Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/sXeiXs9NThSJarWYdmbDOareR84.roa
File:                     sXeiXs9NThSJarWYdmbDOareR84.roa (raw, json)
Hash identifier:          8E8IelTcfcnUjoHcomwFc6Fdy9809IWQJJ0OZd6hORI=
Subject key identifier:   B1:77:A2:5E:CF:4D:4E:14:89:6A:B5:98:76:66:C3:39:AA:DE:47:CE
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       0196A630AE8E3827234D39A252AE5EE7E7E1
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/sXeiXs9NThSJarWYdmbDOareR84.roa
Signing time:             Tue 06 May 2025 15:22:10 +0000
ROA not before:           Tue 06 May 2025 15:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a0a:c0c4::/32 maxlen: 32
                          2a11:6bc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a6:30:ae:8e:38:27:23:4d:39:a2:52:ae:5e:e7:e7:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: May  6 15:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b177a25ecf4d4e14896ab5987666c339aade47ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:78:11:f2:7f:a6:6b:5d:38:db:62:2b:c7:3f:
                    cd:97:ed:2f:0a:7b:99:a5:c4:05:59:4f:33:b1:75:
                    3e:5d:53:45:0b:6f:fa:d0:14:d8:90:50:e3:49:f7:
                    7e:3c:01:c0:3d:77:83:fb:d4:49:58:5e:44:ba:ef:
                    21:ad:ff:a7:0a:c2:b6:6a:3c:29:b0:49:23:f4:67:
                    44:b6:b4:b4:e3:39:8c:59:04:51:4f:6e:44:c2:16:
                    21:15:d7:e5:4a:d6:3b:8e:d6:0b:5c:a8:5b:ff:ed:
                    c7:01:d6:b1:9e:57:c1:fd:6a:f8:02:3c:0a:96:20:
                    f1:a6:f4:49:12:99:1c:f9:dd:1f:b9:57:65:ec:21:
                    83:02:48:11:97:2e:d3:67:23:65:62:ef:c4:38:b1:
                    07:bd:19:04:06:11:08:6b:b7:d9:6f:d3:00:83:df:
                    ac:68:2d:e8:2b:71:2f:b3:d7:dd:8b:39:e6:23:4e:
                    a2:b0:c2:a8:2d:46:34:b9:ec:fb:27:5b:81:49:78:
                    6e:8d:7b:88:56:28:12:fc:ae:80:92:17:0e:bd:4e:
                    a4:8a:73:76:8a:8c:2c:da:9d:f3:ba:d5:a9:f7:b6:
                    44:8f:94:05:da:e1:eb:da:0b:6f:c7:ab:3f:da:bb:
                    0f:5e:fe:c9:57:5b:67:d0:07:21:c3:64:41:70:dc:
                    9e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:77:A2:5E:CF:4D:4E:14:89:6A:B5:98:76:66:C3:39:AA:DE:47:CE
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/sXeiXs9NThSJarWYdmbDOareR84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:c0c4::/32
                  2a11:6bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:eb:fa:5c:a1:27:40:36:88:c8:c3:79:8d:18:b8:49:e2:bf:
         c8:a6:38:ee:7f:b0:f6:7c:7a:4d:ba:ef:a0:0c:7d:90:db:50:
         d3:ff:8c:cb:c4:98:8f:60:c1:b2:d1:bc:72:90:7d:f0:1c:d9:
         a7:68:35:d5:86:e2:8f:28:e6:6f:e7:00:eb:ff:d8:58:66:6a:
         9b:81:23:ed:d3:bb:ef:6b:45:a3:01:cd:73:9b:c3:c7:ff:53:
         a7:7e:5a:7b:ce:a7:1b:eb:27:0e:23:c1:dd:b5:94:50:19:87:
         59:57:ad:f5:82:f3:9b:db:72:a2:84:7d:4e:c9:d0:36:1a:62:
         3c:08:c4:0d:cc:bf:5b:6a:1d:6e:2e:1d:c4:0f:69:b3:42:3c:
         7a:da:0a:2f:b9:ca:65:b6:04:26:a9:aa:8f:15:a0:4a:f9:6e:
         8b:22:f8:c3:a7:57:19:85:de:22:8d:cb:51:f7:35:9c:87:e7:
         38:29:f1:e1:02:e0:84:e1:10:dc:10:b5:78:3a:08:c3:cf:55:
         f6:9e:48:0c:3e:7a:48:0e:35:9c:46:32:24:66:74:be:2b:5d:
         ec:9e:90:44:09:ed:f1:fc:e5:48:6a:3f:dd:00:2b:c1:95:71:
         aa:5b:1e:dd:57:85:f4:16:d3:27:4e:82:0f:1b:2c:10:18:7e:
         68:71:a9:bc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZamMK6OOCcjTTmiUq5e5+fhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjUwNTA2MTUyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTc3YTI1ZWNmNGQ0ZTE0ODk2YWI1OTg3NjY2YzMzOWFhZGU0N2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyngR8n+ma10422Irxz/Nl+0vCnuZ
pcQFWU8zsXU+XVNFC2/60BTYkFDjSfd+PAHAPXeD+9RJWF5Euu8hrf+nCsK2ajwp
sEkj9GdEtrS04zmMWQRRT25EwhYhFdflStY7jtYLXKhb/+3HAdaxnlfB/Wr4AjwK
liDxpvRJEpkc+d0fuVdl7CGDAkgRly7TZyNlYu/EOLEHvRkEBhEIa7fZb9MAg9+s
aC3oK3Evs9fdiznmI06isMKoLUY0uez7J1uBSXhujXuIVigS/K6AkhcOvU6kinN2
iows2p3zutWp97ZEj5QF2uHr2gtvx6s/2rsPXv7JV1tn0Achw2RBcNyeqQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLF3ol7PTU4UiWq1mHZmwzmq3kfOMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvc1hlaVhzOU5UaFNKYXJXWWRtYkRPYXJlUjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgrAxAMF
ACoRa8AwDQYJKoZIhvcNAQELBQADggEBAFvr+lyhJ0A2iMjDeY0YuEniv8imOO5/
sPZ8ek2676AMfZDbUNP/jMvEmI9gwbLRvHKQffAc2adoNdWG4o8o5m/nAOv/2Fhm
apuBI+3Tu+9rRaMBzXObw8f/U6d+WnvOpxvrJw4jwd21lFAZh1lXrfWC85vbcqKE
fU7J0DYaYjwIxA3Mv1tqHW4uHcQPabNCPHraCi+5ymW2BCapqo8VoEr5bosi+MOn
VxmF3iKNy1H3NZyH5zgp8eEC4IThENwQtXg6CMPPVfaeSAw+ekgONZxGMiRmdL4r
XeyekEQJ7fH85UhqP90AK8GVcapbHt1XhfQW0ydOgg8bLBAYfmhxqbw=
-----END CERTIFICATE-----