Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/7K3k7b_VuVXreG4TZPCJYqZfF3E.roa
File:                     7K3k7b_VuVXreG4TZPCJYqZfF3E.roa (raw, json)
Hash identifier:          Mlmhkf4jbq89VKvIVk+oiVN1ePN2hRV3HnX2uto8WJU=
Subject key identifier:   EC:AD:E4:ED:BF:D5:B9:55:EB:78:6E:13:64:F0:89:62:A6:5F:17:71
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       019425FDA2A9B370EDA458165A22D833700C
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/7K3k7b_VuVXreG4TZPCJYqZfF3E.roa
Signing time:             Thu 02 Jan 2025 07:49:26 +0000
ROA not before:           Thu 02 Jan 2025 07:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210542
IP address blocks:        2a0e:da40:1::/48 maxlen: 128
                          2a0e:da40:10::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a2:a9:b3:70:ed:a4:58:16:5a:22:d8:33:70:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  2 07:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecade4edbfd5b955eb786e1364f08962a65f1771
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ec:de:d9:82:3b:66:bd:99:3a:48:45:2f:c8:
                    91:1f:a3:64:e0:f5:c5:4d:96:37:ec:3b:e5:6d:47:
                    d5:75:f7:bc:50:c4:79:c5:11:3b:f5:86:84:73:8a:
                    1c:bc:8b:50:32:22:3a:da:ba:2e:3c:1b:b7:f8:14:
                    87:0b:5b:9b:25:5b:7b:f7:f6:53:b8:13:22:3c:27:
                    c4:9d:14:05:2e:c0:0c:e5:45:e9:78:48:5e:57:5c:
                    f2:5b:a8:35:ab:ad:ca:dd:91:28:18:c4:a1:56:f5:
                    77:92:ed:19:cc:5e:5c:ed:1c:db:22:2d:22:bb:5d:
                    12:88:4e:70:bf:7b:ea:e6:19:29:dc:76:d5:44:f4:
                    fc:d0:01:ff:61:8d:e8:bf:8d:32:67:82:ae:81:a6:
                    f5:dd:a7:d2:aa:69:ca:49:cc:25:ab:3f:a4:6c:7f:
                    36:89:e9:f1:35:bd:cb:1e:bf:6f:b1:12:7d:9e:69:
                    ab:25:f0:f7:a7:12:5c:72:d1:c3:5f:dd:f2:af:a3:
                    97:5a:32:54:42:8f:0a:d7:7c:8a:53:de:30:bc:f6:
                    1b:32:ee:75:c9:6a:de:17:ac:16:90:01:1b:4a:e7:
                    60:4f:5d:c4:ce:2e:a6:6c:4c:bb:22:b2:6c:b2:98:
                    62:01:e5:ff:9b:47:9b:47:2f:ab:ef:69:1e:b9:32:
                    29:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:AD:E4:ED:BF:D5:B9:55:EB:78:6E:13:64:F0:89:62:A6:5F:17:71
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/7K3k7b_VuVXreG4TZPCJYqZfF3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:da40:1::/48
                  2a0e:da40:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         87:3b:01:dc:25:07:d3:2e:4a:77:34:45:06:9b:b6:b6:df:be:
         c0:f3:90:f3:88:cc:72:2d:6f:a6:76:b8:4e:1f:99:6a:3e:fc:
         91:d6:21:4c:61:fe:46:43:d1:7a:57:76:08:ea:17:93:df:9d:
         1d:2f:37:47:bb:a3:ff:eb:37:30:f4:19:2b:5b:b2:4f:18:6a:
         5b:9a:c1:ff:6b:fb:cf:93:b4:df:91:39:e5:71:85:b5:06:d7:
         eb:6d:92:48:e7:fb:e0:50:40:54:8c:c0:10:1d:0a:82:60:48:
         13:73:a0:00:d1:93:e6:0f:40:64:3f:e2:7c:f7:4d:8f:56:06:
         bd:d4:b4:7a:96:26:87:a5:26:e1:e1:36:d7:8c:08:20:62:0b:
         03:03:3f:0e:93:6f:55:3b:62:10:1f:99:1a:7f:5f:36:f4:14:
         74:12:74:3e:0f:24:3a:45:b2:84:a4:54:28:d0:70:04:3f:c5:
         1d:80:ad:46:a0:ef:fa:0c:24:c7:2b:e2:fe:be:11:3d:84:2a:
         8f:9e:27:3b:ce:a2:40:a6:7c:dd:38:e5:45:e0:01:d7:e8:8a:
         63:da:e0:94:60:f2:44:26:76:82:9a:dc:60:a6:ed:6b:04:64:
         d2:a7:e2:25:78:ce:d0:dd:60:3b:39:9f:8b:95:d4:22:a6:6e:
         1b:49:05:24
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQl/aKps3DtpFgWWiLYM3AMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjUwMTAyMDc0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2FkZTRlZGJmZDViOTU1ZWI3ODZlMTM2NGYwODk2MmE2NWYxNzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteze2YI7Zr2ZOkhFL8iRH6Nk4PXF
TZY37DvlbUfVdfe8UMR5xRE79YaEc4ocvItQMiI62rouPBu3+BSHC1ubJVt79/ZT
uBMiPCfEnRQFLsAM5UXpeEheV1zyW6g1q63K3ZEoGMShVvV3ku0ZzF5c7RzbIi0i
u10SiE5wv3vq5hkp3HbVRPT80AH/YY3ov40yZ4Kugab13afSqmnKScwlqz+kbH82
ienxNb3LHr9vsRJ9nmmrJfD3pxJcctHDX93yr6OXWjJUQo8K13yKU94wvPYbMu51
yWreF6wWkAEbSudgT13Ezi6mbEy7IrJssphiAeX/m0ebRy+r72keuTIp6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOyt5O2/1blV63huE2TwiWKmXxdxMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvN0szazdiX1Z1VlhyZUc0VFpQQ0pZcVpmRjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg7aQAAB
AwcEKg7aQAAQMA0GCSqGSIb3DQEBCwUAA4IBAQCHOwHcJQfTLkp3NEUGm7a2377A
85DziMxyLW+mdrhOH5lqPvyR1iFMYf5GQ9F6V3YI6heT350dLzdHu6P/6zcw9Bkr
W7JPGGpbmsH/a/vPk7TfkTnlcYW1BtfrbZJI5/vgUEBUjMAQHQqCYEgTc6AA0ZPm
D0BkP+J8902PVga91LR6liaHpSbh4TbXjAggYgsDAz8Ok29VO2IQH5kaf1829BR0
EnQ+DyQ6RbKEpFQo0HAEP8UdgK1GoO/6DCTHK+L+vhE9hCqPnic7zqJApnzdOOVF
4AHX6Ipj2uCUYPJEJnaCmtxgpu1rBGTSp+IleM7Q3WA7OZ+LldQipm4bSQUk
-----END CERTIFICATE-----