Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/NewZ8pp4liRlRqK_bUM9ux7lUdY.roa
File:                     NewZ8pp4liRlRqK_bUM9ux7lUdY.roa (raw, json)
Hash identifier:          e2V20fh5Bna/npvAqL/4q48RnUBDa1PMa1ud3KkuSzU=
Subject key identifier:   35:EC:19:F2:9A:78:96:24:65:46:A2:BF:6D:43:3D:BB:1E:E5:51:D6
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       01942369B07515A263D31FEAE352B88B5DC8
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/NewZ8pp4liRlRqK_bUM9ux7lUdY.roa
Signing time:             Wed 01 Jan 2025 19:48:36 +0000
ROA not before:           Wed 01 Jan 2025 19:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47705
IP address blocks:        2a02:2000:3c7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 19:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:b0:75:15:a2:63:d3:1f:ea:e3:52:b8:8b:5d:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Jan  1 19:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35ec19f29a7896246546a2bf6d433dbb1ee551d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:32:44:7b:70:3a:5c:68:4a:6b:bd:76:16:a7:
                    87:95:d4:db:f2:af:f3:6c:8a:95:80:70:6a:d2:b0:
                    0d:70:81:28:43:76:2a:fd:2b:73:c4:0f:fb:56:79:
                    7e:70:68:a0:05:60:db:a0:3f:90:68:56:e9:7c:ad:
                    64:58:64:b2:cc:9e:86:48:03:cd:ef:b7:43:15:88:
                    c4:4a:93:18:4d:64:6c:21:ea:cf:7b:c7:9f:ef:a1:
                    e2:a8:11:2d:c1:b1:c0:42:4b:42:bb:a1:14:a2:ac:
                    78:98:7a:b1:a3:5c:d0:8c:4b:a5:f6:e1:b5:0b:04:
                    1b:c9:7a:52:6d:86:73:79:46:da:a5:05:54:aa:1b:
                    2d:59:18:b2:93:c7:98:62:20:6e:c2:cc:5d:93:f9:
                    49:b0:22:5d:5f:b5:f9:cf:0f:7c:e6:29:59:99:78:
                    4b:c4:2d:8d:d9:4b:7b:a8:e4:95:ec:a6:60:08:bd:
                    d4:85:6e:e6:0a:91:80:99:dd:2e:46:72:34:bc:97:
                    34:ff:76:79:70:0a:48:60:ce:27:58:32:4b:0f:f3:
                    e6:f4:a0:3e:9b:a7:3f:a8:1c:2f:20:a0:c9:05:1d:
                    72:95:12:cf:94:15:8f:14:52:92:90:80:12:a5:db:
                    64:30:d0:e3:2a:db:45:77:30:fc:c0:24:e2:e9:06:
                    ae:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:EC:19:F2:9A:78:96:24:65:46:A2:BF:6D:43:3D:BB:1E:E5:51:D6
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/NewZ8pp4liRlRqK_bUM9ux7lUdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2000:3c7::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:5a:17:8c:dc:4d:f3:aa:a8:34:60:27:ca:60:a9:be:c9:29:
         b3:76:bf:d0:c1:e3:30:dc:3f:67:10:4b:53:b1:c7:26:90:a2:
         33:c8:e3:5a:80:a3:93:df:5e:eb:78:ec:78:92:b3:44:f3:74:
         13:46:e2:0a:77:00:94:26:a8:9f:4f:7c:e8:57:a9:07:5d:ae:
         90:40:9a:44:04:c9:20:ed:14:fb:12:25:db:38:f0:1d:da:9f:
         da:64:27:cb:5b:11:d0:bc:0f:a6:3b:e2:38:2b:fa:a3:6e:0e:
         5f:4a:5a:94:54:ec:98:8f:b5:8c:2e:7d:96:4b:fd:5e:c6:80:
         8c:2a:45:3f:6e:2d:4e:95:b5:01:df:86:f1:97:02:0b:0e:0e:
         19:55:53:65:ee:d2:95:39:9b:20:58:3e:98:54:a1:8e:b7:7c:
         8c:33:bc:3a:0e:03:17:b6:52:65:b0:60:7e:9f:99:67:17:19:
         09:b9:cc:72:93:b7:4e:f2:cf:61:b5:29:e9:b3:d7:cc:ce:a9:
         88:b3:89:26:67:f4:c6:53:ff:73:4e:17:85:00:6c:83:f5:c3:
         91:c6:a5:e0:d0:54:d5:68:bb:15:d5:af:4b:f2:e9:fd:03:f9:
         4c:bd:94:fa:76:4c:ac:9b:d2:d6:9b:3c:5a:91:6c:af:71:48:
         7a:e9:1a:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjabB1FaJj0x/q41K4i13IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjUwMTAxMTk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWVjMTlmMjlhNzg5NjI0NjU0NmEyYmY2ZDQzM2RiYjFlZTU1MWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujJEe3A6XGhKa712FqeHldTb8q/z
bIqVgHBq0rANcIEoQ3Yq/StzxA/7Vnl+cGigBWDboD+QaFbpfK1kWGSyzJ6GSAPN
77dDFYjESpMYTWRsIerPe8ef76HiqBEtwbHAQktCu6EUoqx4mHqxo1zQjEul9uG1
CwQbyXpSbYZzeUbapQVUqhstWRiyk8eYYiBuwsxdk/lJsCJdX7X5zw985ilZmXhL
xC2N2Ut7qOSV7KZgCL3UhW7mCpGAmd0uRnI0vJc0/3Z5cApIYM4nWDJLD/Pm9KA+
m6c/qBwvIKDJBR1ylRLPlBWPFFKSkIASpdtkMNDjKttFdzD8wCTi6QauWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDXsGfKaeJYkZUaiv21DPbse5VHWMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEvTmV3WjhwcDRsaVJsUnFLX2JVTTl1eDdsVWRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIgAAPH
MA0GCSqGSIb3DQEBCwUAA4IBAQBjWheM3E3zqqg0YCfKYKm+ySmzdr/QweMw3D9n
EEtTsccmkKIzyONagKOT317reOx4krNE83QTRuIKdwCUJqifT3zoV6kHXa6QQJpE
BMkg7RT7EiXbOPAd2p/aZCfLWxHQvA+mO+I4K/qjbg5fSlqUVOyYj7WMLn2WS/1e
xoCMKkU/bi1OlbUB34bxlwILDg4ZVVNl7tKVOZsgWD6YVKGOt3yMM7w6DgMXtlJl
sGB+n5lnFxkJucxyk7dO8s9htSnps9fMzqmIs4kmZ/TGU/9zTheFAGyD9cORxqXg
0FTVaLsV1a9L8un9A/lMvZT6dkysm9LWmzxakWyvcUh66Roj
-----END CERTIFICATE-----