Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/tOO0wCCsZhrYKFKLclwQAV9CkIw.roa
File:                     tOO0wCCsZhrYKFKLclwQAV9CkIw.roa (raw, json)
Hash identifier:          /3PfNmjuHcOP5UraiPVT5/6ZtktLgHQ5qzLXjqG4ztk=
Subject key identifier:   B4:E3:B4:C0:20:AC:66:1A:D8:28:52:8B:72:5C:10:01:5F:42:90:8C
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0195F6E3F91554F41745D5E855BFC3C7B092
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/tOO0wCCsZhrYKFKLclwQAV9CkIw.roa
Signing time:             Wed 02 Apr 2025 14:24:50 +0000
ROA not before:           Wed 02 Apr 2025 14:24:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        2a0e:13c3::/32 maxlen: 32
                          2a0f:bb01::/32 maxlen: 32
                          2a11:641::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f6:e3:f9:15:54:f4:17:45:d5:e8:55:bf:c3:c7:b0:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Apr  2 14:24:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4e3b4c020ac661ad828528b725c10015f42908c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5d:44:0b:ce:4f:fe:8c:f6:b1:a7:c0:bc:ec:
                    7a:f8:92:4c:7d:a3:c1:c2:9f:5e:27:f3:f5:5f:11:
                    52:e6:54:48:5a:e5:e6:b0:c7:67:c4:10:72:a2:f0:
                    87:c1:01:34:77:bb:b4:89:8e:08:00:2a:4c:e3:5a:
                    bc:52:01:ce:4a:4b:fd:e8:ec:82:48:85:27:eb:78:
                    32:ae:d3:60:b0:e6:26:e5:e3:79:95:c6:a0:28:a4:
                    25:9a:49:8c:be:14:d7:84:7e:f5:cd:b4:b7:3d:29:
                    df:cc:ab:3e:2f:e5:9c:28:98:37:7f:7b:8f:7f:00:
                    96:58:3a:cd:68:08:f2:31:58:04:44:a7:7c:a6:db:
                    17:10:0b:fb:80:a6:3a:a3:e2:b1:4f:a3:47:6f:06:
                    78:e5:6f:c6:c9:5f:35:06:3f:81:ab:ee:5f:c7:4f:
                    20:d9:3b:d5:9f:e8:02:a9:40:a1:51:e3:35:24:46:
                    e1:4c:d4:a3:e8:b9:b6:7a:c9:be:a4:62:30:5e:a6:
                    ee:d2:ad:48:2f:d1:25:23:8d:ff:b3:0f:ac:70:21:
                    5c:db:49:51:6a:ba:e6:80:16:0f:79:e9:73:cb:23:
                    26:4e:d5:ca:e9:66:0c:0a:a1:35:a0:69:5a:ea:2f:
                    34:13:dc:59:92:c2:24:71:b5:5f:d6:10:51:ff:f2:
                    eb:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:E3:B4:C0:20:AC:66:1A:D8:28:52:8B:72:5C:10:01:5F:42:90:8C
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/tOO0wCCsZhrYKFKLclwQAV9CkIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:13c3::/32
                  2a0f:bb01::/32
                  2a11:641::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:65:21:06:7e:85:03:40:16:02:7b:e2:9b:a3:17:73:0c:73:
         b3:43:aa:a6:71:f8:69:df:32:81:af:13:b4:e5:37:ca:99:86:
         71:b8:d5:46:c3:f8:c5:41:91:3f:9c:a0:08:cc:be:d3:6f:68:
         a3:8a:a5:a1:ed:fa:99:92:ce:c6:c2:71:0c:49:a2:15:6b:0a:
         59:3c:ed:d9:6e:b2:60:bb:9e:bf:06:f0:b8:5a:cf:74:07:bc:
         4a:ed:34:d1:1f:cd:5d:6e:ed:23:33:92:96:f8:ff:1e:3f:20:
         bc:24:97:fe:c4:3c:bd:f3:33:3c:9b:c9:98:57:fa:6c:86:76:
         ec:b0:b2:3d:a9:51:33:7c:e3:4c:0e:d9:85:83:e5:b6:8d:d2:
         75:a2:f1:38:f6:f7:cd:bc:f7:47:ae:cb:01:57:23:8d:c0:9f:
         a3:f9:f9:51:3f:f0:51:99:b2:d9:b2:f1:12:e4:3f:11:fb:05:
         7b:38:ae:29:41:32:15:a6:f5:86:de:0c:d2:92:e5:5d:9d:b8:
         c2:ab:52:98:ef:aa:84:da:29:34:c4:a9:08:01:6c:aa:52:fe:
         e0:16:7a:8f:b6:9a:4e:d7:ab:9b:f3:f7:e9:92:83:29:0c:fe:
         04:95:0e:e7:74:52:01:d5:c4:2b:ac:48:a2:e9:cc:a3:64:9c:
         0c:f8:44:1e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZX24/kVVPQXRdXoVb/Dx7CSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNDAyMTQyNDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGUzYjRjMDIwYWM2NjFhZDgyODUyOGI3MjVjMTAwMTVmNDI5MDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul1EC85P/oz2safAvOx6+JJMfaPB
wp9eJ/P1XxFS5lRIWuXmsMdnxBByovCHwQE0d7u0iY4IACpM41q8UgHOSkv96OyC
SIUn63gyrtNgsOYm5eN5lcagKKQlmkmMvhTXhH71zbS3PSnfzKs+L+WcKJg3f3uP
fwCWWDrNaAjyMVgERKd8ptsXEAv7gKY6o+KxT6NHbwZ45W/GyV81Bj+Bq+5fx08g
2TvVn+gCqUChUeM1JEbhTNSj6Lm2esm+pGIwXqbu0q1IL9ElI43/sw+scCFc20lR
arrmgBYPeelzyyMmTtXK6WYMCqE1oGla6i80E9xZksIkcbVf1hBR//LrQQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLTjtMAgrGYa2ChSi3JcEAFfQpCMMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvdE9PMHdDQ3NaaHJZS0ZLTGNsd1FBVjlDa0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg4TwwMF
ACoPuwEDBQAqEQZBMA0GCSqGSIb3DQEBCwUAA4IBAQBTZSEGfoUDQBYCe+Kboxdz
DHOzQ6qmcfhp3zKBrxO05TfKmYZxuNVGw/jFQZE/nKAIzL7Tb2ijiqWh7fqZks7G
wnEMSaIVawpZPO3ZbrJgu56/BvC4Ws90B7xK7TTRH81dbu0jM5KW+P8ePyC8JJf+
xDy98zM8m8mYV/pshnbssLI9qVEzfONMDtmFg+W2jdJ1ovE49vfNvPdHrssBVyON
wJ+j+flRP/BRmbLZsvES5D8R+wV7OK4pQTIVpvWG3gzSkuVdnbjCq1KY76qE2ik0
xKkIAWyqUv7gFnqPtppO16ub8/fpkoMpDP4ElQ7ndFIB1cQrrEii6cyjZJwM+EQe
-----END CERTIFICATE-----