Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/DIE8I2jSYJw1iPn53kJ95RcCbxo.roa
File:                     DIE8I2jSYJw1iPn53kJ95RcCbxo.roa (raw, json)
Hash identifier:          kFhPVa4owPYWY1rhZMnySpnck8FXSABjPU/8pN/3/Ps=
Subject key identifier:   0C:81:3C:23:68:D2:60:9C:35:88:F9:F9:DE:42:7D:E5:17:02:6F:1A
Certificate issuer:       /CN=7e26b1ef7410072ce96e82d7581be436e639a7c4
Certificate serial:       019634D8B679DB89551B453C658B2376D41C
Authority key identifier: 7E:26:B1:EF:74:10:07:2C:E9:6E:82:D7:58:1B:E4:36:E6:39:A7:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiax73QQByzpboLXWBvkNuY5p8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/DIE8I2jSYJw1iPn53kJ95RcCbxo.roa
Signing time:             Mon 14 Apr 2025 15:08:59 +0000
ROA not before:           Mon 14 Apr 2025 15:08:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43298
IP address blocks:        2a06:a180:20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/fiax73QQByzpboLXWBvkNuY5p8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/fiax73QQByzpboLXWBvkNuY5p8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiax73QQByzpboLXWBvkNuY5p8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:34:d8:b6:79:db:89:55:1b:45:3c:65:8b:23:76:d4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e26b1ef7410072ce96e82d7581be436e639a7c4
        Validity
            Not Before: Apr 14 15:08:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c813c2368d2609c3588f9f9de427de517026f1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:70:28:d2:6a:8a:33:9d:ac:6a:da:2d:0d:77:
                    f2:27:a0:fe:41:ee:c9:fa:62:95:e6:e3:9b:54:76:
                    49:4e:23:90:f0:64:c9:93:af:d8:3b:ac:39:43:a9:
                    a0:bc:5e:ab:55:60:13:3f:10:85:20:3a:71:29:69:
                    fe:51:2b:95:15:f1:5b:b3:7b:59:c8:2d:3b:27:ae:
                    80:68:7d:1b:e9:be:8b:ca:96:d7:cd:e0:25:dc:1e:
                    a7:52:96:84:06:f2:87:7d:61:3b:9f:28:43:d0:f1:
                    06:4e:a0:a1:4f:6c:29:83:35:b8:c4:18:c1:46:32:
                    93:d4:a1:b3:b6:a0:97:83:89:16:f9:a5:0e:59:dd:
                    ba:32:94:5f:87:03:47:80:f7:3c:d8:de:82:59:62:
                    ca:5e:c8:88:39:f1:2b:d8:cd:89:90:21:e3:06:50:
                    cf:c7:aa:12:db:1f:cc:9b:4d:e5:5b:33:e7:1e:86:
                    31:b6:99:ea:36:a1:93:b6:30:cb:20:ac:a0:c0:24:
                    3f:53:97:44:09:aa:b0:ec:05:68:98:72:d3:53:97:
                    b6:2b:e8:fa:8a:af:aa:0a:d6:91:71:fc:af:bb:44:
                    d2:3a:78:25:c6:0a:ab:2c:e6:75:89:81:6d:c2:0e:
                    99:35:c7:0c:0e:64:49:27:c0:8e:0a:f1:59:76:6e:
                    bb:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:81:3C:23:68:D2:60:9C:35:88:F9:F9:DE:42:7D:E5:17:02:6F:1A
            X509v3 Authority Key Identifier:
                keyid:7E:26:B1:EF:74:10:07:2C:E9:6E:82:D7:58:1B:E4:36:E6:39:A7:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiax73QQByzpboLXWBvkNuY5p8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/DIE8I2jSYJw1iPn53kJ95RcCbxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/fiax73QQByzpboLXWBvkNuY5p8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a180:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:ed:f0:e7:8c:54:3f:12:7c:37:b7:be:b2:16:74:92:70:00:
         40:7c:b4:64:d7:21:cd:b1:3f:ef:be:7f:35:ee:7d:25:12:6e:
         33:2a:65:b4:fc:37:dd:ae:c3:ca:11:93:8a:5d:e8:63:df:c3:
         9f:8b:15:b0:81:a7:1d:0f:dd:ec:5e:ba:f0:70:e6:9f:17:a0:
         26:a8:c8:bb:fa:e7:c2:23:47:b9:5a:ab:73:eb:13:88:63:89:
         54:6f:20:2c:eb:70:4a:d2:fe:9b:66:1d:db:01:9d:97:3f:15:
         3f:cd:6a:95:ae:6b:63:64:13:ef:4f:c6:6f:e3:0b:8a:88:55:
         79:c9:b0:e0:ea:58:06:74:67:1f:56:af:74:26:95:81:e7:34:
         c5:62:09:60:26:dd:bc:e0:7e:21:c3:f7:31:8f:df:43:68:c7:
         60:41:48:a2:99:e8:50:dd:1a:7c:6b:1d:24:d0:16:1a:5c:a6:
         99:04:c8:93:d0:bc:51:fc:c9:c9:43:de:60:2c:5d:04:9b:cf:
         8c:19:3d:41:bf:87:b9:62:89:82:fb:18:ba:32:05:36:a3:83:
         be:f3:99:e5:e7:2a:47:ec:9c:d5:79:18:22:d6:97:e8:b5:97:
         b1:9e:fc:f9:a8:e0:71:12:57:71:d6:49:b6:3b:f3:3d:f4:1f:
         8e:bf:3e:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZY02LZ524lVG0U8ZYsjdtQcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjZiMWVmNzQxMDA3MmNlOTZlODJkNzU4MWJlNDM2ZTYz
OWE3YzQwHhcNMjUwNDE0MTUwODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzgxM2MyMzY4ZDI2MDljMzU4OGY5ZjlkZTQyN2RlNTE3MDI2ZjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43Ao0mqKM52satotDXfyJ6D+Qe7J
+mKV5uObVHZJTiOQ8GTJk6/YO6w5Q6mgvF6rVWATPxCFIDpxKWn+USuVFfFbs3tZ
yC07J66AaH0b6b6LypbXzeAl3B6nUpaEBvKHfWE7nyhD0PEGTqChT2wpgzW4xBjB
RjKT1KGztqCXg4kW+aUOWd26MpRfhwNHgPc82N6CWWLKXsiIOfEr2M2JkCHjBlDP
x6oS2x/Mm03lWzPnHoYxtpnqNqGTtjDLIKygwCQ/U5dECaqw7AVomHLTU5e2K+j6
iq+qCtaRcfyvu0TSOnglxgqrLOZ1iYFtwg6ZNccMDmRJJ8COCvFZdm67zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAyBPCNo0mCcNYj5+d5CfeUXAm8aMB8GA1UdIwQY
MBaAFH4mse90EAcs6W6C11gb5DbmOafEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlheDczUVFCeXpwYm9MWFdCdmtOdVk1cDhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9jYWM2M2MtNTVlNS00MTU0LTg4NzYt
OGMzMmMzNTFlZTcwLzEvRElFOEkyalNZSncxaVBuNTNrSjk1UmNDYnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9jYWM2M2MtNTVlNS00MTU0LTg4NzYtOGMzMmMzNTFlZTcw
LzEvZmlheDczUVFCeXpwYm9MWFdCdmtOdVk1cDhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgahgAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAG7fDnjFQ/Enw3t76yFnSScABAfLRk1yHNsT/v
vn817n0lEm4zKmW0/DfdrsPKEZOKXehj38OfixWwgacdD93sXrrwcOafF6AmqMi7
+ufCI0e5Wqtz6xOIY4lUbyAs63BK0v6bZh3bAZ2XPxU/zWqVrmtjZBPvT8Zv4wuK
iFV5ybDg6lgGdGcfVq90JpWB5zTFYglgJt284H4hw/cxj99DaMdgQUiimehQ3Rp8
ax0k0BYaXKaZBMiT0LxR/MnJQ95gLF0Em8+MGT1Bv4e5YomC+xi6MgU2o4O+85nl
5ypH7JzVeRgi1pfotZexnvz5qOBxEldx1km2O/M99B+Ovz5K
-----END CERTIFICATE-----