Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/XdTdNrqpdaVAtmK5mvyXOVnl3-Q.roa
File:                     XdTdNrqpdaVAtmK5mvyXOVnl3-Q.roa (raw, json)
Hash identifier:          niOmrxXQC8+P2ct60QeqjwhdtgOEKEYfRnrw9/VvT34=
Subject key identifier:   5D:D4:DD:36:BA:A9:75:A5:40:B6:62:B9:9A:FC:97:39:59:E5:DF:E4
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       019425FDB75C3701D636232E34CF10285413
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/XdTdNrqpdaVAtmK5mvyXOVnl3-Q.roa
Signing time:             Thu 02 Jan 2025 07:49:32 +0000
ROA not before:           Thu 02 Jan 2025 07:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15435
IP address blocks:        2a07:3501:1030::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:b7:5c:37:01:d6:36:23:2e:34:cf:10:28:54:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  2 07:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dd4dd36baa975a540b662b99afc973959e5dfe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:54:cf:ed:c8:ff:af:f8:26:cb:d4:ed:13:7b:
                    da:36:f8:83:ea:44:bb:a7:b4:f6:1f:28:81:d5:7b:
                    dc:f2:a5:1d:a6:99:3c:32:78:36:ee:42:c8:98:7b:
                    c2:f9:ba:71:ec:e1:1b:b0:e0:ae:93:f6:79:7f:69:
                    14:a8:ca:c9:77:48:b1:f4:8b:00:26:18:e5:46:85:
                    27:bf:32:44:4d:0c:df:f0:b3:84:50:a5:23:79:40:
                    2b:27:64:80:da:01:26:01:ac:c9:20:e5:bb:4f:09:
                    33:c8:75:09:61:2c:fb:ab:5d:82:b2:9f:ac:b7:31:
                    24:a7:f0:56:09:b5:03:cb:54:46:87:92:01:4b:b1:
                    c8:06:cb:ca:ca:8b:ce:6c:7c:f7:e8:93:57:ff:37:
                    1f:11:9b:40:13:7d:d6:db:2b:45:9c:15:13:48:f8:
                    62:dd:ca:2f:3a:94:5c:84:1d:dd:28:65:c0:1f:ff:
                    5e:7e:31:fe:d7:cc:11:b1:de:d4:3f:81:93:19:f8:
                    b4:63:9a:ac:83:23:c3:bd:f4:7a:4a:a6:cb:6e:df:
                    c1:f9:14:86:a1:40:78:c3:61:ed:aa:8a:e9:ae:63:
                    69:c7:0e:76:9c:9f:6c:a4:56:12:d0:78:30:3e:36:
                    37:53:69:e5:0b:c1:1f:bc:89:1c:72:db:ee:40:ba:
                    44:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D4:DD:36:BA:A9:75:A5:40:B6:62:B9:9A:FC:97:39:59:E5:DF:E4
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/XdTdNrqpdaVAtmK5mvyXOVnl3-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3501:1030::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:b9:ee:8b:77:d4:47:75:7a:77:47:33:00:13:a9:4a:9c:e2:
         73:16:56:16:ec:a9:37:f3:10:3d:b2:ad:de:d5:e3:0a:78:64:
         28:57:81:91:23:00:8d:94:04:91:d2:5c:51:5a:ac:2b:7a:8e:
         cc:fe:60:95:c1:44:70:d0:d1:99:e3:9b:71:a7:ce:c0:cf:31:
         f3:eb:25:c8:9e:17:b3:fb:0b:5b:03:e8:45:0e:f3:62:3b:24:
         cf:15:14:e2:49:43:b7:d7:62:b2:8c:d6:99:36:eb:55:06:14:
         bf:4e:10:59:36:6a:5b:47:64:2b:b4:ca:90:12:d7:07:44:f2:
         09:93:62:52:b5:78:bf:93:86:e9:3e:e4:e3:e8:43:10:37:45:
         c5:03:d4:40:64:e2:6f:31:aa:f1:19:63:4d:68:9c:f3:c5:1c:
         06:dc:26:c3:d3:b2:d3:f2:26:d1:9e:25:13:bd:92:cf:0b:2c:
         31:9e:de:18:d7:17:99:23:86:e6:d7:97:a9:ee:d8:ed:ae:28:
         4f:ce:91:d8:10:2d:e3:4a:63:96:9f:f3:c9:3c:ae:cf:fd:49:
         dd:d9:6a:64:9d:20:5f:72:a0:3f:76:35:62:d8:64:9c:4a:16:
         93:a6:71:53:1a:8d:fe:99:eb:7b:52:34:22:69:93:7b:0d:f2:
         a4:6d:e3:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/bdcNwHWNiMuNM8QKFQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjUwMTAyMDc0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQ0ZGQzNmJhYTk3NWE1NDBiNjYyYjk5YWZjOTczOTU5ZTVkZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFTP7cj/r/gmy9TtE3vaNviD6kS7
p7T2HyiB1Xvc8qUdppk8Mng27kLImHvC+bpx7OEbsOCuk/Z5f2kUqMrJd0ix9IsA
JhjlRoUnvzJETQzf8LOEUKUjeUArJ2SA2gEmAazJIOW7TwkzyHUJYSz7q12Csp+s
tzEkp/BWCbUDy1RGh5IBS7HIBsvKyovObHz36JNX/zcfEZtAE33W2ytFnBUTSPhi
3covOpRchB3dKGXAH/9efjH+18wRsd7UP4GTGfi0Y5qsgyPDvfR6SqbLbt/B+RSG
oUB4w2HtqorprmNpxw52nJ9spFYS0HgwPjY3U2nlC8EfvIkcctvuQLpEUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF3U3Ta6qXWlQLZiuZr8lzlZ5d/kMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvWGRUZE5ycXBkYVZBdG1LNW12eVhPVm5sMy1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ARAw
MA0GCSqGSIb3DQEBCwUAA4IBAQBsue6Ld9RHdXp3RzMAE6lKnOJzFlYW7Kk38xA9
sq3e1eMKeGQoV4GRIwCNlASR0lxRWqwreo7M/mCVwURw0NGZ45txp87AzzHz6yXI
nhez+wtbA+hFDvNiOyTPFRTiSUO312KyjNaZNutVBhS/ThBZNmpbR2QrtMqQEtcH
RPIJk2JStXi/k4bpPuTj6EMQN0XFA9RAZOJvMarxGWNNaJzzxRwG3CbD07LT8ibR
niUTvZLPCywxnt4Y1xeZI4bm15ep7tjtrihPzpHYEC3jSmOWn/PJPK7P/Und2Wpk
nSBfcqA/djVi2GScShaTpnFTGo3+met7UjQiaZN7DfKkbeMJ
-----END CERTIFICATE-----