Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/dOfaSe3fIYIhGR1xcwXjfUk3OeI.roa
File:                     dOfaSe3fIYIhGR1xcwXjfUk3OeI.roa (raw, json)
Hash identifier:          uz8UfxMH6M1zEnn7EFrd8TVCQANQpajV/Ux4YkN59Jk=
Subject key identifier:   74:E7:DA:49:ED:DF:21:82:21:19:1D:71:73:05:E3:7D:49:37:39:E2
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       0194274871D4CB7925121DEDFCCD5421A756
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/dOfaSe3fIYIhGR1xcwXjfUk3OeI.roa
Signing time:             Thu 02 Jan 2025 13:50:46 +0000
ROA not before:           Thu 02 Jan 2025 13:50:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203125
IP address blocks:        2a05:4741:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:71:d4:cb:79:25:12:1d:ed:fc:cd:54:21:a7:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 13:50:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74e7da49eddf218221191d717305e37d493739e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:7f:cc:a3:94:9d:1f:56:e8:db:b5:10:1e:28:
                    97:7c:ea:bf:65:8b:b8:d0:77:83:19:7b:93:44:c1:
                    a0:40:8f:18:2d:39:e1:bf:84:85:ff:d4:e6:cd:b3:
                    49:5e:53:f7:d5:8d:df:22:9b:32:26:a0:16:03:8a:
                    9a:ca:75:60:ee:f3:2c:1c:b4:ed:3e:da:38:e4:0a:
                    7f:2b:01:62:4b:be:c3:a5:7c:fa:02:e3:a1:8b:1b:
                    a5:6f:2a:71:8b:2a:d1:a1:87:20:0a:34:da:cb:82:
                    96:3c:9a:71:e2:00:eb:d8:fe:36:d8:7d:0c:a8:4e:
                    76:0f:49:e7:46:73:63:c9:ef:1e:c2:2f:f3:99:ac:
                    9f:d8:41:90:0d:5e:65:83:7f:82:fe:93:fc:1e:39:
                    ac:df:db:c4:52:d9:4c:c5:00:e3:04:fc:8d:8f:ba:
                    dc:34:ea:c4:e9:7b:fb:16:f6:3f:cf:8c:b3:3e:3b:
                    01:05:22:0e:f3:25:6f:09:82:0f:6a:1b:82:f1:6d:
                    26:d4:8b:e8:c9:9a:00:1f:e1:7b:2f:4c:3a:5c:f7:
                    9c:7f:4c:b9:05:7d:56:60:97:08:4d:3d:ae:1d:dd:
                    c3:e8:2a:ec:3b:06:e3:5d:23:0c:fd:cf:8a:cb:24:
                    64:1d:47:ed:4a:6f:e8:a6:1a:00:6a:80:61:12:05:
                    41:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E7:DA:49:ED:DF:21:82:21:19:1D:71:73:05:E3:7D:49:37:39:E2
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/dOfaSe3fIYIhGR1xcwXjfUk3OeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4741:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:be:09:00:d0:1e:8b:9d:5b:59:d8:cc:84:f8:59:5f:c4:b1:
         fe:0b:3f:74:9f:cc:8b:0c:b7:46:28:71:ee:00:86:d4:f1:4c:
         48:63:95:e6:47:5f:b7:c2:d0:40:e2:7e:b1:81:08:46:41:fb:
         aa:87:00:c5:a6:e6:1b:7f:c3:ae:25:b6:40:43:26:b9:40:28:
         a9:3e:05:6d:0f:2d:49:05:6b:06:67:59:65:f5:f2:2b:32:87:
         39:47:71:81:2d:cb:62:34:d9:77:a1:1c:16:a1:8e:2a:79:58:
         15:d7:33:55:49:c1:66:e8:03:f9:de:6f:56:86:5b:61:07:66:
         41:b9:77:88:37:59:2e:d7:9c:08:0b:fc:84:94:d8:ad:d1:2b:
         19:a6:24:c6:4d:98:64:be:b4:a7:0c:f3:3f:6a:7d:38:e6:3f:
         98:9d:c1:9b:d8:0c:74:da:32:b1:c2:87:1e:ec:4c:01:9f:83:
         6f:f1:42:d5:c4:bf:31:94:ae:f7:87:c2:e8:c9:94:9c:b9:fe:
         f8:8f:ea:83:da:62:5b:f1:d4:e8:82:1d:91:c1:ac:97:df:e4:
         af:6a:08:0a:b9:7a:f6:06:5f:0b:a0:21:67:4f:d3:09:42:68:
         79:24:21:6b:3d:36:6c:a9:59:88:2f:2d:10:c8:49:0f:47:01:
         54:42:18:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnSHHUy3klEh3t/M1UIadWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjUwMTAyMTM1MDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGU3ZGE0OWVkZGYyMTgyMjExOTFkNzE3MzA1ZTM3ZDQ5MzczOWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43/Mo5SdH1bo27UQHiiXfOq/ZYu4
0HeDGXuTRMGgQI8YLTnhv4SF/9TmzbNJXlP31Y3fIpsyJqAWA4qaynVg7vMsHLTt
Pto45Ap/KwFiS77DpXz6AuOhixulbypxiyrRoYcgCjTay4KWPJpx4gDr2P422H0M
qE52D0nnRnNjye8ewi/zmayf2EGQDV5lg3+C/pP8Hjms39vEUtlMxQDjBPyNj7rc
NOrE6Xv7FvY/z4yzPjsBBSIO8yVvCYIPahuC8W0m1IvoyZoAH+F7L0w6XPecf0y5
BX1WYJcITT2uHd3D6CrsOwbjXSMM/c+KyyRkHUftSm/ophoAaoBhEgVBswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHTn2knt3yGCIRkdcXMF431JNzniMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvZE9mYVNlM2ZJWUloR1IxeGN3WGpmVWszT2VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVHQQAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQCovgkA0B6LnVtZ2MyE+FlfxLH+Cz90n8yLDLdG
KHHuAIbU8UxIY5XmR1+3wtBA4n6xgQhGQfuqhwDFpuYbf8OuJbZAQya5QCipPgVt
Dy1JBWsGZ1ll9fIrMoc5R3GBLctiNNl3oRwWoY4qeVgV1zNVScFm6AP53m9Whlth
B2ZBuXeIN1ku15wIC/yElNit0SsZpiTGTZhkvrSnDPM/an045j+YncGb2Ax02jKx
woce7EwBn4Nv8ULVxL8xlK73h8LoyZScuf74j+qD2mJb8dTogh2RwayX3+SvaggK
uXr2Bl8LoCFnT9MJQmh5JCFrPTZsqVmILy0QyEkPRwFUQhj/
-----END CERTIFICATE-----