Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/q36KB3psJEdwM9htMyeD7v_JoOg.roa
File:                     q36KB3psJEdwM9htMyeD7v_JoOg.roa (raw, json)
Hash identifier:          TalVhq3AmB2TIBAEtWkTlS4vjvUd3V9bg1ZpQQHry4s=
Subject key identifier:   AB:7E:8A:07:7A:6C:24:47:70:33:D8:6D:33:27:83:EE:FF:C9:A0:E8
Certificate issuer:       /CN=dce1b25fd91b5fbc1ffb1218c67ed558ae778c04
Certificate serial:       0196C8FB64ECB871694ADFEC8A169546827B
Authority key identifier: DC:E1:B2:5F:D9:1B:5F:BC:1F:FB:12:18:C6:7E:D5:58:AE:77:8C:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3OGyX9kbX7wf-xIYxn7VWK53jAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/q36KB3psJEdwM9htMyeD7v_JoOg.roa
Signing time:             Tue 13 May 2025 09:30:40 +0000
ROA not before:           Tue 13 May 2025 09:30:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47773
IP address blocks:        2a10:8dc0::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/3OGyX9kbX7wf-xIYxn7VWK53jAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/3OGyX9kbX7wf-xIYxn7VWK53jAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3OGyX9kbX7wf-xIYxn7VWK53jAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:fb:64:ec:b8:71:69:4a:df:ec:8a:16:95:46:82:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dce1b25fd91b5fbc1ffb1218c67ed558ae778c04
        Validity
            Not Before: May 13 09:30:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab7e8a077a6c24477033d86d332783eeffc9a0e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6d:33:cd:12:6e:b1:02:ab:e6:4c:2a:c1:1e:
                    24:bb:1f:50:90:37:80:6d:bf:9a:11:68:42:c4:ff:
                    0d:f5:3c:67:d3:6f:8f:aa:a0:34:6a:a9:d6:a0:ab:
                    67:ae:56:f4:7f:e6:5c:fd:9d:62:85:72:69:e0:a3:
                    db:12:57:0b:e0:06:ef:e4:3c:3e:69:90:69:55:06:
                    10:49:cb:e7:54:6f:c5:9a:f6:56:4e:f3:96:0b:7a:
                    df:81:18:e8:f9:55:de:ae:56:9b:b3:97:1c:d7:ee:
                    3f:4d:87:2d:11:0d:ad:cc:02:7d:df:8a:2d:9b:68:
                    0c:87:98:37:c8:20:39:93:88:60:92:28:55:1c:60:
                    d9:b7:e0:85:12:d5:2a:ed:8b:a6:65:d3:37:1c:3b:
                    12:92:9b:fb:1d:0e:04:c2:d5:fe:6a:e6:e8:3d:f6:
                    b8:18:c4:08:51:1d:c0:1c:4c:20:64:a8:47:04:0a:
                    03:f1:d7:3b:f9:6b:54:0f:9c:3a:a4:78:33:31:d9:
                    b7:be:48:bd:0b:5d:34:16:42:c3:5e:30:28:59:53:
                    1a:a9:c0:b5:b4:8e:70:7a:a6:15:0a:e4:9d:00:24:
                    e1:f7:35:37:e7:72:0d:4e:6d:33:69:ee:3f:ed:3f:
                    fb:4b:f5:e8:f0:8d:78:42:14:cd:ec:b9:2b:ea:87:
                    41:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:7E:8A:07:7A:6C:24:47:70:33:D8:6D:33:27:83:EE:FF:C9:A0:E8
            X509v3 Authority Key Identifier:
                keyid:DC:E1:B2:5F:D9:1B:5F:BC:1F:FB:12:18:C6:7E:D5:58:AE:77:8C:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3OGyX9kbX7wf-xIYxn7VWK53jAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/q36KB3psJEdwM9htMyeD7v_JoOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/3OGyX9kbX7wf-xIYxn7VWK53jAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:8dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:a9:e8:ee:21:d0:b1:10:2a:cb:49:f0:db:2c:cd:a9:45:47:
         ce:76:45:d9:3d:e7:44:64:2f:99:5a:ae:c9:38:dc:9f:ae:8c:
         c2:19:02:98:18:40:2d:82:19:d4:c5:b5:69:9b:87:83:e7:d3:
         e9:f2:17:fa:8c:db:2a:75:d8:3c:00:85:b6:a9:73:c8:68:a8:
         af:ca:43:5f:80:d7:c7:d1:0c:35:17:eb:92:fe:dc:0a:d2:8b:
         b2:60:0d:4a:20:3a:66:d6:41:59:5e:97:9b:f9:01:63:6d:b8:
         6c:be:30:04:52:09:da:34:c3:07:81:6a:8e:0f:81:68:6a:63:
         04:c0:65:85:95:f0:e9:8b:cd:59:4a:da:5e:46:41:83:55:ca:
         59:b6:f8:88:85:a4:84:1d:1c:ef:03:68:4c:b8:4e:44:d2:cc:
         55:50:55:fd:31:c9:ef:23:c6:d2:5c:97:68:a9:87:ba:6b:e7:
         af:ac:a6:a4:35:ff:ce:7b:6c:66:40:43:5d:80:43:1a:48:8b:
         03:18:b8:bd:08:1f:a1:ba:a5:eb:04:b2:1c:2e:23:fa:9b:56:
         c1:03:1e:ea:d4:b9:66:33:e2:93:b1:85:1c:69:fa:b0:7e:ef:
         2f:0f:92:90:92:1c:4e:a8:82:1f:82:fb:13:04:68:62:85:db:
         9f:87:bf:a8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZbI+2TsuHFpSt/sihaVRoJ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZTFiMjVmZDkxYjVmYmMxZmZiMTIxOGM2N2VkNTU4YWU3
NzhjMDQwHhcNMjUwNTEzMDkzMDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjdlOGEwNzdhNmMyNDQ3NzAzM2Q4NmQzMzI3ODNlZWZmYzlhMGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoG0zzRJusQKr5kwqwR4kux9QkDeA
bb+aEWhCxP8N9Txn02+PqqA0aqnWoKtnrlb0f+Zc/Z1ihXJp4KPbElcL4Abv5Dw+
aZBpVQYQScvnVG/FmvZWTvOWC3rfgRjo+VXerlabs5cc1+4/TYctEQ2tzAJ934ot
m2gMh5g3yCA5k4hgkihVHGDZt+CFEtUq7YumZdM3HDsSkpv7HQ4EwtX+auboPfa4
GMQIUR3AHEwgZKhHBAoD8dc7+WtUD5w6pHgzMdm3vki9C100FkLDXjAoWVMaqcC1
tI5weqYVCuSdACTh9zU353INTm0zae4/7T/7S/Xo8I14QhTN7Lkr6odB0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKt+igd6bCRHcDPYbTMng+7/yaDoMB8GA1UdIwQY
MBaAFNzhsl/ZG1+8H/sSGMZ+1Viud4wEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM09HeVg5a2JYN3dmLXhJWXhuN1ZXSzUzakFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8zMjUyYzAtNTcyNS00NDlmLTkyYTEt
NjQzYmIyN2Y3ZmJmLzEvcTM2S0IzcHNKRWR3TTlodE15ZUQ3dl9Kb09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8zMjUyYzAtNTcyNS00NDlmLTkyYTEtNjQzYmIyN2Y3ZmJm
LzEvM09HeVg5a2JYN3dmLXhJWXhuN1ZXSzUzakFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhCNwDAN
BgkqhkiG9w0BAQsFAAOCAQEACano7iHQsRAqy0nw2yzNqUVHznZF2T3nRGQvmVqu
yTjcn66MwhkCmBhALYIZ1MW1aZuHg+fT6fIX+ozbKnXYPACFtqlzyGior8pDX4DX
x9EMNRfrkv7cCtKLsmANSiA6ZtZBWV6Xm/kBY224bL4wBFIJ2jTDB4Fqjg+BaGpj
BMBlhZXw6YvNWUraXkZBg1XKWbb4iIWkhB0c7wNoTLhORNLMVVBV/THJ7yPG0lyX
aKmHumvnr6ympDX/zntsZkBDXYBDGkiLAxi4vQgfobql6wSyHC4j+ptWwQMe6tS5
ZjPik7GFHGn6sH7vLw+SkJIcTqiCH4L7EwRoYoXbn4e/qA==
-----END CERTIFICATE-----