Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/rN4qv2jr3J9qZtHRBTTNeBLtSyI.roa
File:                     rN4qv2jr3J9qZtHRBTTNeBLtSyI.roa (raw, json)
Hash identifier:          XnKk+dkszeDx6f5BnM3Seh2T2KcbxU0ayjv+qahJ680=
Subject key identifier:   AC:DE:2A:BF:68:EB:DC:9F:6A:66:D1:D1:05:34:CD:78:12:ED:4B:22
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       019425FDC45303326E7F99EC9E9B878F399E
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/rN4qv2jr3J9qZtHRBTTNeBLtSyI.roa
Signing time:             Thu 02 Jan 2025 07:49:35 +0000
ROA not before:           Thu 02 Jan 2025 07:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212151
IP address blocks:        2a07:3500:13b8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c4:53:03:32:6e:7f:99:ec:9e:9b:87:8f:39:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  2 07:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acde2abf68ebdc9f6a66d1d10534cd7812ed4b22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:78:76:77:74:8b:d7:5c:70:fb:b6:8d:1a:2a:
                    0b:46:3f:85:c9:a6:c4:cc:46:95:40:e5:7a:03:70:
                    a5:ed:66:16:10:37:84:82:fd:87:7f:6c:66:dc:82:
                    dd:15:77:b1:c6:a7:d3:83:03:52:cb:30:37:ac:53:
                    e3:a1:a5:4b:63:04:d9:5e:0c:56:1c:04:7a:1e:ed:
                    92:b9:a4:56:ec:d1:6a:7e:2b:08:20:cb:c8:02:81:
                    cb:83:d3:ab:dd:22:5a:c2:57:e8:e8:37:5d:77:32:
                    de:d3:6a:4a:05:8f:82:6d:dc:ab:12:bd:01:72:9d:
                    bc:41:f5:8b:46:fb:13:cd:1a:9c:3c:28:79:bc:eb:
                    e1:a7:ab:35:e7:05:ee:8f:52:e9:54:cd:83:bf:ba:
                    8a:f8:5f:9b:39:86:b7:1d:21:e7:92:ed:97:fc:06:
                    59:86:18:22:73:0a:3d:c2:6e:43:0e:fe:cc:84:82:
                    73:7f:8b:26:8c:d6:55:e0:b2:d4:c7:99:d4:59:18:
                    c0:f4:66:47:77:26:cf:8f:f9:7f:43:0b:71:d5:b9:
                    9c:ee:3f:e0:1d:59:5c:60:27:c7:28:78:d8:09:60:
                    7f:61:b4:43:60:1c:c7:00:a3:c5:cb:8c:e5:25:95:
                    96:42:ed:5c:de:74:86:a9:41:86:5c:f3:64:bd:24:
                    30:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:DE:2A:BF:68:EB:DC:9F:6A:66:D1:D1:05:34:CD:78:12:ED:4B:22
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/rN4qv2jr3J9qZtHRBTTNeBLtSyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3500:13b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:72:a8:6c:c9:5f:4b:75:6d:07:f6:02:b6:ce:9d:fa:15:3d:
         2a:f8:6e:28:dc:64:3b:d9:ab:80:fd:19:ff:63:f1:49:96:65:
         82:0b:da:3a:d0:ea:66:2c:48:14:54:57:83:b6:d9:1c:56:ab:
         f1:9e:98:4a:7b:c5:7d:69:15:e2:f3:ea:fc:e5:a4:ab:59:ed:
         a9:f7:94:c2:65:88:1a:e4:1c:79:39:76:59:f6:ac:84:db:5a:
         83:b1:ff:b4:c8:68:b2:89:22:5f:6f:08:c2:07:56:d3:26:1c:
         55:6d:75:f6:88:e8:96:33:a3:d0:c1:a5:4c:9a:40:ee:92:bb:
         f0:9c:d8:b2:92:f8:02:74:70:62:de:a6:71:42:d3:c6:e9:b3:
         c0:fb:f7:3b:9e:d6:a6:cf:48:ac:9d:a6:91:16:c7:60:18:7e:
         3a:32:dc:84:11:70:18:44:21:64:25:10:e5:1b:65:f2:37:b8:
         99:93:e0:15:2f:f2:06:80:80:7d:69:23:ef:59:a5:93:ce:ce:
         6b:ab:bc:62:c8:30:8c:6f:4d:ab:ca:27:74:51:f2:56:e1:2d:
         77:1c:ed:df:51:9f:45:dd:e9:bd:c8:24:b4:2d:c7:d6:66:50:
         ad:c5:fc:e6:47:10:5e:71:4e:53:ec:7b:0c:82:42:51:f5:fd:
         49:e5:fd:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/cRTAzJuf5nsnpuHjzmeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjUwMTAyMDc0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2RlMmFiZjY4ZWJkYzlmNmE2NmQxZDEwNTM0Y2Q3ODEyZWQ0YjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3h2d3SL11xw+7aNGioLRj+FyabE
zEaVQOV6A3Cl7WYWEDeEgv2Hf2xm3ILdFXexxqfTgwNSyzA3rFPjoaVLYwTZXgxW
HAR6Hu2SuaRW7NFqfisIIMvIAoHLg9Or3SJawlfo6DdddzLe02pKBY+CbdyrEr0B
cp28QfWLRvsTzRqcPCh5vOvhp6s15wXuj1LpVM2Dv7qK+F+bOYa3HSHnku2X/AZZ
hhgicwo9wm5DDv7MhIJzf4smjNZV4LLUx5nUWRjA9GZHdybPj/l/Qwtx1bmc7j/g
HVlcYCfHKHjYCWB/YbRDYBzHAKPFy4zlJZWWQu1c3nSGqUGGXPNkvSQwDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKzeKr9o69yfambR0QU0zXgS7UsiMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvck40cXYyanIzSjlxWnRIUkJUVE5lQkx0U3lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ABO4
MA0GCSqGSIb3DQEBCwUAA4IBAQC/cqhsyV9LdW0H9gK2zp36FT0q+G4o3GQ72auA
/Rn/Y/FJlmWCC9o60OpmLEgUVFeDttkcVqvxnphKe8V9aRXi8+r85aSrWe2p95TC
ZYga5Bx5OXZZ9qyE21qDsf+0yGiyiSJfbwjCB1bTJhxVbXX2iOiWM6PQwaVMmkDu
krvwnNiykvgCdHBi3qZxQtPG6bPA+/c7ntamz0isnaaRFsdgGH46MtyEEXAYRCFk
JRDlG2XyN7iZk+AVL/IGgIB9aSPvWaWTzs5rq7xiyDCMb02ryid0UfJW4S13HO3f
UZ9F3em9yCS0LcfWZlCtxfzmRxBecU5T7HsMgkJR9f1J5f2I
-----END CERTIFICATE-----