Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/ObPAzx9vpUSewz6yMRbiwqDj92c.roa
File:                     ObPAzx9vpUSewz6yMRbiwqDj92c.roa (raw, json)
Hash identifier:          Suax9ATaK3pYDGwH5LS+lZKVuglD1H0ACxKzg26DT6o=
Subject key identifier:   39:B3:C0:CF:1F:6F:A5:44:9E:C3:3E:B2:31:16:E2:C2:A0:E3:F7:67
Certificate issuer:       /CN=974661cb1c38e63bd78bd6b2b1d68686a5415bf5
Certificate serial:       01960F94C387990707C242956407CF3141E0
Authority key identifier: 97:46:61:CB:1C:38:E6:3B:D7:8B:D6:B2:B1:D6:86:86:A5:41:5B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l0Zhyxw45jvXi9aysdaGhqVBW_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/ObPAzx9vpUSewz6yMRbiwqDj92c.roa
Signing time:             Mon 07 Apr 2025 09:28:49 +0000
ROA not before:           Mon 07 Apr 2025 09:28:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198983
IP address blocks:        2a0e:b540:ffa1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/l0Zhyxw45jvXi9aysdaGhqVBW_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/l0Zhyxw45jvXi9aysdaGhqVBW_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l0Zhyxw45jvXi9aysdaGhqVBW_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:0f:94:c3:87:99:07:07:c2:42:95:64:07:cf:31:41:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=974661cb1c38e63bd78bd6b2b1d68686a5415bf5
        Validity
            Not Before: Apr  7 09:28:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39b3c0cf1f6fa5449ec33eb23116e2c2a0e3f767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:1a:1a:70:62:b6:20:b8:bd:e6:01:8e:0e:f3:
                    18:b7:78:de:3b:89:65:5e:7c:b0:e1:7e:a9:d9:be:
                    01:21:37:4b:f7:36:9f:f5:ce:b3:32:82:29:97:4c:
                    d9:6c:10:f7:9c:a8:8c:0f:cc:98:89:80:f9:c9:ec:
                    c2:93:4c:48:c3:33:39:35:72:8e:3a:db:2f:85:71:
                    fa:f6:33:cc:a2:03:3b:3b:8e:77:61:dc:41:ab:6e:
                    30:55:8e:67:98:e0:6e:8b:5b:3a:24:cf:35:f8:ef:
                    63:7c:cb:3f:7b:60:52:2a:de:4b:14:be:ba:3b:7c:
                    ad:84:cc:67:32:1f:bf:57:17:44:2e:11:51:c5:93:
                    1d:48:8d:d6:2c:af:8d:b5:61:67:95:3f:77:ff:ae:
                    ad:ba:ff:33:f8:a5:98:34:cf:d5:60:07:61:28:0f:
                    d0:6e:f0:74:4a:94:50:6e:4c:96:bd:94:4c:6c:ec:
                    f4:8c:d5:6f:a0:11:2e:05:ca:e0:c2:c9:4f:a1:10:
                    9a:eb:40:2c:45:7a:65:d0:d5:c4:9d:24:d2:15:7c:
                    59:61:e5:8d:b8:37:0c:4b:13:e5:06:51:58:20:2a:
                    87:56:b5:c3:ae:61:da:50:e0:2c:78:91:e9:41:b2:
                    de:44:ef:8f:5d:62:65:2c:5f:fe:ea:03:41:70:76:
                    06:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B3:C0:CF:1F:6F:A5:44:9E:C3:3E:B2:31:16:E2:C2:A0:E3:F7:67
            X509v3 Authority Key Identifier:
                keyid:97:46:61:CB:1C:38:E6:3B:D7:8B:D6:B2:B1:D6:86:86:A5:41:5B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l0Zhyxw45jvXi9aysdaGhqVBW_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/ObPAzx9vpUSewz6yMRbiwqDj92c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/l0Zhyxw45jvXi9aysdaGhqVBW_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b540:ffa1::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:fb:57:0b:e5:80:64:4c:12:8a:dc:d8:13:a1:79:8d:66:9f:
         98:ae:56:1f:7d:b3:3d:d3:49:31:a1:88:a9:53:d2:78:87:55:
         61:de:65:ab:b7:59:f7:81:5c:9d:89:e3:af:db:fb:b7:f1:ff:
         66:2b:05:18:a4:f6:ce:53:22:e2:42:94:56:1d:2f:27:e7:d4:
         c2:1e:7c:8a:b8:89:2d:8e:87:36:46:2f:99:91:88:cf:48:d6:
         2c:49:62:74:48:12:f5:49:ed:e8:f8:dd:f6:27:4a:57:e1:a0:
         95:02:f5:99:ce:25:bb:e3:19:d9:43:2e:23:ee:b3:21:e4:7d:
         1a:0b:c1:e4:ae:5d:6c:34:62:1e:70:de:27:50:83:23:a0:56:
         03:45:74:eb:a4:7d:6a:3e:7e:56:fd:fb:5a:2d:5c:5a:22:74:
         d7:4c:82:2c:31:cd:fc:01:14:c7:31:a5:bf:15:f7:52:0f:50:
         2a:2b:21:df:3a:75:fa:6d:d7:ea:16:21:71:21:23:f6:ca:61:
         8a:f9:ad:66:d3:59:4e:5d:32:02:7a:65:eb:d9:74:8a:b2:1e:
         62:23:a4:68:b8:da:23:ee:e0:1b:74:0f:49:cc:52:fe:d4:f6:
         6f:0f:29:80:a3:e7:c4:b5:71:13:37:66:6b:13:50:ea:8b:d0:
         a6:c1:72:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZYPlMOHmQcHwkKVZAfPMUHgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NDY2MWNiMWMzOGU2M2JkNzhiZDZiMmIxZDY4Njg2YTU0
MTViZjUwHhcNMjUwNDA3MDkyODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWIzYzBjZjFmNmZhNTQ0OWVjMzNlYjIzMTE2ZTJjMmEwZTNmNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BoacGK2ILi95gGODvMYt3jeO4ll
Xnyw4X6p2b4BITdL9zaf9c6zMoIpl0zZbBD3nKiMD8yYiYD5yezCk0xIwzM5NXKO
OtsvhXH69jPMogM7O453YdxBq24wVY5nmOBui1s6JM81+O9jfMs/e2BSKt5LFL66
O3ythMxnMh+/VxdELhFRxZMdSI3WLK+NtWFnlT93/66tuv8z+KWYNM/VYAdhKA/Q
bvB0SpRQbkyWvZRMbOz0jNVvoBEuBcrgwslPoRCa60AsRXpl0NXEnSTSFXxZYeWN
uDcMSxPlBlFYICqHVrXDrmHaUOAseJHpQbLeRO+PXWJlLF/+6gNBcHYGRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDmzwM8fb6VEnsM+sjEW4sKg4/dnMB8GA1UdIwQY
MBaAFJdGYcscOOY714vWsrHWhoalQVv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDBaaHl4dzQ1anZYaTlheXNkYUdocVZCV19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hMGJmM2UtMzY0NS00ZTE2LWJjYTkt
OGFkYWMxN2U5MGFlLzEvT2JQQXp4OXZwVVNld3o2eU1SYml3cURqOTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hMGJmM2UtMzY0NS00ZTE2LWJjYTktOGFkYWMxN2U5MGFl
LzEvbDBaaHl4dzQ1anZYaTlheXNkYUdocVZCV19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg61QP+h
MA0GCSqGSIb3DQEBCwUAA4IBAQDH+1cL5YBkTBKK3NgToXmNZp+YrlYffbM900kx
oYipU9J4h1Vh3mWrt1n3gVydieOv2/u38f9mKwUYpPbOUyLiQpRWHS8n59TCHnyK
uIktjoc2Ri+ZkYjPSNYsSWJ0SBL1Se3o+N32J0pX4aCVAvWZziW74xnZQy4j7rMh
5H0aC8Hkrl1sNGIecN4nUIMjoFYDRXTrpH1qPn5W/ftaLVxaInTXTIIsMc38ARTH
MaW/FfdSD1AqKyHfOnX6bdfqFiFxISP2ymGK+a1m01lOXTICemXr2XSKsh5iI6Ro
uNoj7uAbdA9JzFL+1PZvDymAo+fEtXETN2ZrE1Dqi9CmwXKy
-----END CERTIFICATE-----