Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/bPQ6drZl2bvCnNM6nPyxMRTSEJI.roa
File:                     bPQ6drZl2bvCnNM6nPyxMRTSEJI.roa (raw, json)
Hash identifier:          YBLRIxZCgJpQTrl+i/fNwIe/l7A9rjWl745CEpyQQSM=
Subject key identifier:   6C:F4:3A:76:B6:65:D9:BB:C2:9C:D3:3A:9C:FC:B1:31:14:D2:10:92
Certificate issuer:       /CN=97ea541c123faa9c0edc729f829e959fd292e37d
Certificate serial:       01942368E923980D0DA6229DA1E6C83E6B68
Authority key identifier: 97:EA:54:1C:12:3F:AA:9C:0E:DC:72:9F:82:9E:95:9F:D2:92:E3:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/bPQ6drZl2bvCnNM6nPyxMRTSEJI.roa
Signing time:             Wed 01 Jan 2025 19:47:45 +0000
ROA not before:           Wed 01 Jan 2025 19:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43519
IP address blocks:        2a0d:9b80::/48 maxlen: 48
                          2a0d:9b80:1::/48 maxlen: 48
                          2a0d:9b80:fe::/48 maxlen: 48
                          2a0d:9b80:ff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:e9:23:98:0d:0d:a6:22:9d:a1:e6:c8:3e:6b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ea541c123faa9c0edc729f829e959fd292e37d
        Validity
            Not Before: Jan  1 19:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cf43a76b665d9bbc29cd33a9cfcb13114d21092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:eb:14:90:61:f2:31:30:a3:ac:e4:62:b6:29:
                    34:08:7c:aa:a9:3f:f1:e7:35:72:07:0e:c2:d5:e8:
                    88:d8:f8:d1:34:5e:bc:0f:8b:27:2a:e9:8e:77:f9:
                    1e:07:33:e8:1e:26:55:53:81:da:19:be:07:90:4d:
                    cc:06:1d:cf:8f:f6:8f:a0:d5:01:af:84:cb:95:d3:
                    5d:01:82:79:f9:5e:f5:28:5c:ed:6a:23:07:89:16:
                    2b:2a:f1:39:b2:a9:f0:d5:a4:23:ae:4b:05:5a:da:
                    e6:13:8f:d6:7a:3f:6f:79:fe:0e:bd:b4:11:95:ad:
                    ee:45:6e:78:0f:98:d0:a0:6e:73:83:79:72:a5:d7:
                    ee:ed:89:36:1e:d1:73:25:e6:e4:9b:15:3f:3d:56:
                    f9:fc:4e:c1:72:4d:06:91:77:bd:86:c4:48:95:fa:
                    36:2f:c5:20:34:f4:f1:f0:20:58:54:f1:74:54:e7:
                    1e:9e:ba:1e:20:e2:19:e5:8a:36:b6:4d:cf:3e:10:
                    29:a9:4b:58:f1:fa:b5:3a:e2:28:11:b3:4d:48:62:
                    51:65:f6:11:4b:89:3e:e0:b7:4e:09:3e:0c:de:d6:
                    38:1b:31:1e:2f:78:a4:6a:ef:f8:cd:33:6e:5e:3a:
                    b9:48:23:78:43:7d:83:d1:0c:73:13:da:e1:bb:2b:
                    46:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:F4:3A:76:B6:65:D9:BB:C2:9C:D3:3A:9C:FC:B1:31:14:D2:10:92
            X509v3 Authority Key Identifier:
                keyid:97:EA:54:1C:12:3F:AA:9C:0E:DC:72:9F:82:9E:95:9F:D2:92:E3:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/bPQ6drZl2bvCnNM6nPyxMRTSEJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:9b80::/47
                  2a0d:9b80:fe::/47

    Signature Algorithm: sha256WithRSAEncryption
         00:30:05:a8:e2:93:28:69:30:8b:16:33:f2:08:a0:58:24:7e:
         cb:2c:b5:42:1d:52:d5:98:7d:89:bf:ca:50:0e:b6:38:a6:9d:
         82:60:ce:f9:f0:84:33:c2:72:08:06:b8:33:55:1b:02:ef:dc:
         bf:d0:59:29:2b:42:6e:1b:8a:28:98:d1:14:6a:b5:28:64:38:
         30:94:86:3a:57:65:8d:86:00:92:d0:4b:f9:10:68:75:7e:64:
         49:86:49:a4:fd:f9:af:2b:a9:f9:58:e7:92:a5:b3:8d:f4:d2:
         d9:fd:6c:94:c7:83:eb:51:4f:e3:46:5d:2c:ca:48:0c:d8:b2:
         39:72:f2:e4:7f:ec:47:35:b3:7e:3d:2b:e8:27:15:16:93:96:
         57:34:b5:58:cf:16:d3:28:af:cd:dd:34:08:51:8e:2c:a2:19:
         00:6a:59:38:ee:c9:2c:d0:60:4b:c5:28:4a:c0:0f:14:19:3f:
         a8:8a:f4:fe:be:1e:2c:f5:88:b9:93:7d:78:44:f1:37:f0:c9:
         7b:7c:83:98:72:dc:2f:34:ac:09:ca:8d:8a:f9:e1:2f:66:5e:
         20:57:1d:fc:13:10:4b:23:21:7d:a2:d9:ec:5e:71:34:5a:6d:
         df:d1:1b:6f:11:89:1a:85:94:17:13:dd:6c:63:ec:92:06:20:
         69:48:f8:0f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjaOkjmA0NpiKdoebIPmtoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWE1NDFjMTIzZmFhOWMwZWRjNzI5ZjgyOWU5NTlmZDI5
MmUzN2QwHhcNMjUwMTAxMTk0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Y0M2E3NmI2NjVkOWJiYzI5Y2QzM2E5Y2ZjYjEzMTE0ZDIxMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OsUkGHyMTCjrORitik0CHyqqT/x
5zVyBw7C1eiI2PjRNF68D4snKumOd/keBzPoHiZVU4HaGb4HkE3MBh3Pj/aPoNUB
r4TLldNdAYJ5+V71KFztaiMHiRYrKvE5sqnw1aQjrksFWtrmE4/Wej9vef4OvbQR
la3uRW54D5jQoG5zg3lypdfu7Yk2HtFzJebkmxU/PVb5/E7Bck0GkXe9hsRIlfo2
L8UgNPTx8CBYVPF0VOcenroeIOIZ5Yo2tk3PPhApqUtY8fq1OuIoEbNNSGJRZfYR
S4k+4LdOCT4M3tY4GzEeL3ikau/4zTNuXjq5SCN4Q32D0QxzE9rhuytGZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGz0Ona2Zdm7wpzTOpz8sTEU0hCSMB8GA1UdIwQY
MBaAFJfqVBwSP6qcDtxyn4KelZ/SkuN9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC1wVUhCSV9xcHdPM0hLZmdwNlZuOUtTNDMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xMjE1NWMtY2QxMy00YWE3LTg5NDkt
NjM4ZGNmYTEzMDAzLzEvYlBRNmRyWmwyYnZDbk5NNm5QeXhNUlRTRUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xMjE1NWMtY2QxMy00YWE3LTg5NDktNjM4ZGNmYTEzMDAz
LzEvbC1wVUhCSV9xcHdPM0hLZmdwNlZuOUtTNDMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKg2bgAAA
AwcBKg2bgAD+MA0GCSqGSIb3DQEBCwUAA4IBAQAAMAWo4pMoaTCLFjPyCKBYJH7L
LLVCHVLVmH2Jv8pQDrY4pp2CYM758IQzwnIIBrgzVRsC79y/0FkpK0JuG4oomNEU
arUoZDgwlIY6V2WNhgCS0Ev5EGh1fmRJhkmk/fmvK6n5WOeSpbON9NLZ/WyUx4Pr
UU/jRl0sykgM2LI5cvLkf+xHNbN+PSvoJxUWk5ZXNLVYzxbTKK/N3TQIUY4sohkA
alk47sks0GBLxShKwA8UGT+oivT+vh4s9Yi5k314RPE38Ml7fIOYctwvNKwJyo2K
+eEvZl4gVx38ExBLIyF9otnsXnE0Wm3f0RtvEYkahZQXE91sY+ySBiBpSPgP
-----END CERTIFICATE-----