Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/ibG8s-uNg8iW3EcdenBVN0a0GOA.roa
File:                     ibG8s-uNg8iW3EcdenBVN0a0GOA.roa (raw, json)
Hash identifier:          cMNTG3zKGDqXo0eIkSYjSVFaWoXZgu+y014lNkKw6CE=
Subject key identifier:   89:B1:BC:B3:EB:8D:83:C8:96:DC:47:1D:7A:70:55:37:46:B4:18:E0
Certificate issuer:       /CN=0d8d3ced32e360fcd46c163556de28aa2824b19b
Certificate serial:       0196FDF29230AAC7D04479DBC1BAD6A76CDC
Authority key identifier: 0D:8D:3C:ED:32:E3:60:FC:D4:6C:16:35:56:DE:28:AA:28:24:B1:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DY087TLjYPzUbBY1Vt4oqigksZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/ibG8s-uNg8iW3EcdenBVN0a0GOA.roa
Signing time:             Fri 23 May 2025 16:20:54 +0000
ROA not before:           Fri 23 May 2025 16:20:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209179
IP address blocks:        2a03:bb80::/48 maxlen: 48
                          2a03:bb80:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/DY087TLjYPzUbBY1Vt4oqigksZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/DY087TLjYPzUbBY1Vt4oqigksZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DY087TLjYPzUbBY1Vt4oqigksZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fd:f2:92:30:aa:c7:d0:44:79:db:c1:ba:d6:a7:6c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d8d3ced32e360fcd46c163556de28aa2824b19b
        Validity
            Not Before: May 23 16:20:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89b1bcb3eb8d83c896dc471d7a70553746b418e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:dc:71:bb:8e:0e:03:1d:be:5b:e4:89:dd:10:
                    8e:c0:05:20:49:d2:5e:ba:ad:b6:25:64:0c:b1:a5:
                    c1:0f:e5:b3:64:3e:81:b7:6c:06:a9:e0:f3:22:28:
                    d1:12:1a:1f:c4:ec:a1:53:53:90:f1:c7:bc:18:38:
                    74:ea:66:c5:3c:8b:df:ee:8d:f7:20:99:67:9d:da:
                    40:ea:64:43:19:1d:ac:49:ae:7e:90:24:96:a9:58:
                    56:f8:b1:d9:67:45:21:bb:87:d2:9a:2b:ea:99:3b:
                    8c:3f:ee:41:14:2d:d4:91:a1:00:72:39:b3:d6:28:
                    b2:74:d1:80:9f:5e:6a:75:e0:26:91:0f:83:85:2a:
                    bb:c6:29:ff:45:f1:e7:ff:fd:ec:da:11:c8:7e:47:
                    a7:72:c3:b6:1d:90:32:cd:fc:42:62:f2:2f:ef:ce:
                    1a:94:4b:11:b0:c8:cf:71:12:6a:18:6e:ae:4d:be:
                    f8:c2:06:7d:4d:b0:26:b0:11:9d:52:6b:d6:a1:66:
                    dd:c4:b5:cf:3b:a9:6b:34:fa:ba:cb:ce:44:b8:33:
                    da:a8:df:cc:71:ca:ac:0e:01:9d:11:b2:45:9f:4d:
                    33:46:92:72:a2:5f:35:10:60:51:91:5f:c2:57:7a:
                    cb:3a:a3:78:62:41:d8:c9:28:f2:4c:8d:88:4d:94:
                    15:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B1:BC:B3:EB:8D:83:C8:96:DC:47:1D:7A:70:55:37:46:B4:18:E0
            X509v3 Authority Key Identifier:
                keyid:0D:8D:3C:ED:32:E3:60:FC:D4:6C:16:35:56:DE:28:AA:28:24:B1:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DY087TLjYPzUbBY1Vt4oqigksZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/ibG8s-uNg8iW3EcdenBVN0a0GOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/cb6f7e-e3b8-4d0c-8293-a497b8cbf177/1/DY087TLjYPzUbBY1Vt4oqigksZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:bb80::/47

    Signature Algorithm: sha256WithRSAEncryption
         26:f1:85:3c:f6:91:d6:eb:49:ee:08:e3:e4:3f:38:c7:5c:42:
         a8:62:58:22:84:b1:8d:75:b5:5a:18:e1:da:40:9e:fa:d7:51:
         b2:b5:01:74:4a:6f:d8:8d:9d:f4:44:bb:30:d6:e5:26:fc:65:
         8c:05:ef:60:c4:8f:ca:34:40:c9:03:95:dc:f2:4a:a0:a6:09:
         41:ab:1f:f6:8b:ae:a8:fe:79:54:d4:03:88:b9:e3:92:53:dc:
         f0:d8:ac:e0:ef:c3:11:01:d3:b9:2f:40:d7:d7:f0:d9:ec:30:
         20:38:a8:b7:32:1b:63:85:03:63:99:83:f4:8c:be:03:2d:0b:
         c5:a4:ef:e3:80:30:34:c2:84:61:07:7f:a1:0b:e8:71:36:be:
         39:6d:19:44:47:67:c9:38:c1:e4:55:ab:29:85:07:fa:5c:c8:
         10:4d:47:f2:b3:01:68:7d:68:6e:79:8d:c8:ed:7b:6c:ff:78:
         5a:e5:26:f4:3c:7f:0e:85:b9:34:a1:8f:7a:c4:6b:3f:be:27:
         20:20:4a:49:6d:88:eb:b5:f8:86:5c:4a:32:af:fd:07:d3:8b:
         b9:00:db:8e:43:4c:05:4e:3e:7b:87:ff:aa:58:2e:ad:a9:9c:
         09:c4:67:56:b3:c5:20:a3:a6:1d:c3:32:ca:0d:5c:3f:66:63:
         cc:0f:6c:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZb98pIwqsfQRHnbwbrWp2zcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkOGQzY2VkMzJlMzYwZmNkNDZjMTYzNTU2ZGUyOGFhMjgy
NGIxOWIwHhcNMjUwNTIzMTYyMDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWIxYmNiM2ViOGQ4M2M4OTZkYzQ3MWQ3YTcwNTUzNzQ2YjQxOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNxxu44OAx2+W+SJ3RCOwAUgSdJe
uq22JWQMsaXBD+WzZD6Bt2wGqeDzIijREhofxOyhU1OQ8ce8GDh06mbFPIvf7o33
IJlnndpA6mRDGR2sSa5+kCSWqVhW+LHZZ0Uhu4fSmivqmTuMP+5BFC3UkaEAcjmz
1iiydNGAn15qdeAmkQ+DhSq7xin/RfHn//3s2hHIfkencsO2HZAyzfxCYvIv784a
lEsRsMjPcRJqGG6uTb74wgZ9TbAmsBGdUmvWoWbdxLXPO6lrNPq6y85EuDPaqN/M
ccqsDgGdEbJFn00zRpJyol81EGBRkV/CV3rLOqN4YkHYySjyTI2ITZQVCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFImxvLPrjYPIltxHHXpwVTdGtBjgMB8GA1UdIwQY
MBaAFA2NPO0y42D81GwWNVbeKKooJLGbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFkwODdUTGpZUHpVYkJZMVZ0NG9xaWdrc1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9jYjZmN2UtZTNiOC00ZDBjLTgyOTMt
YTQ5N2I4Y2JmMTc3LzEvaWJHOHMtdU5nOGlXM0VjZGVuQlZOMGEwR09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9jYjZmN2UtZTNiOC00ZDBjLTgyOTMtYTQ5N2I4Y2JmMTc3
LzEvRFkwODdUTGpZUHpVYkJZMVZ0NG9xaWdrc1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgO7gAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAm8YU89pHW60nuCOPkPzjHXEKoYlgihLGNdbVa
GOHaQJ7611GytQF0Sm/YjZ30RLsw1uUm/GWMBe9gxI/KNEDJA5Xc8kqgpglBqx/2
i66o/nlU1AOIueOSU9zw2Kzg78MRAdO5L0DX1/DZ7DAgOKi3MhtjhQNjmYP0jL4D
LQvFpO/jgDA0woRhB3+hC+hxNr45bRlER2fJOMHkVasphQf6XMgQTUfyswFofWhu
eY3I7Xts/3ha5Sb0PH8Ohbk0oY96xGs/vicgIEpJbYjrtfiGXEoyr/0H04u5ANuO
Q0wFTj57h/+qWC6tqZwJxGdWs8Ugo6YdwzLKDVw/ZmPMD2xf
-----END CERTIFICATE-----