rUE4LZ7
UcH0x9IBgPhQJN08E4Oj5GmkmmOS6mU/JrxfohHp3eKc0NHobnyvwbSzGR5oecJ1
+oqZK9LzUwmpdTPYRM3Phr+YNAYy3xK59sSF+CrF0Htw4BkeuLQRkoZsYfFX3QWJ
MTxZocxZjEWyHJym9Flmf65RRFbwcdfl8U942152McAkQwDYLrLr93UaYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPCO99aS5TuzmQPij+v+08ndF9KfMB8GA1UdIwQY
MBaAFClotODvgQbw4Sq45QHSqk42t4PCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQt
NDRmOGVkNWQ2MWQ3LzEvOEk3MzFwTGxPN09aQS1LUDZfN1R5ZDBYMHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQtNDRmOGVkNWQ2MWQ3
LzEvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHpAADw
MA0GCSqGSIb3DQEBCwUAA4IBAQAkHqF2fYw2lXzdHkrjcHoQo23XPVbyl269juAK
CIBqZ8se87WTCi/HUnKHt1sH74WNolkblwzmqxkFtxhM5WR4ZC2ZlE0PRsYFmOTb
I9ALTdT8/2gomTqtQ0jrAtB45ivWBcvdmKuEFycVcJG+eTN1Is8CYeL8vrhJ+vV1
lmZeRuTc4bnEzuT9sbwVW0lRYOKWs6ocDcrI+0zZj1VkpGzQYXsAbjWLwa629JTB
lpBOqtBXQLMwwRlACGusJi3HRKMMkdf+HiqIK/L8rw0skIOj14XX3q0isVaA2Rae
xe95BgzxcZ84IXcC29EAyrEKLtClRJ/XLGbP4+la0O3Kk8um
-----END CERTIFICATE-----