Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/uEbXlLvD8Sc9kox45dMnk33Zux8.roa
File:                     uEbXlLvD8Sc9kox45dMnk33Zux8.roa (raw, json)
Hash identifier:          580EDzoGmK5uM1ZDlMJ39w/BJcyyLtvAm6jFzIXr27k=
Subject key identifier:   B8:46:D7:94:BB:C3:F1:27:3D:92:8C:78:E5:D3:27:93:7D:D9:BB:1F
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       019422FAFDB5A3615CA8A1321ED35B0A200D
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/uEbXlLvD8Sc9kox45dMnk33Zux8.roa
Signing time:             Wed 01 Jan 2025 17:47:41 +0000
ROA not before:           Wed 01 Jan 2025 17:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212279
IP address blocks:        2a0f:607:1100::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 02:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:fd:b5:a3:61:5c:a8:a1:32:1e:d3:5b:0a:20:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 17:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b846d794bbc3f1273d928c78e5d327937dd9bb1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:09:0f:2d:bc:b5:90:86:7a:1e:4f:a7:c3:db:
                    1e:7c:05:e6:5f:f7:f8:25:a9:34:82:90:90:ff:83:
                    80:ac:2b:78:38:05:61:e6:26:81:fa:b7:a1:bb:57:
                    1f:1c:b4:6e:2e:41:f3:4b:d1:61:14:e8:6d:3b:54:
                    93:6e:cd:de:b5:6f:96:7f:4a:7f:55:31:60:22:b3:
                    d5:f6:c7:ce:dc:bb:62:67:e4:21:2d:62:8d:40:e1:
                    b3:17:2c:e9:6c:24:71:c0:6d:3e:6d:98:43:d8:61:
                    c6:54:c4:16:a5:7e:a0:63:95:f6:3e:74:52:d1:00:
                    5f:db:56:41:3b:fc:73:e2:85:bd:7f:01:64:e5:1d:
                    75:64:a4:0e:64:df:f8:99:9a:1d:cf:1e:dc:45:d8:
                    e2:fa:e5:0d:bd:09:31:b7:f8:5f:f9:8c:ed:20:8e:
                    c1:96:f7:1a:b0:37:bf:04:1f:71:10:4e:6d:56:33:
                    ea:5c:d7:bf:d6:db:01:30:29:30:71:71:ed:e0:bc:
                    20:4f:d7:6d:b5:82:02:47:dc:7b:7c:71:5d:0f:44:
                    90:ee:b7:a9:a2:8f:23:29:00:d0:64:67:a6:f6:bc:
                    9b:fa:3f:2f:4f:8b:87:c5:5c:5c:63:e5:63:4a:6f:
                    0d:f5:7e:8e:ea:cb:17:6e:1c:a6:e1:67:42:45:0c:
                    b2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:46:D7:94:BB:C3:F1:27:3D:92:8C:78:E5:D3:27:93:7D:D9:BB:1F
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/uEbXlLvD8Sc9kox45dMnk33Zux8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1100::/44

    Signature Algorithm: sha256WithRSAEncryption
         1b:2e:74:e7:28:89:dc:57:c8:03:3f:b1:d8:a0:a4:26:9a:db:
         a2:47:13:6b:a1:55:1e:66:62:2e:a0:55:77:84:93:e2:7c:05:
         24:9e:1e:a9:b0:37:02:55:00:ef:61:ce:1e:a1:49:73:3c:fa:
         a2:03:94:f5:d1:fc:c8:cf:cd:1c:e5:34:0a:94:c5:cb:a6:40:
         fb:78:d7:cb:18:7b:3f:b1:de:b2:aa:e4:1d:cf:fa:75:e4:af:
         6b:b0:f8:9f:4c:e5:9e:7f:f1:fe:9a:f3:2a:d6:8d:5a:83:7d:
         cd:4a:8f:6b:f0:3e:89:9a:fc:6f:14:d1:0c:0b:4b:ae:01:fa:
         ec:78:d6:4f:c4:40:11:76:e9:7a:a6:f3:53:1a:de:cf:3a:d7:
         e0:ad:42:a1:7d:17:f3:4e:c8:cb:a9:05:7f:9a:93:06:7d:17:
         01:1b:11:81:cd:94:dd:f7:3f:63:bc:59:01:d0:83:d1:1d:dd:
         f5:b9:bd:cf:15:8b:c0:8d:d9:23:0e:f2:0b:c4:11:86:0c:f2:
         5f:72:27:3c:37:18:6e:0d:11:a9:ac:ab:7e:57:a0:d3:54:33:
         7a:18:4d:5c:c1:09:ac:9e:b1:cc:e8:db:01:0b:d6:63:55:52:
         7a:b6:e3:27:8b:2c:84:9d:1b:98:68:63:f2:08:8a:7d:63:e7:
         94:5e:50:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+v21o2FcqKEyHtNbCiANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjUwMTAxMTc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODQ2ZDc5NGJiYzNmMTI3M2Q5MjhjNzhlNWQzMjc5MzdkZDliYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQkPLby1kIZ6Hk+nw9sefAXmX/f4
Jak0gpCQ/4OArCt4OAVh5iaB+rehu1cfHLRuLkHzS9FhFOhtO1STbs3etW+Wf0p/
VTFgIrPV9sfO3LtiZ+QhLWKNQOGzFyzpbCRxwG0+bZhD2GHGVMQWpX6gY5X2PnRS
0QBf21ZBO/xz4oW9fwFk5R11ZKQOZN/4mZodzx7cRdji+uUNvQkxt/hf+YztII7B
lvcasDe/BB9xEE5tVjPqXNe/1tsBMCkwcXHt4LwgT9dttYICR9x7fHFdD0SQ7rep
oo8jKQDQZGem9ryb+j8vT4uHxVxcY+VjSm8N9X6O6ssXbhym4WdCRQyyiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLhG15S7w/EnPZKMeOXTJ5N92bsfMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvdUViWGxMdkQ4U2M5a294NDVkTW5rMzNadXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAbLnTnKIncV8gDP7HYoKQmmtuiRxNroVUeZmIu
oFV3hJPifAUknh6psDcCVQDvYc4eoUlzPPqiA5T10fzIz80c5TQKlMXLpkD7eNfL
GHs/sd6yquQdz/p15K9rsPifTOWef/H+mvMq1o1ag33NSo9r8D6JmvxvFNEMC0uu
AfrseNZPxEARdul6pvNTGt7POtfgrUKhfRfzTsjLqQV/mpMGfRcBGxGBzZTd9z9j
vFkB0IPRHd31ub3PFYvAjdkjDvILxBGGDPJfcic8NxhuDRGprKt+V6DTVDN6GE1c
wQmsnrHM6NsBC9ZjVVJ6tuMniyyEnRuYaGPyCIp9Y+eUXlCY
-----END CERTIFICATE-----