Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/3FxSbQNJYQgzhy1DLels_XrO1cU.roa
File:                     3FxSbQNJYQgzhy1DLels_XrO1cU.roa (raw, json)
Hash identifier:          UQB7F2ZYH+kcV/qXkBrQTc0Ry4hoRMUXYEZvpQAfsoM=
Subject key identifier:   DC:5C:52:6D:03:49:61:08:33:87:2D:43:2D:E9:6C:FD:7A:CE:D5:C5
Certificate issuer:       /CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
Certificate serial:       019427482B14E4DA48319328A697EDFF7B92
Authority key identifier: 56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/3FxSbQNJYQgzhy1DLels_XrO1cU.roa
Signing time:             Thu 02 Jan 2025 13:50:28 +0000
ROA not before:           Thu 02 Jan 2025 13:50:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212577
IP address blocks:        2a10:fa81:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:2b:14:e4:da:48:31:93:28:a6:97:ed:ff:7b:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
        Validity
            Not Before: Jan  2 13:50:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc5c526d0349610833872d432de96cfd7aced5c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bb:9e:19:58:23:75:06:c2:b6:9d:84:8c:1c:
                    fe:48:63:f5:51:19:dc:d7:2f:84:3b:87:6b:41:75:
                    5e:bb:7f:2e:c1:cf:f7:5d:e7:b6:c7:ae:a9:04:c4:
                    29:3b:52:52:9a:59:12:5c:89:ad:31:d1:d2:be:0e:
                    8e:6a:89:d8:69:cb:47:78:3e:86:81:e1:4a:ae:d4:
                    db:43:87:6d:07:a9:50:f3:eb:32:00:9f:dc:91:e8:
                    a5:46:4d:d9:f5:68:7d:5c:b4:1e:3c:bc:97:b6:d0:
                    3f:b2:ad:57:e5:37:0c:e8:38:6d:a2:94:ba:7c:52:
                    a6:d1:01:4a:b8:0a:20:a7:5d:b0:7a:8c:2c:03:b5:
                    f0:e3:98:01:26:95:40:07:a8:0c:0b:56:e3:0a:2b:
                    e9:70:f2:c9:6f:cb:a1:4d:16:b3:1d:72:45:40:67:
                    5b:3e:2c:16:6b:2f:9b:82:49:7e:52:f7:f6:a8:ff:
                    3b:9a:a9:b8:1b:f7:45:c6:44:4f:d0:e7:9b:63:b6:
                    b1:11:cb:e7:db:26:48:73:6b:fd:33:de:ce:eb:e5:
                    64:ba:15:6f:53:31:51:74:8a:b3:91:8a:d5:54:99:
                    85:11:08:e5:ed:c7:b9:81:c1:5d:4c:98:3e:ca:3d:
                    32:0c:f1:92:3e:11:04:77:8f:28:b7:db:1f:57:b8:
                    94:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:5C:52:6D:03:49:61:08:33:87:2D:43:2D:E9:6C:FD:7A:CE:D5:C5
            X509v3 Authority Key Identifier:
                keyid:56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/3FxSbQNJYQgzhy1DLels_XrO1cU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fa81:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:0b:d7:04:4d:0d:3d:25:38:56:d8:d5:e8:58:d4:f6:2f:c4:
         58:6d:b8:3e:cd:82:89:12:8e:84:69:be:b3:b4:ba:a4:34:65:
         da:8f:5f:76:28:c1:23:bc:1b:e8:7b:e1:5c:c2:63:9b:27:35:
         ac:c4:20:26:60:70:4f:8c:71:53:e1:97:bf:ed:15:bf:b3:f1:
         9f:05:0d:e1:2f:f6:d2:be:34:8b:1b:20:4d:5a:3f:b1:92:ff:
         b9:96:cd:13:c7:57:07:1b:ea:f7:2d:c8:1b:45:9d:74:b9:09:
         e3:5d:fe:74:1a:d8:12:a5:b7:dd:7a:d7:d2:26:62:d3:b7:c1:
         c5:b0:43:01:cb:93:57:a7:16:32:de:8d:a6:cd:29:2a:df:63:
         6a:99:ac:91:31:53:62:87:43:27:a5:5e:1e:0d:10:da:15:ad:
         01:0c:69:8d:02:e8:16:ab:71:4d:86:d6:1d:56:c9:b6:72:d1:
         e7:1e:8a:c4:c7:01:0c:e5:ce:95:28:ee:de:f6:a4:dc:63:16:
         71:eb:4c:17:19:8b:5c:e5:f6:92:04:d0:d2:6c:62:e0:95:7a:
         2f:ec:9d:ea:27:1c:2c:04:02:20:bc:61:ae:a2:29:45:5d:d3:
         ff:42:e4:ea:06:eb:5e:6c:10:d2:d9:2c:72:78:b5:44:1e:ae:
         b1:71:b5:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnSCsU5NpIMZMoppft/3uSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTliMGJhODQwN2JlMTFjZmM5MTFiZDMxZWQxNDBjZDFj
NjA0NmMwHhcNMjUwMTAyMTM1MDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzVjNTI2ZDAzNDk2MTA4MzM4NzJkNDMyZGU5NmNmZDdhY2VkNWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bueGVgjdQbCtp2EjBz+SGP1URnc
1y+EO4drQXVeu38uwc/3Xee2x66pBMQpO1JSmlkSXImtMdHSvg6OaonYactHeD6G
geFKrtTbQ4dtB6lQ8+syAJ/ckeilRk3Z9Wh9XLQePLyXttA/sq1X5TcM6DhtopS6
fFKm0QFKuAogp12weowsA7Xw45gBJpVAB6gMC1bjCivpcPLJb8uhTRazHXJFQGdb
PiwWay+bgkl+Uvf2qP87mqm4G/dFxkRP0OebY7axEcvn2yZIc2v9M97O6+VkuhVv
UzFRdIqzkYrVVJmFEQjl7ce5gcFdTJg+yj0yDPGSPhEEd48ot9sfV7iU2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNxcUm0DSWEIM4ctQy3pbP16ztXFMB8GA1UdIwQY
MBaAFFZZsLqEB74Rz8kRvTHtFAzRxgRsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEt
MjM5NGM2NjAwMDIyLzEvM0Z4U2JRTkpZUWd6aHkxRExlbHNfWHJPMWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEtMjM5NGM2NjAwMDIy
LzEvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhD6gQAD
MA0GCSqGSIb3DQEBCwUAA4IBAQAgC9cETQ09JThW2NXoWNT2L8RYbbg+zYKJEo6E
ab6ztLqkNGXaj192KMEjvBvoe+FcwmObJzWsxCAmYHBPjHFT4Ze/7RW/s/GfBQ3h
L/bSvjSLGyBNWj+xkv+5ls0Tx1cHG+r3LcgbRZ10uQnjXf50GtgSpbfdetfSJmLT
t8HFsEMBy5NXpxYy3o2mzSkq32NqmayRMVNih0MnpV4eDRDaFa0BDGmNAugWq3FN
htYdVsm2ctHnHorExwEM5c6VKO7e9qTcYxZx60wXGYtc5faSBNDSbGLglXov7J3q
JxwsBAIgvGGuoilFXdP/QuTqButebBDS2SxyeLVEHq6xcbWy
-----END CERTIFICATE-----