Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/OcwETrC7zKJAEBzcv9NqFhU0VkU.roa
File:                     OcwETrC7zKJAEBzcv9NqFhU0VkU.roa (raw, json)
Hash identifier:          +Fh2IKkl9+PzWE+o8+gifkg2/uXg+cqv7TjJKcDbtnQ=
Subject key identifier:   39:CC:04:4E:B0:BB:CC:A2:40:10:1C:DC:BF:D3:6A:16:15:34:56:45
Certificate issuer:       /CN=5e936bea1b0c3a208aba27d8b10b275e474dde2c
Certificate serial:       01976410E2E34C13576E32436B5F6C907F07
Authority key identifier: 5E:93:6B:EA:1B:0C:3A:20:8A:BA:27:D8:B1:0B:27:5E:47:4D:DE:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XpNr6hsMOiCKuifYsQsnXkdN3iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/OcwETrC7zKJAEBzcv9NqFhU0VkU.roa
Signing time:             Thu 12 Jun 2025 12:15:17 +0000
ROA not before:           Thu 12 Jun 2025 12:15:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200544
IP address blocks:        2a07:ad00::/29 maxlen: 29
                          2a07:ad00::/30 maxlen: 30
                          2a07:ad00::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/XpNr6hsMOiCKuifYsQsnXkdN3iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/XpNr6hsMOiCKuifYsQsnXkdN3iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XpNr6hsMOiCKuifYsQsnXkdN3iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 18:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:10:e2:e3:4c:13:57:6e:32:43:6b:5f:6c:90:7f:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e936bea1b0c3a208aba27d8b10b275e474dde2c
        Validity
            Not Before: Jun 12 12:15:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39cc044eb0bbcca240101cdcbfd36a1615345645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c1:4f:e0:f3:5a:8e:d6:95:1d:05:f1:88:8f:
                    86:62:80:41:bf:ee:3e:83:e2:38:f5:e3:18:db:83:
                    72:50:9d:0f:8d:54:6d:10:44:02:21:72:61:01:54:
                    af:cc:ec:14:d8:4d:f1:01:e8:b9:70:70:b3:e5:c6:
                    19:79:6c:9d:29:75:f2:0b:37:aa:bb:6c:04:58:59:
                    6c:ef:0a:ec:d1:0a:4f:c5:d9:87:5b:ae:c4:24:57:
                    a3:aa:0c:14:65:e7:ec:fe:96:ee:e4:54:e7:c3:b7:
                    57:73:94:52:f9:89:88:9d:54:e1:3d:11:8a:aa:80:
                    d7:7d:7f:1b:1e:31:79:8c:a0:09:17:7b:07:4c:55:
                    83:08:0a:6f:93:aa:03:7f:8f:bd:25:e9:70:f7:c6:
                    e4:ef:c6:2b:85:40:9e:92:ef:a5:33:73:ac:3e:dd:
                    ce:bc:d6:92:59:80:48:cd:7d:a2:be:cc:62:d5:90:
                    81:12:9e:13:30:fc:04:9e:d3:9a:69:c1:54:8d:31:
                    07:24:f4:bc:af:b2:1f:52:a9:5d:b0:48:01:7e:9a:
                    4f:44:a9:bd:e1:d2:82:71:bf:87:2d:4d:66:c6:ee:
                    e3:f3:39:f1:6c:bd:48:e0:a2:41:3f:3f:2c:7e:ac:
                    60:c6:68:b7:5a:c9:bf:a9:18:01:97:ea:b7:32:7a:
                    fa:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:CC:04:4E:B0:BB:CC:A2:40:10:1C:DC:BF:D3:6A:16:15:34:56:45
            X509v3 Authority Key Identifier:
                keyid:5E:93:6B:EA:1B:0C:3A:20:8A:BA:27:D8:B1:0B:27:5E:47:4D:DE:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XpNr6hsMOiCKuifYsQsnXkdN3iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/OcwETrC7zKJAEBzcv9NqFhU0VkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/32876b-a82b-4704-ba67-98477a8653c7/1/XpNr6hsMOiCKuifYsQsnXkdN3iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:ad00::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:5b:e6:85:12:f6:b9:19:11:a3:2e:23:ba:79:58:cb:3e:23:
         56:c3:95:50:2d:e3:a6:d2:c5:34:57:93:d1:ae:b6:d2:2a:66:
         1f:8f:49:39:55:91:3f:4b:c3:21:42:f5:75:7e:40:d5:38:6d:
         64:ce:e8:4e:e2:74:d4:85:09:2f:32:b6:87:4b:4f:ef:6f:c9:
         d8:12:f9:5c:ea:57:b7:1d:72:82:67:54:b7:ac:7a:07:28:3d:
         8b:89:2a:07:2c:f8:cb:07:e7:d4:f3:37:e9:5e:4f:0b:cb:cd:
         83:63:e0:38:78:07:14:e9:ff:b1:54:bd:a3:24:bc:3a:27:57:
         e2:2e:6e:4e:e7:0a:10:7d:ae:b6:db:9b:1e:e6:9d:46:0a:9f:
         03:c5:56:68:60:39:d9:9a:f0:e5:a9:bd:25:6e:1e:4c:23:53:
         76:c7:1b:aa:c3:12:1d:25:50:94:9d:4e:cf:30:b2:de:80:d4:
         05:77:51:41:d0:ec:ae:c2:88:e2:83:a2:fd:df:1d:7b:b3:77:
         b1:a5:29:f3:c0:5c:bd:6a:f4:1b:8f:05:e1:8d:30:04:e2:d9:
         18:3c:22:50:8b:63:4f:0f:36:cf:28:0d:a4:6a:c1:2d:33:02:
         3a:69:0b:e3:9c:88:77:9b:16:06:61:1f:58:58:13:f8:fa:d4:
         7e:bb:a7:a7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZdkEOLjTBNXbjJDa19skH8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOTM2YmVhMWIwYzNhMjA4YWJhMjdkOGIxMGIyNzVlNDc0
ZGRlMmMwHhcNMjUwNjEyMTIxNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWNjMDQ0ZWIwYmJjY2EyNDAxMDFjZGNiZmQzNmExNjE1MzQ1NjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssFP4PNajtaVHQXxiI+GYoBBv+4+
g+I49eMY24NyUJ0PjVRtEEQCIXJhAVSvzOwU2E3xAei5cHCz5cYZeWydKXXyCzeq
u2wEWFls7wrs0QpPxdmHW67EJFejqgwUZefs/pbu5FTnw7dXc5RS+YmInVThPRGK
qoDXfX8bHjF5jKAJF3sHTFWDCApvk6oDf4+9Jelw98bk78YrhUCeku+lM3OsPt3O
vNaSWYBIzX2ivsxi1ZCBEp4TMPwEntOaacFUjTEHJPS8r7IfUqldsEgBfppPRKm9
4dKCcb+HLU1mxu7j8znxbL1I4KJBPz8sfqxgxmi3Wsm/qRgBl+q3Mnr6FQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDnMBE6wu8yiQBAc3L/TahYVNFZFMB8GA1UdIwQY
MBaAFF6Ta+obDDogiron2LELJ15HTd4sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHBOcjZoc01PaUNLdWlmWXNRc25Ya2ROM2l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8zMjg3NmItYTgyYi00NzA0LWJhNjct
OTg0NzdhODY1M2M3LzEvT2N3RVRyQzd6S0pBRUJ6Y3Y5TnFGaFUwVmtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8zMjg3NmItYTgyYi00NzA0LWJhNjctOTg0NzdhODY1M2M3
LzEvWHBOcjZoc01PaUNLdWlmWXNRc25Ya2ROM2l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgetADAN
BgkqhkiG9w0BAQsFAAOCAQEAilvmhRL2uRkRoy4junlYyz4jVsOVUC3jptLFNFeT
0a620ipmH49JOVWRP0vDIUL1dX5A1ThtZM7oTuJ01IUJLzK2h0tP72/J2BL5XOpX
tx1ygmdUt6x6Byg9i4kqByz4ywfn1PM36V5PC8vNg2PgOHgHFOn/sVS9oyS8OidX
4i5uTucKEH2uttubHuadRgqfA8VWaGA52Zrw5am9JW4eTCNTdscbqsMSHSVQlJ1O
zzCy3oDUBXdRQdDsrsKI4oOi/d8de7N3saUp88BcvWr0G48F4Y0wBOLZGDwiUItj
Tw82zygNpGrBLTMCOmkL45yId5sWBmEfWFgT+PrUfrunpw==
-----END CERTIFICATE-----