Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/e5Sy1VAry68r-4ha4VS5j2qDIh4.roa
File:                     e5Sy1VAry68r-4ha4VS5j2qDIh4.roa (raw, json)
Hash identifier:          iAgJw0j0bHx4il0UO6E61c4MJfLKF0a3JiNbi25PF/w=
Subject key identifier:   7B:94:B2:D5:50:2B:CB:AF:2B:FB:88:5A:E1:54:B9:8F:6A:83:22:1E
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       019427B669EB00311EDED8196BAD554BF482
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/e5Sy1VAry68r-4ha4VS5j2qDIh4.roa
Signing time:             Thu 02 Jan 2025 15:50:53 +0000
ROA not before:           Thu 02 Jan 2025 15:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213861
IP address blocks:        2a11:2083::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:69:eb:00:31:1e:de:d8:19:6b:ad:55:4b:f4:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: Jan  2 15:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b94b2d5502bcbaf2bfb885ae154b98f6a83221e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:84:d5:15:51:f7:ce:ec:45:14:56:01:03:18:
                    22:74:f9:f9:a6:8f:23:f0:dd:19:ad:4b:32:ee:e7:
                    74:53:01:b5:55:1c:0b:46:15:08:56:d2:57:5a:83:
                    83:e2:72:c5:1c:31:8f:9b:ed:b2:d7:56:e7:a2:fd:
                    eb:c9:ae:81:58:cb:f2:67:41:cb:ad:0b:2c:30:8f:
                    f0:b4:74:2a:e2:0c:8e:08:ee:ea:e7:cb:00:de:51:
                    61:e8:4c:62:da:c0:ad:7d:ca:98:16:c4:13:e6:d7:
                    dd:52:96:39:b0:a0:dd:8a:e7:b8:1e:fd:b3:1d:83:
                    6d:ff:3b:d0:83:ad:a8:a9:50:a8:3d:ca:57:bc:1a:
                    f0:18:63:7a:64:ac:11:29:37:b2:2d:d4:ed:46:6a:
                    11:75:e0:be:3a:2b:eb:2f:e1:00:65:98:99:bc:ee:
                    f2:05:aa:9a:48:cd:e0:5e:5f:97:86:35:c0:b6:fc:
                    cb:ac:72:f6:48:5a:ec:d5:f3:85:93:5b:bf:24:b7:
                    af:84:c6:bf:a5:26:e8:b1:dd:7e:01:e2:b7:65:67:
                    6e:c5:d2:00:a8:ac:5a:1c:79:ca:71:d4:4d:9e:85:
                    dd:b7:ec:af:5c:7d:d5:a0:80:35:c6:28:56:1c:ea:
                    84:f7:10:33:13:17:bf:8d:63:82:8f:6e:b0:fa:ce:
                    a0:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:94:B2:D5:50:2B:CB:AF:2B:FB:88:5A:E1:54:B9:8F:6A:83:22:1E
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/e5Sy1VAry68r-4ha4VS5j2qDIh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:2083::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:f4:01:a8:18:56:22:a4:c1:12:c0:c0:5b:98:7e:c2:1e:95:
         be:29:2a:42:4e:5a:15:4d:89:2a:c7:89:a5:2e:b4:4c:ac:1f:
         00:3d:65:76:75:0a:3b:2a:32:73:5c:8b:08:c4:a3:01:4a:65:
         39:35:cf:25:a9:c5:0a:ee:73:b3:57:13:32:5f:0c:dc:e7:6a:
         17:ce:8a:bb:2f:05:28:2d:74:4d:43:6a:1d:26:bd:46:27:e9:
         dd:d4:2c:20:e4:87:d4:da:ad:8b:1c:75:d1:83:0e:6a:f4:06:
         8f:ef:c7:1a:a1:00:c9:f2:8e:53:ce:4d:69:3e:7a:4f:18:4d:
         4a:2b:a7:53:8f:aa:8e:f7:84:0d:6b:b9:13:64:e2:ac:41:85:
         fc:04:bc:84:fe:74:dc:02:77:ec:37:33:db:3f:9b:6b:05:ca:
         86:fe:cc:3b:6e:3c:94:c9:76:48:98:79:ba:58:d2:34:01:ec:
         8a:74:5e:ad:97:e4:3d:86:43:cb:a7:18:35:bf:b0:17:5d:40:
         b2:2c:66:d7:e4:f7:28:55:3a:ae:93:b5:5f:ae:c8:bb:40:32:
         46:97:fb:da:aa:6d:fd:8c:51:45:e5:b8:72:78:14:0a:72:16:
         f4:ee:a0:bb:67:c9:56:98:7a:19:12:4f:08:cd:20:ab:e9:a0:
         f4:e6:0e:10
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntmnrADEe3tgZa61VS/SCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjUwMTAyMTU1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjk0YjJkNTUwMmJjYmFmMmJmYjg4NWFlMTU0Yjk4ZjZhODMyMjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoTVFVH3zuxFFFYBAxgidPn5po8j
8N0ZrUsy7ud0UwG1VRwLRhUIVtJXWoOD4nLFHDGPm+2y11bnov3rya6BWMvyZ0HL
rQssMI/wtHQq4gyOCO7q58sA3lFh6Exi2sCtfcqYFsQT5tfdUpY5sKDdiue4Hv2z
HYNt/zvQg62oqVCoPcpXvBrwGGN6ZKwRKTeyLdTtRmoRdeC+OivrL+EAZZiZvO7y
BaqaSM3gXl+XhjXAtvzLrHL2SFrs1fOFk1u/JLevhMa/pSbosd1+AeK3ZWduxdIA
qKxaHHnKcdRNnoXdt+yvXH3VoIA1xihWHOqE9xAzExe/jWOCj26w+s6gsQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHuUstVQK8uvK/uIWuFUuY9qgyIeMB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvZTVTeTFWQXJ5NjhyLTRoYTRWUzVqMnFESWg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEggzAN
BgkqhkiG9w0BAQsFAAOCAQEABvQBqBhWIqTBEsDAW5h+wh6VvikqQk5aFU2JKseJ
pS60TKwfAD1ldnUKOyoyc1yLCMSjAUplOTXPJanFCu5zs1cTMl8M3OdqF86Kuy8F
KC10TUNqHSa9Rifp3dQsIOSH1Nqtixx10YMOavQGj+/HGqEAyfKOU85NaT56TxhN
SiunU4+qjveEDWu5E2TirEGF/AS8hP503AJ37Dcz2z+bawXKhv7MO248lMl2SJh5
uljSNAHsinRerZfkPYZDy6cYNb+wF11Asixm1+T3KFU6rpO1X67Iu0AyRpf72qpt
/YxRReW4cngUCnIW9O6gu2fJVph6GRJPCM0gq+mg9OYOEA==
-----END CERTIFICATE-----