Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/dFDN-XA6JpGBZkHYDxNVO2s_Oxc.roa
File:                     dFDN-XA6JpGBZkHYDxNVO2s_Oxc.roa (raw, json)
Hash identifier:          plia5S39nNrwcKNX4FNbwHslUWBBGI1jOUjcil+qN+0=
Subject key identifier:   74:50:CD:F9:70:3A:26:91:81:66:41:D8:0F:13:55:3B:6B:3F:3B:17
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       0196644C16FCEF8DDCC781B7EE4A9CB95DD2
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/dFDN-XA6JpGBZkHYDxNVO2s_Oxc.roa
Signing time:             Wed 23 Apr 2025 20:17:10 +0000
ROA not before:           Wed 23 Apr 2025 20:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61400
IP address blocks:        2a0a:c0c2::/32 maxlen: 32
                          2a0e:c4c6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:64:4c:16:fc:ef:8d:dc:c7:81:b7:ee:4a:9c:b9:5d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Apr 23 20:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7450cdf9703a2691816641d80f13553b6b3f3b17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:56:fb:4e:16:07:88:5d:ed:75:f1:8d:36:44:
                    f0:c0:82:8e:cb:c1:98:ca:ab:02:02:d9:90:af:9d:
                    0a:04:ba:6d:f0:fa:ff:a9:be:95:d7:aa:47:8c:0d:
                    cc:8c:df:00:4f:a1:7c:d8:a0:9f:93:6d:e1:2a:75:
                    50:52:b6:92:db:7b:63:e5:29:97:79:4f:55:58:bd:
                    46:87:be:9a:28:eb:b8:07:df:fc:e3:04:e5:c4:cc:
                    e1:59:f9:2a:23:be:aa:08:45:63:58:32:c3:2e:49:
                    08:c1:5a:66:1d:9e:61:05:8b:05:46:2f:d5:c2:04:
                    f1:32:7a:22:25:4c:0c:b6:38:b1:1f:05:c6:ea:1b:
                    5d:f2:2a:81:24:81:2c:97:4c:7c:45:cf:c1:c5:3e:
                    04:1b:f6:5e:50:25:20:b1:14:a2:9d:97:c5:cd:da:
                    00:45:72:f6:b3:67:e7:ec:2e:59:f9:8c:c2:cd:b1:
                    47:fb:3a:cf:d4:ff:d0:36:32:f0:c8:c0:3c:d1:34:
                    74:cf:57:39:55:1a:2c:d1:c5:e7:45:be:4a:a6:0c:
                    7b:f1:50:92:dc:45:b3:ba:20:61:9f:c7:42:21:30:
                    73:22:58:90:07:4a:2e:8d:47:b2:a3:0a:84:e7:62:
                    a5:b1:50:3e:aa:84:2a:fd:dc:f4:62:02:0c:e8:2d:
                    1d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:50:CD:F9:70:3A:26:91:81:66:41:D8:0F:13:55:3B:6B:3F:3B:17
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/dFDN-XA6JpGBZkHYDxNVO2s_Oxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:c0c2::/32
                  2a0e:c4c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:37:b0:68:7c:08:f3:12:b8:fd:c0:8e:d3:da:04:e8:aa:08:
         0a:80:ac:44:58:d5:df:3f:bd:23:f1:f7:3d:e0:0e:30:29:f2:
         2a:e6:58:31:76:60:bf:10:d1:d5:45:e9:16:c4:05:cb:2b:e1:
         65:66:00:5c:fb:02:55:97:12:b5:99:46:64:60:54:48:cf:8a:
         5f:90:b5:9f:61:bc:89:74:85:24:fa:02:bd:66:c0:18:57:f0:
         28:d1:97:30:89:08:45:1b:f7:47:79:ac:89:f5:1f:18:bc:01:
         8b:43:a6:01:38:63:22:b5:6a:97:e7:04:2e:e0:9f:59:2f:3e:
         0c:42:54:30:f3:64:7a:3b:58:1d:ad:1e:3a:85:ec:6c:73:69:
         53:e9:e6:db:5e:f8:9b:ca:7b:55:b0:2c:7b:c5:aa:6a:cf:22:
         71:75:dd:cc:ef:a2:8e:28:4f:e0:fd:20:eb:9a:0e:90:9c:b4:
         11:af:79:b9:04:0d:c2:d4:46:06:b8:69:3f:67:a7:5d:fb:1e:
         f5:52:4e:1f:ba:bf:14:76:7c:68:da:12:44:dd:e6:df:73:ff:
         c8:cc:cb:c0:a6:cd:50:e0:c0:84:2a:8b:17:c5:8d:a1:f7:bc:
         3f:09:e3:28:37:0d:86:0c:42:05:bc:1b:87:cd:c7:dc:3e:f4:
         78:60:12:93
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZZkTBb8743cx4G37kqcuV3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjUwNDIzMjAxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDUwY2RmOTcwM2EyNjkxODE2NjQxZDgwZjEzNTUzYjZiM2YzYjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1b7ThYHiF3tdfGNNkTwwIKOy8GY
yqsCAtmQr50KBLpt8Pr/qb6V16pHjA3MjN8AT6F82KCfk23hKnVQUraS23tj5SmX
eU9VWL1Gh76aKOu4B9/84wTlxMzhWfkqI76qCEVjWDLDLkkIwVpmHZ5hBYsFRi/V
wgTxMnoiJUwMtjixHwXG6htd8iqBJIEsl0x8Rc/BxT4EG/ZeUCUgsRSinZfFzdoA
RXL2s2fn7C5Z+YzCzbFH+zrP1P/QNjLwyMA80TR0z1c5VRos0cXnRb5Kpgx78VCS
3EWzuiBhn8dCITBzIliQB0oujUeyowqE52KlsVA+qoQq/dz0YgIM6C0dcQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHRQzflwOiaRgWZB2A8TVTtrPzsXMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvZEZETi1YQTZKcEdCWmtIWUR4TlZPMnNfT3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgrAwgMF
ACoOxMYwDQYJKoZIhvcNAQELBQADggEBAD03sGh8CPMSuP3AjtPaBOiqCAqArERY
1d8/vSPx9z3gDjAp8irmWDF2YL8Q0dVF6RbEBcsr4WVmAFz7AlWXErWZRmRgVEjP
il+QtZ9hvIl0hST6Ar1mwBhX8CjRlzCJCEUb90d5rIn1Hxi8AYtDpgE4YyK1apfn
BC7gn1kvPgxCVDDzZHo7WB2tHjqF7GxzaVPp5tte+JvKe1WwLHvFqmrPInF13czv
oo4oT+D9IOuaDpCctBGvebkEDcLURga4aT9np137HvVSTh+6vxR2fGjaEkTd5t9z
/8jMy8CmzVDgwIQqixfFjaH3vD8J4yg3DYYMQgW8G4fNx9w+9HhgEpM=
-----END CERTIFICATE-----