Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/PPMANDrLvF7lVgznicSOoAT3-3U.roa
File:                     PPMANDrLvF7lVgznicSOoAT3-3U.roa (raw, json)
Hash identifier:          goEhx/poAjkzaQRi2RGACZSEuEQ6nJJ0p5PoSp7o6bo=
Subject key identifier:   3C:F3:00:34:3A:CB:BC:5E:E5:56:0C:E7:89:C4:8E:A0:04:F7:FB:75
Certificate issuer:       /CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
Certificate serial:       01941F8C71C0C0F3EEC1DF1B6294ED55763D
Authority key identifier: D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/PPMANDrLvF7lVgznicSOoAT3-3U.roa
Signing time:             Wed 01 Jan 2025 01:48:05 +0000
ROA not before:           Wed 01 Jan 2025 01:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213253
IP address blocks:        2a0e:e704:42::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 08:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:71:c0:c0:f3:ee:c1:df:1b:62:94:ed:55:76:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
        Validity
            Not Before: Jan  1 01:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cf300343acbbc5ee5560ce789c48ea004f7fb75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:40:3c:a4:c5:05:c3:e1:ed:d5:b5:d6:b6:a4:
                    2a:1f:1d:2a:82:60:64:7b:1b:ec:29:f8:54:89:4d:
                    c0:5d:40:ea:b9:2d:32:f9:3d:ad:42:14:7b:50:73:
                    e3:b8:22:1d:fd:1e:25:65:a5:a8:f0:ba:2a:16:e2:
                    e0:d1:68:3c:ca:06:b8:a0:c6:c6:a8:c0:fd:5a:81:
                    57:19:b0:16:3f:73:69:4f:35:39:4f:a3:26:08:fb:
                    df:43:99:04:97:e7:5f:9b:d3:14:05:f2:a6:16:0e:
                    a1:5f:87:08:4f:67:60:2b:de:8c:ad:86:c9:c9:af:
                    51:e3:78:cc:34:61:11:3e:0b:4d:2b:98:c4:33:02:
                    d7:6e:a7:ee:d1:1c:68:1d:0b:dc:fb:4e:d4:e4:7c:
                    12:2d:7e:c6:94:3f:56:61:42:5f:23:d2:15:ab:a1:
                    15:87:3b:a7:7c:2f:f7:0b:f0:0f:6b:dc:ee:12:41:
                    0d:e4:31:51:e7:66:da:bf:ed:26:69:22:75:5d:93:
                    ba:ba:83:8e:e6:aa:ca:37:95:e8:78:0e:19:48:9e:
                    f7:af:c6:70:94:df:63:82:3c:28:0a:6e:5c:5b:23:
                    2c:2d:05:e1:bc:86:ec:83:58:68:37:55:c6:f2:0d:
                    2d:ba:09:c9:6a:95:c7:19:de:5f:4e:7f:98:6f:c7:
                    a2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:F3:00:34:3A:CB:BC:5E:E5:56:0C:E7:89:C4:8E:A0:04:F7:FB:75
            X509v3 Authority Key Identifier:
                keyid:D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/PPMANDrLvF7lVgznicSOoAT3-3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e704:42::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:c9:87:fe:24:da:ee:92:47:54:10:c3:51:ac:11:db:0f:4e:
         9f:8e:7a:9c:fd:c5:49:c8:45:1f:a6:ab:a2:a8:55:5c:1c:49:
         84:8d:d1:5d:15:12:f9:9e:c9:a3:91:d0:d8:c2:11:7e:ea:21:
         df:48:01:d1:90:97:17:b2:00:18:16:34:43:bb:75:77:78:fc:
         a8:c0:ae:50:30:67:a7:42:e3:ed:3a:1d:b3:28:7e:d7:3f:56:
         60:8c:e6:65:87:a4:85:8a:bf:e3:62:51:56:cf:a9:e0:92:38:
         2c:2f:69:80:5b:7e:b3:25:4f:8f:ab:11:6c:21:76:0d:99:68:
         3f:65:68:f3:4a:99:8b:8c:b2:76:50:f5:c3:5a:f5:cf:8a:de:
         9c:42:3a:3a:5a:91:14:2a:a8:35:0e:68:f5:ba:a8:3d:f9:4b:
         b4:a3:06:cd:71:1f:8c:5c:50:24:40:db:47:e1:32:fb:3e:6f:
         e8:42:cf:c2:0e:6f:d5:29:b4:12:e3:42:86:3f:04:f4:fa:21:
         48:07:57:28:52:fb:bf:24:f9:af:48:1f:07:dc:92:09:a0:f7:
         84:2a:76:ac:57:e6:7e:5e:fc:0c:18:73:9f:3e:6a:82:e2:f1:
         d0:80:90:47:51:02:a2:5c:32:a6:83:12:f2:9a:de:59:45:9b:
         da:68:1f:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHHAwPPuwd8bYpTtVXY9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MGY0NWY3Y2M0YjY5MWZkNGEzMWMxZjFjMGI0ZjYwNWQ3
N2E2ZWYwHhcNMjUwMTAxMDE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2YzMDAzNDNhY2JiYzVlZTU1NjBjZTc4OWM0OGVhMDA0ZjdmYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0A8pMUFw+Ht1bXWtqQqHx0qgmBk
exvsKfhUiU3AXUDquS0y+T2tQhR7UHPjuCId/R4lZaWo8LoqFuLg0Wg8yga4oMbG
qMD9WoFXGbAWP3NpTzU5T6MmCPvfQ5kEl+dfm9MUBfKmFg6hX4cIT2dgK96MrYbJ
ya9R43jMNGERPgtNK5jEMwLXbqfu0RxoHQvc+07U5HwSLX7GlD9WYUJfI9IVq6EV
hzunfC/3C/APa9zuEkEN5DFR52bav+0maSJ1XZO6uoOO5qrKN5XoeA4ZSJ73r8Zw
lN9jgjwoCm5cWyMsLQXhvIbsg1hoN1XG8g0tugnJapXHGd5fTn+Yb8eiiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDzzADQ6y7xe5VYM54nEjqAE9/t1MB8GA1UdIwQY
MBaAFNYPRffMS2kf1KMcHxwLT2Bdd6bvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzkt
YTk1NGQwNTM5OTRhLzEvUFBNQU5Eckx2RjdsVmd6bmljU09vQVQzLTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzktYTk1NGQwNTM5OTRh
LzEvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7nBABC
MA0GCSqGSIb3DQEBCwUAA4IBAQC3yYf+JNrukkdUEMNRrBHbD06fjnqc/cVJyEUf
pquiqFVcHEmEjdFdFRL5nsmjkdDYwhF+6iHfSAHRkJcXsgAYFjRDu3V3ePyowK5Q
MGenQuPtOh2zKH7XP1ZgjOZlh6SFir/jYlFWz6ngkjgsL2mAW36zJU+PqxFsIXYN
mWg/ZWjzSpmLjLJ2UPXDWvXPit6cQjo6WpEUKqg1Dmj1uqg9+Uu0owbNcR+MXFAk
QNtH4TL7Pm/oQs/CDm/VKbQS40KGPwT0+iFIB1coUvu/JPmvSB8H3JIJoPeEKnas
V+Z+XvwMGHOfPmqC4vHQgJBHUQKiXDKmgxLymt5ZRZvaaB/p
-----END CERTIFICATE-----