Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/zNNg038UFfEY9NFH791kAGkTEyQ.roa
File:                     zNNg038UFfEY9NFH791kAGkTEyQ.roa (raw, json)
Hash identifier:          DPthEHZwIWuER39PoW1q82KX77P15O59a2/uPQsrelg=
Subject key identifier:   CC:D3:60:D3:7F:14:15:F1:18:F4:D1:47:EF:DD:64:00:69:13:13:24
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       019422FB13F9E653EC26CE3DF25E4B0D696E
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/zNNg038UFfEY9NFH791kAGkTEyQ.roa
Signing time:             Wed 01 Jan 2025 17:47:47 +0000
ROA not before:           Wed 01 Jan 2025 17:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25016
IP address blocks:        2a02:20c8:9880::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 22:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:13:f9:e6:53:ec:26:ce:3d:f2:5e:4b:0d:69:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Jan  1 17:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccd360d37f1415f118f4d147efdd640069131324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:00:fb:e6:3c:a2:3e:33:ea:3b:b4:aa:f8:37:
                    77:4d:3c:99:fa:0b:a3:36:85:42:92:10:b6:8c:d7:
                    1c:a5:16:c4:8a:83:28:5f:fe:89:3f:ea:fd:81:93:
                    62:ce:0d:4b:0f:61:4e:dc:7e:33:bd:de:d1:59:44:
                    cd:24:66:a6:b8:1a:a9:f3:58:fd:68:17:84:b7:19:
                    34:05:cb:be:3e:a7:10:be:1f:25:e9:20:68:2a:5f:
                    7a:0e:c6:d3:4d:5a:cd:e1:1d:84:67:01:3e:93:cd:
                    f7:d0:03:97:a3:42:6a:80:9c:0f:2a:a2:2f:51:04:
                    d9:67:d2:b3:d0:9a:cd:ea:73:c2:f3:96:ce:07:92:
                    9f:67:32:fd:3f:d8:b4:b1:4d:b8:21:3f:d1:51:b6:
                    58:eb:47:c8:e6:9d:0c:07:a7:9b:f5:38:5a:e4:d6:
                    8b:ff:61:44:6b:1b:43:6e:6f:45:39:69:64:7b:6a:
                    41:c3:e7:35:d8:b8:1b:e4:19:33:bd:c8:51:38:df:
                    d1:56:ad:b0:1e:33:cf:87:d9:72:c0:13:19:03:24:
                    80:20:1a:e0:9d:55:fd:39:fc:d1:fe:96:d7:ad:31:
                    83:a2:89:c5:8b:4b:90:ce:f9:d2:a6:4c:a3:d0:ca:
                    5e:cb:fa:db:21:10:7a:dd:de:71:fb:6f:d4:16:c6:
                    c3:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:D3:60:D3:7F:14:15:F1:18:F4:D1:47:EF:DD:64:00:69:13:13:24
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/zNNg038UFfEY9NFH791kAGkTEyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:20c8:9880::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:a9:55:11:24:6e:49:d2:1f:e4:94:87:09:d4:c4:1f:ec:da:
         65:d8:86:0b:ef:c9:87:53:b1:11:d5:e5:dd:36:3f:8a:f3:cf:
         3c:b4:8c:4d:ab:2a:b1:d1:9d:57:5b:85:c5:b2:92:ce:1f:49:
         82:93:86:3b:8c:97:8a:83:1f:97:2a:32:44:c1:2f:5f:6a:38:
         3b:14:57:c1:fe:77:27:b9:37:19:83:72:3e:08:17:80:3f:a0:
         26:1a:ae:3d:01:50:29:e7:ea:78:4e:c3:2e:c4:73:b4:b9:cb:
         23:23:51:5e:09:5d:36:9c:f5:fb:41:1d:0f:d7:ff:2c:5f:09:
         8a:a6:b1:3e:89:b1:b8:58:75:8d:db:4c:41:19:49:e0:46:c5:
         87:61:62:98:33:4c:57:a8:ff:03:3d:e1:a3:03:e2:12:8c:0f:
         5d:89:5c:8b:7b:f4:16:e2:ff:c1:27:4b:cf:a7:f5:1c:9c:b2:
         33:cf:cd:85:7c:c3:1a:f9:bf:ab:4d:86:a8:96:d6:86:eb:c8:
         8d:59:28:17:68:94:7b:0d:68:ad:30:b8:4b:00:64:74:c8:3f:
         24:aa:23:89:bf:7e:b5:b4:86:da:1c:a3:41:93:3e:56:0a:ee:
         b4:a6:ad:87:10:60:61:f4:ea:2f:cb:50:5d:c6:68:b0:56:16:
         95:07:5b:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+xP55lPsJs498l5LDWluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjUwMTAxMTc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2QzNjBkMzdmMTQxNWYxMThmNGQxNDdlZmRkNjQwMDY5MTMxMzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQD75jyiPjPqO7Sq+Dd3TTyZ+guj
NoVCkhC2jNccpRbEioMoX/6JP+r9gZNizg1LD2FO3H4zvd7RWUTNJGamuBqp81j9
aBeEtxk0Bcu+PqcQvh8l6SBoKl96DsbTTVrN4R2EZwE+k8330AOXo0JqgJwPKqIv
UQTZZ9Kz0JrN6nPC85bOB5KfZzL9P9i0sU24IT/RUbZY60fI5p0MB6eb9Tha5NaL
/2FEaxtDbm9FOWlke2pBw+c12Lgb5BkzvchRON/RVq2wHjPPh9lywBMZAySAIBrg
nVX9OfzR/pbXrTGDoonFi0uQzvnSpkyj0Mpey/rbIRB63d5x+2/UFsbDoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMzTYNN/FBXxGPTRR+/dZABpExMkMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvek5OZzAzOFVGZkVZOU5GSDc5MWtBR2tURXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIgyJiA
MA0GCSqGSIb3DQEBCwUAA4IBAQB/qVURJG5J0h/klIcJ1MQf7Npl2IYL78mHU7ER
1eXdNj+K8888tIxNqyqx0Z1XW4XFspLOH0mCk4Y7jJeKgx+XKjJEwS9fajg7FFfB
/ncnuTcZg3I+CBeAP6AmGq49AVAp5+p4TsMuxHO0ucsjI1FeCV02nPX7QR0P1/8s
XwmKprE+ibG4WHWN20xBGUngRsWHYWKYM0xXqP8DPeGjA+ISjA9diVyLe/QW4v/B
J0vPp/UcnLIzz82FfMMa+b+rTYaoltaG68iNWSgXaJR7DWitMLhLAGR0yD8kqiOJ
v361tIbaHKNBkz5WCu60pq2HEGBh9Oovy1BdxmiwVhaVB1t9
-----END CERTIFICATE-----