Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/8lMp3upOjvKabeuPr8harlhhZMA.roa
File:                     8lMp3upOjvKabeuPr8harlhhZMA.roa (raw, json)
Hash identifier:          JfxQ8Tbw+NbKFbAKWvBY1hIKmCOOIiaKteB1BNHEjvw=
Subject key identifier:   F2:53:29:DE:EA:4E:8E:F2:9A:6D:EB:8F:AF:C8:5A:AE:58:61:64:C0
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       0196644C1764D9E8707E17F4F62B8009B6BF
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/8lMp3upOjvKabeuPr8harlhhZMA.roa
Signing time:             Wed 23 Apr 2025 20:17:10 +0000
ROA not before:           Wed 23 Apr 2025 20:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206873
IP address blocks:        2a0e:7f03::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:64:4c:17:64:d9:e8:70:7e:17:f4:f6:2b:80:09:b6:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Apr 23 20:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f25329deea4e8ef29a6deb8fafc85aae586164c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:fa:8f:ed:34:9e:d9:3a:b3:9e:0f:c1:9e:2f:
                    f9:22:5f:ee:f2:ad:5e:8f:4f:f7:24:e3:d0:ff:02:
                    76:d7:ca:06:21:c4:75:86:75:eb:42:a2:2f:96:52:
                    6d:37:07:e7:25:69:67:e7:2c:ba:29:fb:34:13:fd:
                    f3:88:e2:0d:18:26:43:94:45:76:4a:72:9d:16:a7:
                    21:8f:3d:d3:a1:68:f6:9e:18:e8:b8:1c:cb:74:3a:
                    a1:eb:ea:26:b3:17:f8:bb:f5:d8:2b:1a:58:bc:e8:
                    86:85:d0:7f:16:84:31:ba:ab:80:9f:79:58:af:c3:
                    54:85:90:f2:09:d9:25:5c:6b:58:1c:d7:42:2e:e0:
                    a6:f6:72:71:5c:a5:98:03:4c:48:19:88:7c:ce:72:
                    d5:02:19:91:3c:25:c0:ce:16:ba:23:84:12:de:d2:
                    4a:82:4f:16:3f:cd:83:cb:9b:76:6a:b7:75:26:fc:
                    5a:10:e2:cf:1e:27:e5:eb:7c:7d:b7:e9:0e:73:42:
                    c6:23:cf:59:92:5b:00:68:0c:1d:1b:f1:d2:f4:91:
                    f4:2d:4e:44:be:ea:00:7c:e2:78:34:2c:15:b2:8b:
                    b0:07:7d:d1:0a:f5:ed:be:ba:ce:54:c9:9c:94:6b:
                    0a:21:61:06:6d:65:6a:fc:51:19:af:f1:ff:7b:cf:
                    5c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:53:29:DE:EA:4E:8E:F2:9A:6D:EB:8F:AF:C8:5A:AE:58:61:64:C0
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/8lMp3upOjvKabeuPr8harlhhZMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7f03::/32

    Signature Algorithm: sha256WithRSAEncryption
         d5:eb:e3:30:14:44:29:e1:08:f5:b2:fe:c4:44:2b:78:c5:54:
         de:4e:88:63:17:90:93:03:c4:5a:2f:26:5f:7a:4b:9c:e3:17:
         41:5a:f7:eb:54:18:fe:9d:36:71:70:76:a0:a8:fb:82:db:b1:
         c8:15:94:49:f0:e2:71:d5:74:d9:98:00:25:08:98:99:13:a5:
         cb:c3:ca:82:88:35:9e:df:fb:ec:0c:dd:bc:90:9a:d2:0d:cc:
         ec:10:ca:d0:62:3e:3b:cc:ee:df:f9:2b:0c:55:cc:b6:46:56:
         93:3e:08:2f:17:39:69:6f:98:a8:86:a7:56:e6:16:de:f5:fe:
         6d:6f:6d:96:d7:ca:23:d8:91:32:9e:86:80:64:66:8b:99:33:
         27:35:4f:8a:c5:3e:b9:f9:c3:0f:16:14:6d:9e:de:16:02:ed:
         56:00:17:2a:6b:2f:2a:75:5a:88:34:85:49:43:1d:68:ef:6b:
         fa:e1:f4:08:f0:21:2f:c6:ca:1b:b5:01:90:18:a6:c2:39:31:
         9a:2c:43:72:51:46:fb:87:2a:d9:d5:17:b2:c6:c3:af:af:8c:
         16:43:8b:e6:51:44:30:5c:d1:b5:89:cd:13:04:57:18:9a:d7:
         9d:fc:3f:2d:e9:26:94:31:95:4c:5d:81:1a:de:08:3f:07:1e:
         5f:62:40:0e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZkTBdk2ehwfhf09iuACba/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjUwNDIzMjAxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjUzMjlkZWVhNGU4ZWYyOWE2ZGViOGZhZmM4NWFhZTU4NjE2NGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/qP7TSe2Tqzng/Bni/5Il/u8q1e
j0/3JOPQ/wJ218oGIcR1hnXrQqIvllJtNwfnJWln5yy6Kfs0E/3ziOINGCZDlEV2
SnKdFqchjz3ToWj2nhjouBzLdDqh6+omsxf4u/XYKxpYvOiGhdB/FoQxuquAn3lY
r8NUhZDyCdklXGtYHNdCLuCm9nJxXKWYA0xIGYh8znLVAhmRPCXAzha6I4QS3tJK
gk8WP82Dy5t2ard1JvxaEOLPHifl63x9t+kOc0LGI89ZklsAaAwdG/HS9JH0LU5E
vuoAfOJ4NCwVsouwB33RCvXtvrrOVMmclGsKIWEGbWVq/FEZr/H/e89cgQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPJTKd7qTo7ymm3rj6/IWq5YYWTAMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvOGxNcDN1cE9qdkthYmV1UHI4aGFybGhoWk1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5/AzAN
BgkqhkiG9w0BAQsFAAOCAQEA1evjMBREKeEI9bL+xEQreMVU3k6IYxeQkwPEWi8m
X3pLnOMXQVr361QY/p02cXB2oKj7gtuxyBWUSfDicdV02ZgAJQiYmROly8PKgog1
nt/77AzdvJCa0g3M7BDK0GI+O8zu3/krDFXMtkZWkz4ILxc5aW+YqIanVuYW3vX+
bW9tltfKI9iRMp6GgGRmi5kzJzVPisU+ufnDDxYUbZ7eFgLtVgAXKmsvKnVaiDSF
SUMdaO9r+uH0CPAhL8bKG7UBkBimwjkxmixDclFG+4cq2dUXssbDr6+MFkOL5lFE
MFzRtYnNEwRXGJrXnfw/LekmlDGVTF2BGt4IPwceX2JADg==
-----END CERTIFICATE-----