Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/2SY-qe-5SBhHKk51B06H3d7WW8A.roa
File:                     2SY-qe-5SBhHKk51B06H3d7WW8A.roa (raw, json)
Hash identifier:          6/DIJ50Cnk+nITM4AUHonNPdQnw8AUu3PQWc0gDk/RE=
Subject key identifier:   D9:26:3E:A9:EF:B9:48:18:47:2A:4E:75:07:4E:87:DD:DE:D6:5B:C0
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0194B3B982432047EDCF98B16C625734F53A
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/2SY-qe-5SBhHKk51B06H3d7WW8A.roa
Signing time:             Wed 29 Jan 2025 20:21:06 +0000
ROA not before:           Wed 29 Jan 2025 20:21:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24750
IP address blocks:        2a05:4c00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b3:b9:82:43:20:47:ed:cf:98:b1:6c:62:57:34:f5:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jan 29 20:21:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9263ea9efb94818472a4e75074e87ddded65bc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:e3:76:a1:42:24:a1:8e:3f:27:32:96:3f:f6:
                    2b:c3:58:7a:67:04:e1:e3:60:6c:b9:4d:02:8f:f7:
                    a5:0e:fe:70:4a:65:df:35:5a:db:fc:ba:de:88:ee:
                    82:30:48:e6:50:4b:5f:4d:fa:d2:6d:1a:d3:34:7a:
                    f9:92:c5:f4:7a:2e:57:51:21:be:de:aa:8a:3d:87:
                    6b:28:b7:76:3d:93:b5:29:99:a8:b4:32:e4:2c:03:
                    2c:f8:2d:3e:81:ff:75:16:3e:55:b2:3d:f9:9f:33:
                    e6:6b:9f:3f:6b:38:c0:d0:4b:20:55:68:bd:17:f8:
                    8d:03:fe:6c:0a:f2:c4:f4:9e:c7:4d:5b:14:3e:10:
                    a7:c3:b1:19:19:1f:47:a9:30:38:da:ce:c0:78:87:
                    7a:08:28:f1:0c:6d:a5:39:fd:bf:5e:75:dd:64:9e:
                    27:1e:52:65:4f:7c:c0:54:ad:fe:b3:f6:b9:80:b0:
                    0a:14:03:48:87:b0:10:7e:16:94:45:da:94:f0:c8:
                    71:8d:50:ed:15:0e:50:3b:cd:b9:19:bc:23:80:27:
                    ee:c0:8f:24:45:b0:db:6c:36:31:50:97:4d:cb:2f:
                    89:27:49:a9:4a:ac:e2:59:89:bd:4f:34:70:ca:d0:
                    be:70:3c:67:7d:9f:c0:68:19:30:67:3f:6d:90:3c:
                    09:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:26:3E:A9:EF:B9:48:18:47:2A:4E:75:07:4E:87:DD:DE:D6:5B:C0
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/2SY-qe-5SBhHKk51B06H3d7WW8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:57:a0:54:4b:dd:49:47:cf:37:cb:17:04:af:4a:b9:f1:7b:
         ce:bb:05:54:e1:56:60:12:ee:41:85:9a:3c:c1:71:58:89:95:
         c0:f6:db:19:9f:8b:73:f4:9f:28:e7:ba:e3:09:f1:35:4d:b0:
         e3:1c:71:63:f8:57:8a:0d:5d:0e:05:25:30:a6:39:00:17:50:
         37:2e:9c:fe:f2:32:dd:48:36:e1:76:1a:ce:d8:85:fe:53:ba:
         15:04:57:18:61:32:55:2b:59:3f:84:45:f6:8a:1c:6d:4f:e3:
         5b:85:18:26:e8:fc:ae:f0:09:da:4a:4f:03:e5:3a:9f:c3:ee:
         a6:87:72:67:af:f8:e3:2d:3f:47:43:ed:0f:8f:99:c0:35:71:
         4f:80:d6:68:44:53:de:9a:80:15:db:f0:7c:a3:43:be:46:94:
         20:42:25:61:14:c1:60:cb:44:97:0a:1a:fa:d2:b1:44:99:3e:
         75:3e:5a:db:69:89:f9:fe:76:56:ed:74:e6:44:62:74:08:81:
         9b:00:2d:8e:c6:a1:04:26:8b:e6:04:70:f6:57:5e:11:d6:cc:
         f9:54:61:3c:20:77:0f:9a:2a:7a:f5:a3:8b:17:fd:a6:c8:ba:
         46:d8:d0:13:b9:f2:ab:5b:47:68:f6:ce:95:69:88:c9:86:f7:
         af:4e:54:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZSzuYJDIEftz5ixbGJXNPU6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwMTI5MjAyMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTI2M2VhOWVmYjk0ODE4NDcyYTRlNzUwNzRlODdkZGRlZDY1YmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7uN2oUIkoY4/JzKWP/Yrw1h6ZwTh
42BsuU0Cj/elDv5wSmXfNVrb/LreiO6CMEjmUEtfTfrSbRrTNHr5ksX0ei5XUSG+
3qqKPYdrKLd2PZO1KZmotDLkLAMs+C0+gf91Fj5Vsj35nzPma58/azjA0EsgVWi9
F/iNA/5sCvLE9J7HTVsUPhCnw7EZGR9HqTA42s7AeId6CCjxDG2lOf2/XnXdZJ4n
HlJlT3zAVK3+s/a5gLAKFANIh7AQfhaURdqU8MhxjVDtFQ5QO825GbwjgCfuwI8k
RbDbbDYxUJdNyy+JJ0mpSqziWYm9TzRwytC+cDxnfZ/AaBkwZz9tkDwJAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNkmPqnvuUgYRypOdQdOh93e1lvAMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvMlNZLXFlLTVTQmhIS2s1MUIwNkgzZDdXVzhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgVMADAN
BgkqhkiG9w0BAQsFAAOCAQEAkVegVEvdSUfPN8sXBK9KufF7zrsFVOFWYBLuQYWa
PMFxWImVwPbbGZ+Lc/SfKOe64wnxNU2w4xxxY/hXig1dDgUlMKY5ABdQNy6c/vIy
3Ug24XYaztiF/lO6FQRXGGEyVStZP4RF9oocbU/jW4UYJuj8rvAJ2kpPA+U6n8Pu
podyZ6/44y0/R0PtD4+ZwDVxT4DWaERT3pqAFdvwfKNDvkaUIEIlYRTBYMtElwoa
+tKxRJk+dT5a22mJ+f52Vu105kRidAiBmwAtjsahBCaL5gRw9ldeEdbM+VRhPCB3
D5oqevWjixf9psi6RtjQE7nyq1tHaPbOlWmIyYb3r05UEQ==
-----END CERTIFICATE-----