Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/y7BcwDEAXqOJr6z4aNGCsX7xfw0.roa
File:                     y7BcwDEAXqOJr6z4aNGCsX7xfw0.roa (raw, json)
Hash identifier:          NHC7ZwJSkEI3d9bNJO6OCWV6hxqIR1IsXwJaROvY2+s=
Subject key identifier:   CB:B0:5C:C0:31:00:5E:A3:89:AF:AC:F8:68:D1:82:B1:7E:F1:7F:0D
Certificate issuer:       /CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
Certificate serial:       0195CC96318C786B08741CF61858D49DEB4E
Authority key identifier: 8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/y7BcwDEAXqOJr6z4aNGCsX7xfw0.roa
Signing time:             Tue 25 Mar 2025 09:15:49 +0000
ROA not before:           Tue 25 Mar 2025 09:15:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202885
IP address blocks:        2a0e:6b00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cc:96:31:8c:78:6b:08:74:1c:f6:18:58:d4:9d:eb:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
        Validity
            Not Before: Mar 25 09:15:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbb05cc031005ea389afacf868d182b17ef17f0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b2:75:8c:1f:9d:7e:c1:ec:a9:c8:da:af:1b:
                    56:ea:db:3a:63:f6:68:22:0b:34:a3:fc:7c:0d:3a:
                    26:ca:21:44:2a:2a:54:74:9d:81:01:2e:1a:1b:ac:
                    38:e2:4e:77:16:e9:9a:b6:c8:00:36:fd:0c:4f:3f:
                    20:ed:09:24:aa:73:8a:a9:de:d6:23:b7:d2:bf:f9:
                    b3:0d:f9:8d:34:07:06:08:a2:9d:55:44:79:e7:10:
                    2f:2c:47:8d:32:63:40:4a:f3:f0:4a:36:7c:cd:bc:
                    ef:d2:82:5a:a2:11:eb:68:c0:bb:bf:ac:78:d1:c1:
                    a4:74:f4:bd:ad:27:6a:50:34:b4:ef:2c:fb:f6:7b:
                    5f:0c:9d:97:ed:0b:93:85:a6:ba:8a:e0:c3:ba:3d:
                    8e:77:d8:c3:5f:6d:cf:2a:18:0a:e7:e4:75:88:08:
                    29:de:86:d7:be:79:3d:ea:46:8f:ee:db:cb:04:d1:
                    5d:9c:a5:eb:3d:73:7e:49:22:4c:87:fb:8e:33:f2:
                    88:0c:ff:59:bc:dd:c5:11:c6:cc:d4:94:33:1b:2c:
                    f1:0a:98:2a:04:c7:d4:60:64:99:7c:74:44:5c:59:
                    77:f7:b7:65:59:e3:df:13:49:5e:ee:24:94:b9:48:
                    26:e1:17:78:e3:ed:6b:65:48:4a:d3:06:ea:5b:ed:
                    1b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:B0:5C:C0:31:00:5E:A3:89:AF:AC:F8:68:D1:82:B1:7E:F1:7F:0D
            X509v3 Authority Key Identifier:
                keyid:8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/y7BcwDEAXqOJr6z4aNGCsX7xfw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:6b00::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:47:38:37:86:32:41:78:0a:6a:6c:78:78:4c:40:cb:9b:06:
         5d:a1:93:12:e6:47:30:b2:cd:c3:32:07:70:3f:db:2a:0d:92:
         e8:15:fa:35:b8:04:b1:df:aa:6d:62:b8:aa:5a:6e:02:8b:d1:
         14:18:98:8d:5e:cb:00:9d:70:af:02:6d:bf:42:99:dc:ed:c9:
         ce:a2:95:92:d6:0e:75:1d:98:89:81:55:c0:97:0a:67:01:83:
         1e:18:dd:1d:62:ae:62:10:ed:07:55:03:13:0a:18:8f:cc:2c:
         f7:95:d6:44:9e:16:7a:d2:5e:54:de:93:dc:05:da:42:55:38:
         da:1e:9b:af:42:ea:91:b3:b7:ed:69:d5:af:7f:66:3e:9c:0e:
         38:57:16:bd:82:b0:8e:9a:7f:45:47:bd:e5:82:2d:fb:ca:15:
         9b:79:95:86:eb:9c:9c:00:dd:13:35:21:0b:82:f2:1b:c1:d3:
         27:7f:fc:90:28:d0:0c:7d:0e:ac:97:55:eb:5c:f7:32:bc:5a:
         a3:70:6d:d3:d7:dd:a7:92:25:6b:d8:cf:2b:54:42:e0:d6:95:
         0f:48:50:86:0f:32:1e:28:38:af:75:46:e2:fe:1f:89:ac:6a:
         08:f2:3e:c1:56:3a:d0:2c:53:fc:f9:d7:0c:d9:bd:78:d8:7e:
         4f:6b:52:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZXMljGMeGsIdBz2GFjUnetOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYWI0YzBjZjIxYzFhM2Q2ZWE0MTA2OGNiZTkwOGJlMzg4
ZTQ1MGEwHhcNMjUwMzI1MDkxNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmIwNWNjMDMxMDA1ZWEzODlhZmFjZjg2OGQxODJiMTdlZjE3ZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7J1jB+dfsHsqcjarxtW6ts6Y/Zo
Igs0o/x8DTomyiFEKipUdJ2BAS4aG6w44k53FumatsgANv0MTz8g7QkkqnOKqd7W
I7fSv/mzDfmNNAcGCKKdVUR55xAvLEeNMmNASvPwSjZ8zbzv0oJaohHraMC7v6x4
0cGkdPS9rSdqUDS07yz79ntfDJ2X7QuThaa6iuDDuj2Od9jDX23PKhgK5+R1iAgp
3obXvnk96kaP7tvLBNFdnKXrPXN+SSJMh/uOM/KIDP9ZvN3FEcbM1JQzGyzxCpgq
BMfUYGSZfHREXFl397dlWePfE0le7iSUuUgm4Rd44+1rZUhK0wbqW+0bIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMuwXMAxAF6jia+s+GjRgrF+8X8NMB8GA1UdIwQY
MBaAFIqrTAzyHBo9bqQQaMvpCL44jkUKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMt
NTM3YjFiNDlkZmU3LzEveTdCY3dERUFYcU9KcjZ6NGFOR0NzWDd4ZncwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMtNTM3YjFiNDlkZmU3
LzEvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg5rAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCVRzg3hjJBeApqbHh4TEDLmwZdoZMS5kcwss3D
MgdwP9sqDZLoFfo1uASx36ptYriqWm4Ci9EUGJiNXssAnXCvAm2/Qpnc7cnOopWS
1g51HZiJgVXAlwpnAYMeGN0dYq5iEO0HVQMTChiPzCz3ldZEnhZ60l5U3pPcBdpC
VTjaHpuvQuqRs7ftadWvf2Y+nA44Vxa9grCOmn9FR73lgi37yhWbeZWG65ycAN0T
NSELgvIbwdMnf/yQKNAMfQ6sl1XrXPcyvFqjcG3T192nkiVr2M8rVELg1pUPSFCG
DzIeKDivdUbi/h+JrGoI8j7BVjrQLFP8+dcM2b142H5Pa1IV
-----END CERTIFICATE-----