Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/aQCk6hvPoTmhPc0e5kydy3D8sWU.roa
File:                     aQCk6hvPoTmhPc0e5kydy3D8sWU.roa (raw, json)
Hash identifier:          6ETMfCfXE4+PmgEWBXrcFMAYtDdlxlq3pPGYTBG/KZ0=
Subject key identifier:   69:00:A4:EA:1B:CF:A1:39:A1:3D:CD:1E:E6:4C:9D:CB:70:FC:B1:65
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       01941FFA34BA790271A7A455A13F07814CC9
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/aQCk6hvPoTmhPc0e5kydy3D8sWU.roa
Signing time:             Wed 01 Jan 2025 03:47:58 +0000
ROA not before:           Wed 01 Jan 2025 03:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64404
IP address blocks:        2a05:2d01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:34:ba:79:02:71:a7:a4:55:a1:3f:07:81:4c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 03:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6900a4ea1bcfa139a13dcd1ee64c9dcb70fcb165
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:82:4a:fc:a0:48:71:4a:a1:7e:ea:23:8a:4f:
                    4f:ca:9f:e8:03:c4:3e:59:0f:25:da:06:0d:82:03:
                    78:18:b0:d5:f9:e2:84:85:b8:68:0e:90:8f:04:7c:
                    e7:19:ac:4d:db:33:96:81:3f:ce:0a:ee:35:72:7e:
                    89:ee:77:a8:12:d2:a3:3f:64:5f:db:a1:17:bc:64:
                    58:40:06:d9:f0:4f:89:3b:fa:0b:58:e0:ab:a1:e8:
                    15:a7:85:62:61:46:c7:5e:8d:d2:58:29:bd:ff:b7:
                    3c:10:2f:2e:64:d1:0e:60:95:1a:1e:80:d3:7e:3b:
                    5d:b6:44:f5:ca:ca:a4:2b:d4:f2:6d:03:7a:42:5d:
                    58:69:a2:b0:38:2d:7d:f6:f8:fd:9f:d1:4c:12:63:
                    5f:54:d8:69:8a:b8:26:31:56:bf:13:ce:8a:c6:39:
                    e5:4f:70:55:9b:4b:e3:0c:1d:60:b2:08:56:76:25:
                    c4:4c:ae:8c:4c:94:e5:39:54:e7:da:cd:e2:79:50:
                    5c:d1:15:84:28:f0:59:7f:55:ff:04:47:7f:4e:d4:
                    cc:c0:ba:66:c0:39:9c:1e:4b:3a:4b:b1:4d:27:99:
                    d7:c3:35:68:22:19:15:ff:d9:15:1e:f3:6c:e5:d5:
                    eb:0b:9c:1c:c0:a8:7a:7f:20:41:03:e9:8b:12:0e:
                    9e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:00:A4:EA:1B:CF:A1:39:A1:3D:CD:1E:E6:4C:9D:CB:70:FC:B1:65
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/aQCk6hvPoTmhPc0e5kydy3D8sWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:2d01::/32

    Signature Algorithm: sha256WithRSAEncryption
         63:af:22:ac:52:ff:38:04:69:ac:db:0b:6a:43:34:31:e7:30:
         88:80:80:93:9d:84:61:b3:93:b2:94:29:95:08:8c:21:79:68:
         6e:45:cd:a5:bf:2f:52:a4:a0:37:ee:42:fd:56:5c:b6:77:ad:
         09:17:90:22:7a:24:3e:cc:1e:73:87:ab:37:e0:7b:cc:1e:93:
         d4:b2:1a:12:68:54:52:7c:24:ca:d2:c1:5b:5b:ba:10:1f:ec:
         09:9c:2c:d4:bc:5e:5f:68:5e:9b:09:e4:c6:02:8d:c8:4c:e3:
         17:fb:e9:05:e5:e3:af:a4:0f:e6:e8:ee:cc:44:6c:72:de:72:
         18:ea:25:96:92:60:79:ed:27:44:32:02:77:65:f8:65:54:9d:
         b8:66:b7:63:83:e1:0e:ea:d2:eb:ab:a8:a4:75:36:2f:ba:91:
         59:e7:2b:6c:80:6f:0a:a4:9f:3f:94:31:e2:79:7b:59:ac:e6:
         33:32:60:2a:3e:03:71:ff:a5:a8:bf:c7:46:3f:5d:78:21:25:
         23:95:9a:fc:92:06:fe:83:fc:31:77:16:ef:73:73:a9:62:ff:
         ce:48:1a:51:44:ea:04:2c:35:84:1a:a6:8e:c1:25:91:ed:d2:
         ef:d3:e2:30:93:51:52:56:ab:d9:45:7a:16:8b:05:15:66:3a:
         a1:aa:03:60
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQf+jS6eQJxp6RVoT8HgUzJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjUwMTAxMDM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTAwYTRlYTFiY2ZhMTM5YTEzZGNkMWVlNjRjOWRjYjcwZmNiMTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34JK/KBIcUqhfuojik9Pyp/oA8Q+
WQ8l2gYNggN4GLDV+eKEhbhoDpCPBHznGaxN2zOWgT/OCu41cn6J7neoEtKjP2Rf
26EXvGRYQAbZ8E+JO/oLWOCroegVp4ViYUbHXo3SWCm9/7c8EC8uZNEOYJUaHoDT
fjtdtkT1ysqkK9TybQN6Ql1YaaKwOC199vj9n9FMEmNfVNhpirgmMVa/E86Kxjnl
T3BVm0vjDB1gsghWdiXETK6MTJTlOVTn2s3ieVBc0RWEKPBZf1X/BEd/TtTMwLpm
wDmcHks6S7FNJ5nXwzVoIhkV/9kVHvNs5dXrC5wcwKh6fyBBA+mLEg6e+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGkApOobz6E5oT3NHuZMnctw/LFlMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvYVFDazZodlBvVG1oUGMwZTVreWR5M0Q4c1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUtATAN
BgkqhkiG9w0BAQsFAAOCAQEAY68irFL/OARprNsLakM0MecwiICAk52EYbOTspQp
lQiMIXlobkXNpb8vUqSgN+5C/VZctnetCReQInokPswec4erN+B7zB6T1LIaEmhU
UnwkytLBW1u6EB/sCZws1LxeX2hemwnkxgKNyEzjF/vpBeXjr6QP5ujuzERsct5y
GOollpJgee0nRDICd2X4ZVSduGa3Y4PhDurS66uopHU2L7qRWecrbIBvCqSfP5Qx
4nl7WazmMzJgKj4Dcf+lqL/HRj9deCElI5Wa/JIG/oP8MXcW73NzqWL/zkgaUUTq
BCw1hBqmjsElke3S79PiMJNRUlar2UV6FosFFWY6oaoDYA==
-----END CERTIFICATE-----