Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/DIjEKrN2QIgte3MOPHBqTqk6zL8.roa
File:                     DIjEKrN2QIgte3MOPHBqTqk6zL8.roa (raw, json)
Hash identifier:          Djlgz0V/uM6rrvj+zsdR0L8f71DLX2CbBSL9RTlTtHY=
Subject key identifier:   0C:88:C4:2A:B3:76:40:88:2D:7B:73:0E:3C:70:6A:4E:A9:3A:CC:BF
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D76A0846FBF1FCD8F04315220DE8CC
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/DIjEKrN2QIgte3MOPHBqTqk6zL8.roa
Signing time:             Wed 01 Jan 2025 21:48:27 +0000
ROA not before:           Wed 01 Jan 2025 21:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201697
IP address blocks:        2a00:f826:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:6a:08:46:fb:f1:fc:d8:f0:43:15:22:0d:e8:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c88c42ab37640882d7b730e3c706a4ea93accbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:13:0b:a9:f1:a3:6e:ee:55:68:02:93:e6:a8:
                    4e:a1:10:70:af:51:38:01:91:8c:66:93:92:43:71:
                    0a:75:a5:0e:42:cf:d4:3c:bb:02:65:55:7a:40:51:
                    21:d9:8a:95:51:7e:dd:68:3e:1b:fd:0e:a4:c1:14:
                    22:0a:67:cf:3a:3c:53:09:f7:34:c4:d2:4f:66:8f:
                    71:69:36:3a:89:27:9b:91:73:7b:ff:c4:65:05:7a:
                    21:db:5c:e2:e3:d3:2e:80:aa:7f:88:81:2b:ee:63:
                    d6:f3:04:ee:07:d4:54:dc:e9:a6:15:d8:0d:8f:05:
                    7f:d4:f9:60:dd:8f:71:bf:53:bd:13:19:35:4f:32:
                    32:9a:89:77:4e:37:6a:29:2f:6f:ec:14:8d:e3:6b:
                    f6:00:c9:ec:92:c6:bc:2c:d7:c7:71:19:25:3a:24:
                    04:34:bc:4d:ea:4f:97:06:00:f2:1a:b0:9d:bf:a7:
                    49:c9:35:09:c6:70:2e:87:dd:0a:b0:21:d6:60:50:
                    dd:85:ce:1a:f4:a1:7f:01:b7:69:0d:3e:ba:34:c5:
                    94:06:57:f3:2f:19:b6:e6:12:b3:1d:be:48:7f:04:
                    dd:27:7e:77:e7:1e:94:3f:7a:b2:9a:fa:70:1f:91:
                    2a:95:b4:4d:62:77:20:01:07:6f:28:b9:41:00:55:
                    16:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:88:C4:2A:B3:76:40:88:2D:7B:73:0E:3C:70:6A:4E:A9:3A:CC:BF
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/DIjEKrN2QIgte3MOPHBqTqk6zL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:f826:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:c3:2f:1c:f2:c9:de:36:56:25:9d:bb:c7:2f:81:ff:a1:81:
         ae:f4:d2:17:ab:66:ee:4e:b0:3b:b3:38:df:bb:76:d6:a4:01:
         46:c9:68:c4:8f:4c:2a:7d:95:a8:ee:7b:de:48:a2:08:01:20:
         25:39:72:4d:65:2b:2a:18:08:73:af:20:2d:b6:8f:92:2c:3c:
         cf:35:a2:9d:d0:9e:41:c6:41:47:a7:1a:7a:68:f4:9c:03:25:
         ad:e6:e8:bd:6c:fb:ad:23:95:81:fb:39:b4:18:f2:15:89:07:
         b5:1e:35:72:9e:17:e7:56:4f:88:e3:df:f7:6c:1f:04:56:94:
         81:62:ae:ad:05:1c:55:98:37:bb:6f:5e:1b:74:ef:80:e0:8d:
         f2:54:1e:3b:ee:7a:0f:91:c1:38:25:43:48:a2:a8:c2:d8:77:
         4a:36:52:22:e3:c4:15:21:6f:dc:bb:39:f0:92:fe:59:07:59:
         37:bc:01:25:02:ba:27:c6:60:20:59:7b:1e:64:44:35:b4:98:
         0d:6d:fd:4c:f0:8e:9a:ad:53:10:87:5c:c3:5e:a2:01:48:bc:
         b5:4f:d7:d0:82:ee:e4:fb:5d:0f:e9:86:a1:f3:de:2e:8e:2e:
         d6:ad:3e:56:98:eb:56:9b:d3:7e:18:7f:7c:3f:86:05:e0:55:
         14:63:23:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj12oIRvvx/NjwQxUiDejMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzg4YzQyYWIzNzY0MDg4MmQ3YjczMGUzYzcwNmE0ZWE5M2FjY2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhMLqfGjbu5VaAKT5qhOoRBwr1E4
AZGMZpOSQ3EKdaUOQs/UPLsCZVV6QFEh2YqVUX7daD4b/Q6kwRQiCmfPOjxTCfc0
xNJPZo9xaTY6iSebkXN7/8RlBXoh21zi49MugKp/iIEr7mPW8wTuB9RU3OmmFdgN
jwV/1Plg3Y9xv1O9Exk1TzIymol3TjdqKS9v7BSN42v2AMnsksa8LNfHcRklOiQE
NLxN6k+XBgDyGrCdv6dJyTUJxnAuh90KsCHWYFDdhc4a9KF/AbdpDT66NMWUBlfz
Lxm25hKzHb5IfwTdJ3535x6UP3qymvpwH5EqlbRNYncgAQdvKLlBAFUWjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAyIxCqzdkCILXtzDjxwak6pOsy/MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvRElqRUtyTjJRSWd0ZTNNT1BIQnFUcWs2ekw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgD4JgAH
MA0GCSqGSIb3DQEBCwUAA4IBAQB0wy8c8sneNlYlnbvHL4H/oYGu9NIXq2buTrA7
szjfu3bWpAFGyWjEj0wqfZWo7nveSKIIASAlOXJNZSsqGAhzryAtto+SLDzPNaKd
0J5BxkFHpxp6aPScAyWt5ui9bPutI5WB+zm0GPIViQe1HjVynhfnVk+I49/3bB8E
VpSBYq6tBRxVmDe7b14bdO+A4I3yVB477noPkcE4JUNIoqjC2HdKNlIi48QVIW/c
uznwkv5ZB1k3vAElAronxmAgWXseZEQ1tJgNbf1M8I6arVMQh1zDXqIBSLy1T9fQ
gu7k+10P6Yah894uji7WrT5WmOtWm9N+GH98P4YF4FUUYyM0
-----END CERTIFICATE-----