Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/CDhfXiWmp-7DWGHRLkI1RXpNMUw.roa
File:                     CDhfXiWmp-7DWGHRLkI1RXpNMUw.roa (raw, json)
Hash identifier:          BdyrC92HV6fMOkqwdnwWMjP4WPGwGQmddKXw8S//IY4=
Subject key identifier:   08:38:5F:5E:25:A6:A7:EE:C3:58:61:D1:2E:42:35:45:7A:4D:31:4C
Certificate issuer:       /CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
Certificate serial:       0194E0EBD956949521D73B491DD4555F695F
Authority key identifier: B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/CDhfXiWmp-7DWGHRLkI1RXpNMUw.roa
Signing time:             Fri 07 Feb 2025 14:59:00 +0000
ROA not before:           Fri 07 Feb 2025 14:59:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213454
IP address blocks:        2a01:f900:103::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:e0:eb:d9:56:94:95:21:d7:3b:49:1d:d4:55:5f:69:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
        Validity
            Not Before: Feb  7 14:59:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08385f5e25a6a7eec35861d12e4235457a4d314c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:1f:3e:6a:43:fb:5c:cc:09:c2:b8:a1:4d:62:
                    20:51:aa:38:ef:24:93:27:e3:a6:96:54:5d:f8:bd:
                    48:2a:cb:e5:ea:d4:df:88:1a:7f:5f:3d:b7:ed:ac:
                    75:04:06:63:81:4d:d2:20:94:11:31:51:1c:1a:b1:
                    9c:cb:2d:c0:1a:9f:66:fd:39:04:ff:23:73:5d:83:
                    32:72:47:48:34:fc:d4:54:7c:96:a0:21:b1:e3:3c:
                    58:20:90:da:96:8b:da:13:12:a1:0d:db:4b:16:3c:
                    17:54:e0:9a:8a:a6:cf:60:1b:d0:f9:7e:8d:12:51:
                    45:b2:ea:83:fa:9d:08:74:bd:c8:aa:32:15:b8:22:
                    40:d5:38:8a:ac:17:70:bc:04:a7:b8:bf:d0:d3:a4:
                    e0:c9:da:8b:19:89:66:f6:4c:06:1a:66:dd:73:87:
                    b0:f9:c1:33:db:61:1d:b4:37:61:e4:01:ae:a6:3b:
                    68:7d:59:b4:a0:42:3a:85:4b:a3:6a:0a:82:f7:36:
                    cc:4b:da:79:b0:fe:65:c7:b6:60:6d:22:8f:fc:85:
                    2b:27:dc:fb:6b:67:c6:13:fc:18:96:ec:f8:13:f9:
                    1b:02:c9:0c:bb:27:de:05:87:ae:e3:0b:b1:39:0a:
                    ad:64:75:ca:49:b7:56:af:0f:9e:8f:85:04:8c:35:
                    14:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:38:5F:5E:25:A6:A7:EE:C3:58:61:D1:2E:42:35:45:7A:4D:31:4C
            X509v3 Authority Key Identifier:
                keyid:B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/CDhfXiWmp-7DWGHRLkI1RXpNMUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f900:103::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:fd:42:88:fe:4d:10:60:23:5d:e5:59:75:a2:7b:88:ba:7e:
         96:db:09:0f:db:26:be:7b:fd:ff:c2:2a:7e:2a:23:ba:c1:b9:
         a2:60:63:c6:3a:11:51:22:7a:f6:48:88:93:78:ff:22:e8:45:
         33:f3:1c:79:a0:dd:c0:c0:f1:fd:55:8e:37:e6:30:fa:8a:0e:
         e2:96:bb:5a:d8:c6:0f:66:dd:2d:a4:46:36:9a:27:a3:da:84:
         7e:95:1c:c1:9b:61:a5:a0:2c:f6:87:62:d0:d5:07:28:8c:9a:
         b9:1d:88:f8:3d:69:5c:51:f0:44:d3:60:1c:eb:17:c2:bf:28:
         09:6b:c8:be:08:b9:91:b3:a9:10:09:14:44:a5:7a:f8:8e:85:
         cf:3f:d5:4f:79:5c:00:a3:96:35:3f:a8:2e:51:d0:ce:97:6f:
         4c:04:8a:6f:11:9b:32:60:df:a0:9e:3d:b9:d1:e9:bb:9e:ef:
         1d:ce:3f:00:dd:c8:d7:4c:2b:ae:83:de:36:e0:1b:c4:d1:ec:
         f7:7d:e2:bf:5a:f3:4e:b4:7c:b4:32:67:64:e5:dd:86:3b:9c:
         79:b9:67:a1:4f:87:17:0e:b6:09:ae:5a:89:5f:45:62:de:c8:
         b0:93:b8:a1:3a:38:bb:6e:ed:d4:1b:b8:18:51:2f:a5:00:5c:
         e3:94:ff:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZTg69lWlJUh1ztJHdRVX2lfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjU2ZDEwY2NhZDlkNjljMDE4NTZiZTBhZmFhMTdlYzY4
MmFjYmYwHhcNMjUwMjA3MTQ1OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODM4NWY1ZTI1YTZhN2VlYzM1ODYxZDEyZTQyMzU0NTdhNGQzMTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3h8+akP7XMwJwrihTWIgUao47yST
J+OmllRd+L1IKsvl6tTfiBp/Xz237ax1BAZjgU3SIJQRMVEcGrGcyy3AGp9m/TkE
/yNzXYMyckdINPzUVHyWoCGx4zxYIJDalovaExKhDdtLFjwXVOCaiqbPYBvQ+X6N
ElFFsuqD+p0IdL3IqjIVuCJA1TiKrBdwvASnuL/Q06TgydqLGYlm9kwGGmbdc4ew
+cEz22EdtDdh5AGupjtofVm0oEI6hUujagqC9zbMS9p5sP5lx7ZgbSKP/IUrJ9z7
a2fGE/wYluz4E/kbAskMuyfeBYeu4wuxOQqtZHXKSbdWrw+ej4UEjDUULQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAg4X14lpqfuw1hh0S5CNUV6TTFMMB8GA1UdIwQY
MBaAFLC1bRDMrZ1pwBhWvgr6oX7Ggqy/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYt
YTE5Y2M4YTc2ZDA0LzEvQ0RoZlhpV21wLTdEV0dIUkxrSTFSWHBOTVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYtYTE5Y2M4YTc2ZDA0
LzEvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgH5AAED
MA0GCSqGSIb3DQEBCwUAA4IBAQAz/UKI/k0QYCNd5Vl1onuIun6W2wkP2ya+e/3/
wip+KiO6wbmiYGPGOhFRInr2SIiTeP8i6EUz8xx5oN3AwPH9VY435jD6ig7ilrta
2MYPZt0tpEY2miej2oR+lRzBm2GloCz2h2LQ1QcojJq5HYj4PWlcUfBE02Ac6xfC
vygJa8i+CLmRs6kQCRREpXr4joXPP9VPeVwAo5Y1P6guUdDOl29MBIpvEZsyYN+g
nj250em7nu8dzj8A3cjXTCuug9424BvE0ez3feK/WvNOtHy0Mmdk5d2GO5x5uWeh
T4cXDrYJrlqJX0Vi3siwk7ihOji7bu3UG7gYUS+lAFzjlP8z
-----END CERTIFICATE-----