Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/076d37-4ab4-4ec3-a4b0-524025e13202/1/ntHtztrMmkHjlQm-nR0AF_-ZVFE.roa
File:                     ntHtztrMmkHjlQm-nR0AF_-ZVFE.roa (raw, json)
Hash identifier:          Bf849e8DMlDt314X2PPaLUOxw5PYejhf50bcsgAnmcU=
Subject key identifier:   9E:D1:ED:CE:DA:CC:9A:41:E3:95:09:BE:9D:1D:00:17:FF:99:54:51
Certificate issuer:       /CN=f8a2b605c58e0746aadc5bf0d7cbc36c9307f74d
Certificate serial:       0194D51A21ACC057077E78A0DD4420566C13
Authority key identifier: F8:A2:B6:05:C5:8E:07:46:AA:DC:5B:F0:D7:CB:C3:6C:93:07:F7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-KK2BcWOB0aq3Fvw18vDbJMH900.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/076d37-4ab4-4ec3-a4b0-524025e13202/1/ntHtztrMmkHjlQm-nR0AF_-ZVFE.roa
Signing time:             Wed 05 Feb 2025 07:54:07 +0000
ROA not before:           Wed 05 Feb 2025 07:54:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204048
IP address blocks:        2a0b:a8c0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/076d37-4ab4-4ec3-a4b0-524025e13202/1/1-KK2BcWOB0aq3Fvw18vDbJMH900.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/076d37-4ab4-4ec3-a4b0-524025e13202/1/1-KK2BcWOB0aq3Fvw18vDbJMH900.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-KK2BcWOB0aq3Fvw18vDbJMH900.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 19:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d5:1a:21:ac:c0:57:07:7e:78:a0:dd:44:20:56:6c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8a2b605c58e0746aadc5bf0d7cbc36c9307f74d
        Validity
            Not Before: Feb  5 07:54:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ed1edcedacc9a41e39509be9d1d0017ff995451
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fa:f9:7f:49:06:57:f5:5e:16:69:e4:ff:71:
                    7a:ad:79:b2:f4:cc:d3:4a:c4:a3:06:71:ec:35:58:
                    bb:d9:df:6e:60:81:64:f0:5f:93:e9:8c:3a:38:1a:
                    09:88:55:8b:3d:5d:a2:16:8c:d1:d9:6c:a6:bb:10:
                    e7:ea:1f:fb:e3:20:01:94:da:a6:3d:72:b3:83:1c:
                    de:e8:9d:47:09:9d:dc:54:04:58:69:ed:f3:1c:a6:
                    6f:b1:1c:d6:7e:c9:81:ee:5e:f7:b3:0f:4f:1d:83:
                    29:63:ba:fd:7d:35:7a:25:cc:4e:ef:32:df:1b:dc:
                    1f:5e:53:00:76:43:e1:27:44:e1:c1:f7:11:34:3a:
                    71:be:88:20:59:c5:a6:d7:ce:63:9f:e0:1f:74:90:
                    49:9c:a7:2f:74:5c:5a:3f:66:6e:66:ab:2c:63:ab:
                    7f:f3:23:4b:ba:e2:b9:52:df:e6:66:46:af:83:8b:
                    29:cf:06:bc:6c:52:84:14:5b:68:5a:eb:7f:c0:0d:
                    04:11:72:4b:9e:6b:8a:00:51:87:08:31:0c:df:7a:
                    8b:78:54:69:1c:29:12:ed:e5:71:5b:92:c9:81:e9:
                    78:83:19:7c:ee:cb:4b:b8:c5:bc:41:1f:7a:9e:19:
                    fb:dc:b3:e5:b1:d3:23:0b:48:bf:0d:b0:3e:4d:ff:
                    b5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D1:ED:CE:DA:CC:9A:41:E3:95:09:BE:9D:1D:00:17:FF:99:54:51
            X509v3 Authority Key Identifier:
                keyid:F8:A2:B6:05:C5:8E:07:46:AA:DC:5B:F0:D7:CB:C3:6C:93:07:F7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KK2BcWOB0aq3Fvw18vDbJMH900.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/076d37-4ab4-4ec3-a4b0-524025e13202/1/ntHtztrMmkHjlQm-nR0AF_-ZVFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/076d37-4ab4-4ec3-a4b0-524025e13202/1/1-KK2BcWOB0aq3Fvw18vDbJMH900.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a8c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:28:2a:de:e6:93:3f:92:1e:da:a5:30:d7:0c:33:9b:c4:f9:
         e6:73:ae:1e:5a:5a:79:55:37:e0:54:31:bc:db:f1:34:e3:9f:
         7a:4b:1b:4a:6a:a5:f9:bd:90:37:60:9b:ef:a1:04:1e:b7:68:
         44:dd:74:0c:42:74:96:b2:3f:1b:02:70:a3:3e:1c:61:b7:f0:
         cf:de:45:50:b1:e0:93:89:b9:d9:0d:a2:17:ce:f7:c8:c9:8a:
         b3:6c:2b:52:51:62:63:a8:5f:d7:3b:0a:7b:0e:c4:b6:8c:5f:
         3a:94:a0:45:4d:59:b3:90:30:49:34:fd:5a:89:3e:e7:e7:b6:
         df:43:c9:de:30:e0:8d:c5:69:d5:9c:94:30:ae:a4:c8:9f:d5:
         4c:85:0e:4e:4b:49:76:69:22:dd:2f:b5:60:3c:6b:15:02:65:
         80:47:23:4b:2b:ec:75:c1:fd:ec:75:54:f4:c5:97:b4:5c:b4:
         ec:bc:b2:a8:b2:c5:11:c4:56:04:ca:bb:c8:1a:72:30:30:56:
         63:51:0d:8a:85:99:46:53:d8:10:6c:ab:41:1c:fe:83:9d:b1:
         39:9e:19:83:9f:7e:1a:60:9c:bc:56:ca:2f:ca:f5:a3:1b:82:
         93:5b:cb:98:c1:e2:1c:5d:8e:bd:36:32:9c:e1:82:d5:b7:95:
         c4:f5:d1:e3
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZTVGiGswFcHfnig3UQgVmwTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTJiNjA1YzU4ZTA3NDZhYWRjNWJmMGQ3Y2JjMzZjOTMw
N2Y3NGQwHhcNMjUwMjA1MDc1NDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQxZWRjZWRhY2M5YTQxZTM5NTA5YmU5ZDFkMDAxN2ZmOTk1NDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/r5f0kGV/VeFmnk/3F6rXmy9MzT
SsSjBnHsNVi72d9uYIFk8F+T6Yw6OBoJiFWLPV2iFozR2WymuxDn6h/74yABlNqm
PXKzgxze6J1HCZ3cVARYae3zHKZvsRzWfsmB7l73sw9PHYMpY7r9fTV6JcxO7zLf
G9wfXlMAdkPhJ0ThwfcRNDpxvoggWcWm185jn+AfdJBJnKcvdFxaP2ZuZqssY6t/
8yNLuuK5Ut/mZkavg4spzwa8bFKEFFtoWut/wA0EEXJLnmuKAFGHCDEM33qLeFRp
HCkS7eVxW5LJgel4gxl87stLuMW8QR96nhn73LPlsdMjC0i/DbA+Tf+1eQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFJ7R7c7azJpB45UJvp0dABf/mVRRMB8GA1UdIwQY
MBaAFPiitgXFjgdGqtxb8NfLw2yTB/dNMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LSzJCY1dPQjBhcTNGdncxOHZEYkpNSDkwMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvMDc2ZDM3LTRhYjQtNGVjMy1hNGIw
LTUyNDAyNWUxMzIwMi8xL250SHR6dHJNbWtIamxRbS1uUjBBRl8tWlZGRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWIvMDc2ZDM3LTRhYjQtNGVjMy1hNGIwLTUyNDAyNWUxMzIw
Mi8xLzEtS0syQmNXT0IwYXEzRnZ3MTh2RGJKTUg5MDAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqC6jA
AAEwDQYJKoZIhvcNAQELBQADggEBAIooKt7mkz+SHtqlMNcMM5vE+eZzrh5aWnlV
N+BUMbzb8TTjn3pLG0pqpfm9kDdgm++hBB63aETddAxCdJayPxsCcKM+HGG38M/e
RVCx4JOJudkNohfO98jJirNsK1JRYmOoX9c7CnsOxLaMXzqUoEVNWbOQMEk0/VqJ
Pufntt9Dyd4w4I3FadWclDCupMif1UyFDk5LSXZpIt0vtWA8axUCZYBHI0sr7HXB
/ex1VPTFl7RctOy8sqiyxRHEVgTKu8gacjAwVmNRDYqFmUZT2BBsq0Ec/oOdsTme
GYOffhpgnLxWyi/K9aMbgpNby5jB4hxdjr02MpzhgtW3lcT10eM=
-----END CERTIFICATE-----