Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/j314qElR7yaLN86pViActqgw6kM.roa
File:                     j314qElR7yaLN86pViActqgw6kM.roa (raw, json)
Hash identifier:          GPETvo8FzbgfgVgfAdY6WbFPbKVB4en5Wj1uqmckHOg=
Subject key identifier:   8F:7D:78:A8:49:51:EF:26:8B:37:CE:A9:56:20:1C:B6:A8:30:EA:43
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       019425FDBC4332C64121B1FAFEB98B607223
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/j314qElR7yaLN86pViActqgw6kM.roa
Signing time:             Thu 02 Jan 2025 07:49:33 +0000
ROA not before:           Thu 02 Jan 2025 07:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34373
IP address blocks:        2a07:3500:1778::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:bc:43:32:c6:41:21:b1:fa:fe:b9:8b:60:72:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  2 07:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f7d78a84951ef268b37cea956201cb6a830ea43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b9:a4:76:13:19:40:98:e1:c8:ec:78:7e:4a:
                    92:1f:98:f3:28:0d:7a:5a:0d:3d:c5:7d:41:01:7f:
                    74:54:3b:06:e6:28:b6:ca:eb:5f:ec:00:56:a6:93:
                    3e:3a:58:28:c7:ef:49:ac:88:31:f6:9a:d1:96:e2:
                    a3:33:34:5b:26:6b:8d:5e:bd:15:de:bb:68:91:8b:
                    a0:4b:7a:c7:62:96:10:e0:c1:f7:5a:bf:42:18:b5:
                    76:56:e4:95:a7:5b:fa:d0:c4:c3:f5:49:1c:84:cf:
                    02:f6:73:73:8a:74:21:32:e2:16:73:f2:d4:7c:a4:
                    99:9b:ce:b0:59:e9:10:86:c9:7b:e0:9b:d0:12:fd:
                    df:d0:72:a7:92:7e:c5:2a:67:07:a7:a1:af:f7:2b:
                    db:08:ef:e8:c4:21:bc:52:b4:3b:dc:bc:10:e2:ae:
                    85:fa:ea:b2:ab:2f:cb:d1:52:13:2a:ab:82:10:fb:
                    46:68:12:ee:5e:dd:d9:5e:0b:e3:0c:6d:e3:3e:c7:
                    a3:6d:bf:db:38:22:76:2f:02:f9:41:04:a7:d6:c3:
                    d0:d7:68:9d:2b:98:e2:25:09:c6:f0:a7:a0:b2:56:
                    7b:b6:ac:ad:16:50:21:8c:4f:04:21:da:f7:19:9a:
                    10:4b:88:3e:80:2f:7c:5e:ff:86:37:2d:5d:ae:72:
                    7b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:7D:78:A8:49:51:EF:26:8B:37:CE:A9:56:20:1C:B6:A8:30:EA:43
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/j314qElR7yaLN86pViActqgw6kM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3500:1778::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:74:06:97:ab:cf:03:82:76:ce:26:d2:d7:bf:8d:65:fc:bc:
         e2:d1:c9:54:fb:0b:06:7f:3e:fd:9f:d2:2d:72:b2:9b:70:27:
         21:60:9e:70:c6:f9:c7:ea:1b:09:65:be:f0:fc:9e:b6:9f:80:
         45:2c:e1:f8:92:54:7a:29:91:71:91:98:5a:25:9c:bf:38:e7:
         d9:12:a3:ca:11:47:86:7f:15:3a:a0:78:dc:db:33:ec:db:c5:
         06:87:1f:55:ed:47:77:f9:3a:44:4e:6c:49:04:d9:ed:b4:99:
         2e:14:2d:1f:d1:67:df:3d:c0:d5:1e:3e:a3:b1:1d:13:05:47:
         c5:2e:60:6a:0d:93:4e:32:ec:bb:94:eb:22:f3:0f:b2:3e:df:
         dc:12:fe:a4:83:d4:dd:c0:f3:35:52:82:51:1e:8c:5b:e8:83:
         77:f3:84:a6:90:44:86:98:b0:63:6f:a6:49:5c:5c:3f:6f:60:
         b1:9c:9c:68:c0:2f:78:8a:20:6b:9f:6f:45:92:98:c9:04:be:
         cf:0b:77:c0:f5:fb:cf:c8:9b:f7:75:a6:1a:0b:8d:e8:67:7f:
         6b:4d:d8:d8:44:58:5b:c2:ba:59:62:52:6a:9e:f8:fd:48:2d:
         a2:77:7f:3b:17:a5:36:62:b8:e1:d3:92:ce:b1:91:ef:2f:7e:
         a0:ee:7f:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/bxDMsZBIbH6/rmLYHIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjUwMTAyMDc0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjdkNzhhODQ5NTFlZjI2OGIzN2NlYTk1NjIwMWNiNmE4MzBlYTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprmkdhMZQJjhyOx4fkqSH5jzKA16
Wg09xX1BAX90VDsG5ii2yutf7ABWppM+Olgox+9JrIgx9prRluKjMzRbJmuNXr0V
3rtokYugS3rHYpYQ4MH3Wr9CGLV2VuSVp1v60MTD9UkchM8C9nNzinQhMuIWc/LU
fKSZm86wWekQhsl74JvQEv3f0HKnkn7FKmcHp6Gv9yvbCO/oxCG8UrQ73LwQ4q6F
+uqyqy/L0VITKquCEPtGaBLuXt3ZXgvjDG3jPsejbb/bOCJ2LwL5QQSn1sPQ12id
K5jiJQnG8KegslZ7tqytFlAhjE8EIdr3GZoQS4g+gC98Xv+GNy1drnJ72wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI99eKhJUe8mizfOqVYgHLaoMOpDMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvajMxNHFFbFI3eWFMTjg2cFZpQWN0cWd3NmtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ABd4
MA0GCSqGSIb3DQEBCwUAA4IBAQBAdAaXq88DgnbOJtLXv41l/Lzi0clU+wsGfz79
n9ItcrKbcCchYJ5wxvnH6hsJZb7w/J62n4BFLOH4klR6KZFxkZhaJZy/OOfZEqPK
EUeGfxU6oHjc2zPs28UGhx9V7Ud3+TpETmxJBNnttJkuFC0f0WffPcDVHj6jsR0T
BUfFLmBqDZNOMuy7lOsi8w+yPt/cEv6kg9TdwPM1UoJRHoxb6IN384SmkESGmLBj
b6ZJXFw/b2CxnJxowC94iiBrn29FkpjJBL7PC3fA9fvPyJv3daYaC43oZ39rTdjY
RFhbwrpZYlJqnvj9SC2id387F6U2Yrjh05LOsZHvL36g7n/h
-----END CERTIFICATE-----