Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/c9sXvnnFKQwKh05j0TaYAQugLQM.roa
File:                     c9sXvnnFKQwKh05j0TaYAQugLQM.roa (raw, json)
Hash identifier:          eyB+ysjYhGow5lnf5FUGFEiyTh1wZN2qzaaHi/6zhTQ=
Subject key identifier:   73:DB:17:BE:79:C5:29:0C:0A:87:4E:63:D1:36:98:01:0B:A0:2D:03
Certificate issuer:       /CN=03c33e43ef56527a169d6ac6d7e62c63d1973051
Certificate serial:       01942823630BB1EAE27DF050EE93298FB0AD
Authority key identifier: 03:C3:3E:43:EF:56:52:7A:16:9D:6A:C6:D7:E6:2C:63:D1:97:30:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/c9sXvnnFKQwKh05j0TaYAQugLQM.roa
Signing time:             Thu 02 Jan 2025 17:49:55 +0000
ROA not before:           Thu 02 Jan 2025 17:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204010
IP address blocks:        2a05:907:5000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:63:0b:b1:ea:e2:7d:f0:50:ee:93:29:8f:b0:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03c33e43ef56527a169d6ac6d7e62c63d1973051
        Validity
            Not Before: Jan  2 17:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73db17be79c5290c0a874e63d13698010ba02d03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:dd:75:78:33:f3:ff:b5:ae:70:b7:9f:74:5a:
                    72:54:1d:60:e0:59:81:68:ea:66:ec:10:bc:95:7a:
                    6b:4b:71:65:b7:18:4e:44:01:2f:05:a2:15:c7:54:
                    ee:f4:c0:5f:93:0d:a8:09:7c:06:41:d2:b2:85:c1:
                    80:27:85:c2:b6:25:c1:a6:a7:b1:d9:b3:6f:33:d3:
                    c6:c8:fd:d2:29:cc:d5:5f:75:30:2f:33:b0:5d:3c:
                    14:32:56:44:84:d0:4b:95:e3:fc:f8:1e:3e:02:31:
                    08:08:82:0c:64:19:8a:b0:6c:72:97:dc:24:3b:48:
                    a3:dc:a5:58:75:03:4e:be:c4:6b:45:eb:d9:25:5f:
                    fc:70:e5:b0:21:b1:86:9e:dd:42:f6:ec:cd:fe:50:
                    21:c5:af:d1:37:a2:86:31:28:f9:7a:40:f7:d5:33:
                    6f:af:8e:d1:aa:a8:ec:37:01:11:3a:66:2b:91:91:
                    86:63:a5:cd:5c:af:f0:c7:b8:39:22:e8:4e:44:c1:
                    59:f1:46:24:63:fb:22:7c:e2:89:d9:af:60:93:6a:
                    e6:f8:98:24:00:ea:63:d9:e0:7d:ce:d2:e4:f4:2b:
                    0e:f9:1c:8b:98:73:aa:77:f9:8e:24:16:cc:d0:e6:
                    3d:73:88:de:5a:57:22:c1:d0:5d:db:de:29:44:e1:
                    70:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:DB:17:BE:79:C5:29:0C:0A:87:4E:63:D1:36:98:01:0B:A0:2D:03
            X509v3 Authority Key Identifier:
                keyid:03:C3:3E:43:EF:56:52:7A:16:9D:6A:C6:D7:E6:2C:63:D1:97:30:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/c9sXvnnFKQwKh05j0TaYAQugLQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:907:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         5f:17:e7:33:3a:a1:63:ce:a4:3e:b2:ba:80:78:d3:d6:73:69:
         68:59:a4:77:0f:96:6a:84:6e:26:26:65:2a:c6:d2:1b:70:13:
         23:27:ac:5f:8c:5f:69:76:28:01:51:cd:9a:41:a0:07:4a:3e:
         29:ee:89:16:d9:5f:d1:ae:90:11:60:fc:66:b1:93:31:03:91:
         ac:76:31:90:18:e4:f4:84:92:c6:e9:f4:b4:9a:d2:12:9a:d0:
         a4:d9:89:37:fd:fb:7d:d9:c2:2d:d4:9d:08:e1:0f:71:e3:53:
         ab:64:79:cc:3d:ce:4f:9a:3c:1d:6f:a0:cb:f4:35:2f:72:6f:
         09:99:6f:c0:11:3a:e5:df:ba:93:da:67:e5:84:12:9e:32:46:
         84:d9:09:3b:79:a9:2f:e7:0e:84:28:a5:ba:7b:c8:24:cf:5a:
         77:0e:fe:93:27:44:38:64:51:ce:c1:cb:20:82:cd:19:df:73:
         2e:39:f0:db:70:b7:1a:bd:50:84:9e:90:82:0c:b0:63:eb:77:
         aa:64:05:41:18:11:64:80:8f:ba:01:4a:14:dc:2c:f5:13:a9:
         6b:99:60:11:5d:ad:b2:73:63:ce:ce:3e:f3:90:50:53:dd:5b:
         c9:43:15:ec:a8:e4:59:ec:e9:84:30:53:2d:6c:15:7e:e4:d7:
         9b:c6:38:94
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQoI2MLseriffBQ7pMpj7CtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzYzMzZTQzZWY1NjUyN2ExNjlkNmFjNmQ3ZTYyYzYzZDE5
NzMwNTEwHhcNMjUwMTAyMTc0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2RiMTdiZTc5YzUyOTBjMGE4NzRlNjNkMTM2OTgwMTBiYTAyZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5N11eDPz/7WucLefdFpyVB1g4FmB
aOpm7BC8lXprS3FltxhORAEvBaIVx1Tu9MBfkw2oCXwGQdKyhcGAJ4XCtiXBpqex
2bNvM9PGyP3SKczVX3UwLzOwXTwUMlZEhNBLleP8+B4+AjEICIIMZBmKsGxyl9wk
O0ij3KVYdQNOvsRrRevZJV/8cOWwIbGGnt1C9uzN/lAhxa/RN6KGMSj5ekD31TNv
r47RqqjsNwEROmYrkZGGY6XNXK/wx7g5IuhORMFZ8UYkY/sifOKJ2a9gk2rm+Jgk
AOpj2eB9ztLk9CsO+RyLmHOqd/mOJBbM0OY9c4jeWlciwdBd294pROFw2wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHPbF755xSkMCodOY9E2mAELoC0DMB8GA1UdIwQY
MBaAFAPDPkPvVlJ6Fp1qxtfmLGPRlzBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQThNLVEtOVdVbm9XbldyRzEtWXNZOUdYTUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jMTdjMTUtYTE0Mi00YjM3LWI4ZmUt
YTNhM2ViODc5ZjJiLzEvYzlzWHZubkZLUXdLaDA1ajBUYVlBUXVnTFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jMTdjMTUtYTE0Mi00YjM3LWI4ZmUtYTNhM2ViODc5ZjJi
LzEvQThNLVEtOVdVbm9XbldyRzEtWXNZOUdYTUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgUJB1Aw
DQYJKoZIhvcNAQELBQADggEBAF8X5zM6oWPOpD6yuoB409ZzaWhZpHcPlmqEbiYm
ZSrG0htwEyMnrF+MX2l2KAFRzZpBoAdKPinuiRbZX9GukBFg/GaxkzEDkax2MZAY
5PSEksbp9LSa0hKa0KTZiTf9+33Zwi3UnQjhD3HjU6tkecw9zk+aPB1voMv0NS9y
bwmZb8AROuXfupPaZ+WEEp4yRoTZCTt5qS/nDoQopbp7yCTPWncO/pMnRDhkUc7B
yyCCzRnfcy458Ntwtxq9UISekIIMsGPrd6pkBUEYEWSAj7oBShTcLPUTqWuZYBFd
rbJzY87OPvOQUFPdW8lDFeyo5Fns6YQwUy1sFX7k15vGOJQ=
-----END CERTIFICATE-----