Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/eb9wjOmz5kPPmuCQtsN1cn-klyE.roa
File:                     eb9wjOmz5kPPmuCQtsN1cn-klyE.roa (raw, json)
Hash identifier:          erOQcOZWKsgViqrNUApVtSuFJsW2DxTD2hQnRRc4um0=
Subject key identifier:   79:BF:70:8C:E9:B3:E6:43:CF:9A:E0:90:B6:C3:75:72:7F:A4:97:21
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019421B23C68AE4AF112CF33D42AE0C0BF3C
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/eb9wjOmz5kPPmuCQtsN1cn-klyE.roa
Signing time:             Wed 01 Jan 2025 11:48:36 +0000
ROA not before:           Wed 01 Jan 2025 11:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202564
IP address blocks:        2a07:3d80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3c:68:ae:4a:f1:12:cf:33:d4:2a:e0:c0:bf:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 11:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79bf708ce9b3e643cf9ae090b6c375727fa49721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:bf:39:18:fc:62:35:70:3e:54:49:71:e2:46:
                    cc:54:72:62:17:db:ff:21:da:f1:3a:85:22:f1:a0:
                    12:ef:af:ca:49:6d:6e:04:5a:8a:e6:86:2a:36:50:
                    a0:56:34:f6:bf:4b:10:fc:7d:37:37:88:e3:2f:8d:
                    90:fd:35:4a:5c:02:de:64:a9:b1:00:79:e3:d4:c3:
                    ff:86:f6:b2:34:33:99:ac:ee:b8:93:43:3d:62:bc:
                    52:8d:fe:a3:07:d5:07:d7:c8:ff:7a:88:5f:eb:94:
                    a5:55:29:45:7f:a0:a0:cb:66:45:28:61:31:71:3e:
                    03:c4:67:d0:07:5b:d8:50:dd:26:50:30:a8:a4:66:
                    dc:a5:05:01:13:48:89:d8:dd:d1:5e:34:14:b6:7d:
                    9c:fe:7b:4d:51:75:c5:8a:76:55:58:69:c4:c2:81:
                    58:65:cc:c9:53:3a:b8:ce:d6:ce:41:46:0f:f9:7a:
                    e0:20:d1:b2:de:f7:2a:e2:f7:e5:6a:99:9c:87:5a:
                    57:dd:aa:ad:c5:7b:d1:d6:a8:36:9f:41:c4:fd:81:
                    93:85:18:56:48:7e:ea:7c:85:23:97:f4:64:83:b2:
                    4d:67:6f:32:f9:09:f5:81:6e:a4:4b:57:3a:b8:61:
                    7a:00:4c:b0:82:a2:5e:d8:b8:d1:14:af:69:25:20:
                    6f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:BF:70:8C:E9:B3:E6:43:CF:9A:E0:90:B6:C3:75:72:7F:A4:97:21
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/eb9wjOmz5kPPmuCQtsN1cn-klyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:a4:b2:e7:3b:68:25:5f:ec:e4:6d:14:2a:a9:b4:39:5a:7f:
         f5:81:51:73:8c:c6:ce:c8:d8:88:1c:8c:41:ea:fa:14:32:35:
         d5:a5:36:07:d8:56:1a:41:05:a6:74:7b:e6:1e:13:38:44:20:
         84:88:97:91:09:cd:fc:32:66:15:53:f5:bb:d5:d9:fc:d3:e4:
         aa:33:b3:34:b1:97:27:3e:0c:5c:8c:1d:0d:e1:d8:15:08:db:
         ea:ec:32:be:ae:c6:e4:de:7b:e6:52:87:42:a3:67:b3:9d:05:
         6e:3f:0a:38:1c:22:17:af:a1:eb:4c:b0:ec:84:57:0d:f3:cd:
         83:0f:96:33:a3:12:29:cc:96:8b:82:93:d4:97:06:08:7e:00:
         e4:57:4e:c7:e0:12:22:bd:a2:2f:fb:fa:37:2a:d2:c7:8d:80:
         bc:64:48:eb:79:7b:53:df:41:fe:03:29:37:56:10:b7:77:82:
         1e:1a:97:7a:72:8a:0b:68:3c:c8:3b:e9:50:9c:e2:04:c8:9d:
         35:e7:a0:ce:35:b2:21:1e:f4:8e:92:14:c1:ea:1a:36:91:dd:
         f8:27:0d:7b:fb:ec:48:43:b9:a9:ed:fa:5f:78:0d:f6:0c:f8:
         d9:0a:4c:49:b9:9e:2c:b7:4c:3a:22:a0:53:49:22:d8:eb:6c:
         50:b8:fc:60
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhsjxorkrxEs8z1CrgwL88MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjUwMTAxMTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWJmNzA4Y2U5YjNlNjQzY2Y5YWUwOTBiNmMzNzU3MjdmYTQ5NzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq785GPxiNXA+VElx4kbMVHJiF9v/
IdrxOoUi8aAS76/KSW1uBFqK5oYqNlCgVjT2v0sQ/H03N4jjL42Q/TVKXALeZKmx
AHnj1MP/hvayNDOZrO64k0M9YrxSjf6jB9UH18j/eohf65SlVSlFf6Cgy2ZFKGEx
cT4DxGfQB1vYUN0mUDCopGbcpQUBE0iJ2N3RXjQUtn2c/ntNUXXFinZVWGnEwoFY
ZczJUzq4ztbOQUYP+XrgINGy3vcq4vflapmch1pX3aqtxXvR1qg2n0HE/YGThRhW
SH7qfIUjl/Rkg7JNZ28y+Qn1gW6kS1c6uGF6AEywgqJe2LjRFK9pJSBvdQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHm/cIzps+ZDz5rgkLbDdXJ/pJchMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvZWI5d2pPbXo1a1BQbXVDUXRzTjFjbi1rbHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgc9gDAN
BgkqhkiG9w0BAQsFAAOCAQEApqSy5ztoJV/s5G0UKqm0OVp/9YFRc4zGzsjYiByM
Qer6FDI11aU2B9hWGkEFpnR75h4TOEQghIiXkQnN/DJmFVP1u9XZ/NPkqjOzNLGX
Jz4MXIwdDeHYFQjb6uwyvq7G5N575lKHQqNns50Fbj8KOBwiF6+h60yw7IRXDfPN
gw+WM6MSKcyWi4KT1JcGCH4A5FdOx+ASIr2iL/v6NyrSx42AvGRI63l7U99B/gMp
N1YQt3eCHhqXenKKC2g8yDvpUJziBMidNeegzjWyIR70jpIUweoaNpHd+CcNe/vs
SEO5qe36X3gN9gz42QpMSbmeLLdMOiKgU0ki2OtsULj8YA==
-----END CERTIFICATE-----