Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/JQTWtShPwGEwVFU8i8E82c7erRQ.roa
File:                     JQTWtShPwGEwVFU8i8E82c7erRQ.roa (raw, json)
Hash identifier:          AWyFT4kOA1zNKVFniNaOQlkLDIns54LN+qDhlyph/BU=
Subject key identifier:   25:04:D6:B5:28:4F:C0:61:30:54:55:3C:8B:C1:3C:D9:CE:DE:AD:14
Certificate issuer:       /CN=ac7670698cfaef2647fbc9a06f7380856e2b3027
Certificate serial:       0194274777302DE21A9A69EFAFA9D7FCE64B
Authority key identifier: AC:76:70:69:8C:FA:EF:26:47:FB:C9:A0:6F:73:80:85:6E:2B:30:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHZwaYz67yZH-8mgb3OAhW4rMCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/JQTWtShPwGEwVFU8i8E82c7erRQ.roa
Signing time:             Thu 02 Jan 2025 13:49:42 +0000
ROA not before:           Thu 02 Jan 2025 13:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60505
IP address blocks:        2a11:a500::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/rHZwaYz67yZH-8mgb3OAhW4rMCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/rHZwaYz67yZH-8mgb3OAhW4rMCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rHZwaYz67yZH-8mgb3OAhW4rMCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:77:30:2d:e2:1a:9a:69:ef:af:a9:d7:fc:e6:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7670698cfaef2647fbc9a06f7380856e2b3027
        Validity
            Not Before: Jan  2 13:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2504d6b5284fc0613054553c8bc13cd9cedead14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7d:a3:a7:5e:b9:58:ca:e8:53:9e:1d:d9:69:
                    a4:39:0c:9a:53:d8:c1:a8:a4:77:69:55:12:37:b7:
                    41:c3:0c:95:00:bc:65:37:ce:39:54:cf:b6:33:47:
                    c6:a7:e9:92:e8:59:65:60:8c:22:fc:5e:25:76:d3:
                    51:9d:15:44:af:ad:84:22:f1:55:de:32:5c:86:c4:
                    f4:2a:82:06:4b:73:5b:30:06:62:ec:09:77:fc:c2:
                    49:2f:09:2d:50:a9:bf:ee:d9:02:82:c5:30:a7:88:
                    b8:b2:b4:9e:e5:cf:91:5a:f7:03:31:b6:b6:a5:fa:
                    c2:6b:23:df:f0:67:f8:bb:a1:19:d8:34:ad:97:3c:
                    f3:eb:31:0c:a1:95:20:93:15:03:ff:90:f0:c4:26:
                    9b:1d:c4:4d:e6:7e:58:99:d3:76:56:cf:96:3a:1e:
                    5f:0d:6c:66:6e:06:53:1f:97:a8:7f:4d:3b:17:5d:
                    f1:25:1d:22:a2:f5:9b:ae:e0:15:00:80:aa:9a:3a:
                    35:43:99:b2:39:d7:a7:46:6d:0f:3d:32:58:b5:23:
                    ca:4f:5e:6b:7d:e1:e6:e6:9b:18:15:0a:74:79:36:
                    85:c1:e2:34:29:42:db:a7:2e:fa:f0:c7:97:d4:f9:
                    dc:f7:f7:7c:04:1f:92:56:ba:63:b8:b5:22:f3:1c:
                    27:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:04:D6:B5:28:4F:C0:61:30:54:55:3C:8B:C1:3C:D9:CE:DE:AD:14
            X509v3 Authority Key Identifier:
                keyid:AC:76:70:69:8C:FA:EF:26:47:FB:C9:A0:6F:73:80:85:6E:2B:30:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHZwaYz67yZH-8mgb3OAhW4rMCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/JQTWtShPwGEwVFU8i8E82c7erRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/rHZwaYz67yZH-8mgb3OAhW4rMCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:a500::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:03:70:5f:43:05:57:77:f7:08:24:15:7d:17:f7:99:d5:0f:
         f8:b4:f3:5e:88:e9:a8:6e:28:b2:96:12:eb:6e:c8:1e:2f:93:
         40:5b:1a:b8:0a:a2:17:30:9e:88:6a:fb:88:82:84:2b:31:21:
         0e:7e:ff:11:15:59:a7:17:64:96:ce:e0:db:5c:09:c2:b7:28:
         23:b4:e4:bf:2b:67:41:66:10:2c:41:c6:04:1b:e3:16:1a:c6:
         66:1b:78:04:50:a1:a0:69:2f:e7:3e:3e:52:1c:ed:dc:54:93:
         60:0f:9d:da:3d:0c:55:87:f2:ad:e8:af:dc:ec:fa:ba:d4:5a:
         dd:34:db:f0:be:f3:88:42:3c:65:05:6c:eb:98:46:63:85:ef:
         a5:35:99:01:db:82:21:ea:8c:ce:df:64:d0:33:6a:06:79:d1:
         f4:cc:c5:9c:e1:a0:65:3d:1e:99:1a:49:1c:b1:74:ce:5c:30:
         80:ff:0e:b4:63:76:1f:59:9f:60:fa:f7:86:20:43:20:36:d7:
         9b:2a:b0:7c:dc:31:6d:ea:09:6b:4a:1d:f8:b3:f3:98:5d:fe:
         ff:60:04:7d:51:db:89:52:5a:05:94:a5:59:9e:7a:3d:7e:d1:
         5e:55:df:c5:9c:2a:80:4b:b4:6c:05:3e:ad:b3:a9:45:54:51:
         0b:4f:46:e4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnR3cwLeIammnvr6nX/OZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjNzY3MDY5OGNmYWVmMjY0N2ZiYzlhMDZmNzM4MDg1NmUy
YjMwMjcwHhcNMjUwMTAyMTM0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTA0ZDZiNTI4NGZjMDYxMzA1NDU1M2M4YmMxM2NkOWNlZGVhZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwn2jp165WMroU54d2WmkOQyaU9jB
qKR3aVUSN7dBwwyVALxlN845VM+2M0fGp+mS6FllYIwi/F4ldtNRnRVEr62EIvFV
3jJchsT0KoIGS3NbMAZi7Al3/MJJLwktUKm/7tkCgsUwp4i4srSe5c+RWvcDMba2
pfrCayPf8Gf4u6EZ2DStlzzz6zEMoZUgkxUD/5DwxCabHcRN5n5YmdN2Vs+WOh5f
DWxmbgZTH5eof007F13xJR0iovWbruAVAICqmjo1Q5myOdenRm0PPTJYtSPKT15r
feHm5psYFQp0eTaFweI0KULbpy768MeX1Pnc9/d8BB+SVrpjuLUi8xwnjQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCUE1rUoT8BhMFRVPIvBPNnO3q0UMB8GA1UdIwQY
MBaAFKx2cGmM+u8mR/vJoG9zgIVuKzAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckhad2FZejY3eVpILThtZ2IzT0FoVzRyTUNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC82OGY2NTEtZjNhNi00MjUyLTlmYWYt
OWUwNDQwOTJiODI2LzEvSlFUV3RTaFB3R0V3VkZVOGk4RTgyYzdlclJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC82OGY2NTEtZjNhNi00MjUyLTlmYWYtOWUwNDQwOTJiODI2
LzEvckhad2FZejY3eVpILThtZ2IzT0FoVzRyTUNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGlADAN
BgkqhkiG9w0BAQsFAAOCAQEAeQNwX0MFV3f3CCQVfRf3mdUP+LTzXojpqG4ospYS
627IHi+TQFsauAqiFzCeiGr7iIKEKzEhDn7/ERVZpxdkls7g21wJwrcoI7Tkvytn
QWYQLEHGBBvjFhrGZht4BFChoGkv5z4+Uhzt3FSTYA+d2j0MVYfyreiv3Oz6utRa
3TTb8L7ziEI8ZQVs65hGY4XvpTWZAduCIeqMzt9k0DNqBnnR9MzFnOGgZT0emRpJ
HLF0zlwwgP8OtGN2H1mfYPr3hiBDIDbXmyqwfNwxbeoJa0od+LPzmF3+/2AEfVHb
iVJaBZSlWZ56PX7RXlXfxZwqgEu0bAU+rbOpRVRRC09G5A==
-----END CERTIFICATE-----