Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/HIaBGvmxdnBLgd35agLSA4bkubM.roa
File:                     HIaBGvmxdnBLgd35agLSA4bkubM.roa (raw, json)
Hash identifier:          i0iDI6axXMfE17qcVLg1zq6ssI2uwAR7lVjpfhI0sp0=
Subject key identifier:   1C:86:81:1A:F9:B1:76:70:4B:81:DD:F9:6A:02:D2:03:86:E4:B9:B3
Certificate issuer:       /CN=3ee770f47fd903925d80ac58e05e076f3baa110b
Certificate serial:       0196637F02DC653A96BD44DD939DF5CD5619
Authority key identifier: 3E:E7:70:F4:7F:D9:03:92:5D:80:AC:58:E0:5E:07:6F:3B:AA:11:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/HIaBGvmxdnBLgd35agLSA4bkubM.roa
Signing time:             Wed 23 Apr 2025 16:33:10 +0000
ROA not before:           Wed 23 Apr 2025 16:33:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205235
IP address blocks:        2a00:fbe4:1ab::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 10:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:63:7f:02:dc:65:3a:96:bd:44:dd:93:9d:f5:cd:56:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee770f47fd903925d80ac58e05e076f3baa110b
        Validity
            Not Before: Apr 23 16:33:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c86811af9b176704b81ddf96a02d20386e4b9b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d2:29:d4:11:f9:83:21:12:17:07:5f:1a:13:
                    19:94:67:11:60:05:39:f5:22:c0:4c:b0:c9:9b:59:
                    77:30:63:38:c1:ff:4f:fd:a6:72:4c:7a:18:c0:a4:
                    e1:f4:dd:78:75:bb:74:ae:b9:79:ab:aa:40:28:e5:
                    b7:dd:5a:dc:34:ec:50:26:25:14:8b:d1:a6:db:19:
                    b3:14:ce:15:44:c2:75:32:32:a6:d9:35:3d:bd:be:
                    bf:ff:71:c5:64:67:36:3a:7d:a5:91:60:ee:79:5b:
                    4b:ab:e5:34:d4:8b:91:3c:14:7d:03:25:7d:05:57:
                    3c:a2:99:42:f9:a5:d8:8e:ea:7c:f4:f0:a1:04:50:
                    cb:42:1f:c3:f4:2d:f8:26:77:69:52:22:ae:c4:2d:
                    a1:e9:68:20:48:87:e6:c0:c1:f2:66:e3:89:a6:b1:
                    cf:5d:c2:c8:1e:39:24:9f:cb:a9:39:b7:b0:78:a4:
                    46:c1:0d:80:42:f6:74:85:ba:16:53:b9:1b:e5:e8:
                    07:4e:0f:47:00:05:88:60:38:bf:57:8f:fc:07:62:
                    cd:78:5b:d5:e3:1c:75:43:3c:58:c4:b3:66:44:b3:
                    fc:98:15:de:81:87:22:35:e3:9e:d4:c5:c8:1a:29:
                    aa:1b:37:c8:6a:04:3f:1c:fd:3f:d8:c9:bf:85:71:
                    73:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:86:81:1A:F9:B1:76:70:4B:81:DD:F9:6A:02:D2:03:86:E4:B9:B3
            X509v3 Authority Key Identifier:
                keyid:3E:E7:70:F4:7F:D9:03:92:5D:80:AC:58:E0:5E:07:6F:3B:AA:11:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/HIaBGvmxdnBLgd35agLSA4bkubM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:fbe4:1ab::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:41:50:c9:f4:bc:37:26:82:d6:73:2f:3d:4d:6d:c7:d1:67:
         b2:9b:45:ac:3c:43:2c:ae:6c:8b:ff:85:56:fb:36:15:33:e5:
         e1:6e:8f:3a:97:39:f0:1f:75:58:9c:58:b8:c7:64:7b:49:c2:
         a5:ac:f1:38:93:90:16:26:e3:a0:d5:d4:68:4b:e7:cc:36:73:
         d0:4f:bb:e9:1c:4d:a7:82:88:a4:25:1c:83:cf:96:a5:84:76:
         db:40:4c:42:7f:67:cc:4c:58:9e:83:8d:07:54:12:48:1d:60:
         6c:66:15:ce:a2:19:5a:e2:71:50:4e:52:f4:d5:31:87:14:74:
         1e:03:89:4d:1c:f5:4e:21:cd:54:f1:16:8f:ee:ae:2b:99:44:
         3d:2b:27:b7:50:87:63:db:9b:e8:61:47:d2:df:60:2b:9e:53:
         23:96:ef:90:22:f1:28:57:c5:98:6a:9a:2a:bf:38:db:9a:47:
         e4:56:67:45:eb:4e:15:c8:38:de:70:c1:9d:fa:19:6a:37:7d:
         99:78:2c:09:21:25:a2:7d:10:95:45:ca:a3:91:39:02:a1:0a:
         f0:a6:df:81:3d:cb:91:89:43:d3:0d:a8:25:d7:2c:fe:1e:1e:
         a9:ea:62:db:f8:2b:5a:db:78:ae:d5:95:e1:d1:ef:c5:c1:56:
         52:13:f7:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZjfwLcZTqWvUTdk531zVYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTc3MGY0N2ZkOTAzOTI1ZDgwYWM1OGUwNWUwNzZmM2Jh
YTExMGIwHhcNMjUwNDIzMTYzMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzg2ODExYWY5YjE3NjcwNGI4MWRkZjk2YTAyZDIwMzg2ZTRiOWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdIp1BH5gyESFwdfGhMZlGcRYAU5
9SLATLDJm1l3MGM4wf9P/aZyTHoYwKTh9N14dbt0rrl5q6pAKOW33VrcNOxQJiUU
i9Gm2xmzFM4VRMJ1MjKm2TU9vb6//3HFZGc2On2lkWDueVtLq+U01IuRPBR9AyV9
BVc8oplC+aXYjup89PChBFDLQh/D9C34JndpUiKuxC2h6WggSIfmwMHyZuOJprHP
XcLIHjkkn8upObeweKRGwQ2AQvZ0hboWU7kb5egHTg9HAAWIYDi/V4/8B2LNeFvV
4xx1QzxYxLNmRLP8mBXegYciNeOe1MXIGimqGzfIagQ/HP0/2Mm/hXFzWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFByGgRr5sXZwS4Hd+WoC0gOG5LmzMB8GA1UdIwQY
MBaAFD7ncPR/2QOSXYCsWOBeB287qhELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHVkdzlIX1pBNUpkZ0t4WTRGNEhienVxRVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi80MzQzNDQtMzIzZS00OGY4LWFkZTIt
NjI0ZjgzNjgyMTY5LzEvSElhQkd2bXhkbkJMZ2QzNWFnTFNBNGJrdWJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi80MzQzNDQtMzIzZS00OGY4LWFkZTItNjI0ZjgzNjgyMTY5
LzEvUHVkdzlIX1pBNUpkZ0t4WTRGNEhienVxRVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgD75AGr
MA0GCSqGSIb3DQEBCwUAA4IBAQCnQVDJ9Lw3JoLWcy89TW3H0Weym0WsPEMsrmyL
/4VW+zYVM+Xhbo86lznwH3VYnFi4x2R7ScKlrPE4k5AWJuOg1dRoS+fMNnPQT7vp
HE2ngoikJRyDz5alhHbbQExCf2fMTFieg40HVBJIHWBsZhXOohla4nFQTlL01TGH
FHQeA4lNHPVOIc1U8RaP7q4rmUQ9Kye3UIdj25voYUfS32ArnlMjlu+QIvEoV8WY
apoqvzjbmkfkVmdF604VyDjecMGd+hlqN32ZeCwJISWifRCVRcqjkTkCoQrwpt+B
PcuRiUPTDagl1yz+Hh6p6mLb+Cta23iu1ZXh0e/FwVZSE/dG
-----END CERTIFICATE-----