Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/ZEOW67E73LjGkhRbjT8p8HAuQ7g.roa
File:                     ZEOW67E73LjGkhRbjT8p8HAuQ7g.roa (raw, json)
Hash identifier:          3byQhC85THLNsX/WfVA4T3mVllKuuMpO1Ynx6g/Ksak=
Subject key identifier:   64:43:96:EB:B1:3B:DC:B8:C6:92:14:5B:8D:3F:29:F0:70:2E:43:B8
Certificate issuer:       /CN=62927b36b138f086358938e3acfda4638e56a792
Certificate serial:       019425FDD4FB96C354FCDFD2E36E01DA0BB3
Authority key identifier: 62:92:7B:36:B1:38:F0:86:35:89:38:E3:AC:FD:A4:63:8E:56:A7:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YpJ7NrE48IY1iTjjrP2kY45Wp5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/ZEOW67E73LjGkhRbjT8p8HAuQ7g.roa
Signing time:             Thu 02 Jan 2025 07:49:39 +0000
ROA not before:           Thu 02 Jan 2025 07:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a10:20c7:ff00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/YpJ7NrE48IY1iTjjrP2kY45Wp5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/YpJ7NrE48IY1iTjjrP2kY45Wp5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YpJ7NrE48IY1iTjjrP2kY45Wp5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d4:fb:96:c3:54:fc:df:d2:e3:6e:01:da:0b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62927b36b138f086358938e3acfda4638e56a792
        Validity
            Not Before: Jan  2 07:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=644396ebb13bdcb8c692145b8d3f29f0702e43b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:66:1e:aa:d7:44:46:43:8a:da:9b:c5:83:07:
                    48:89:c8:75:16:8c:c7:01:0d:df:32:72:66:42:a7:
                    77:ef:c1:3d:a1:38:b9:2b:3d:44:e0:db:12:fe:fb:
                    32:d5:48:85:db:6d:f9:6a:91:40:34:76:8f:65:e1:
                    35:97:3b:b1:fd:ef:a6:2a:e9:ce:d9:08:b7:9e:03:
                    ce:24:c1:e3:7b:84:a9:36:ee:bb:3c:9f:50:5c:a3:
                    06:b3:05:6a:6d:83:63:3f:d6:bf:1b:8d:e8:ca:80:
                    fe:01:01:83:91:10:40:ed:cc:f0:ab:04:67:dc:e6:
                    a6:3c:d0:37:5f:88:72:db:d4:70:4c:cf:6e:99:cd:
                    4e:40:00:90:a6:73:15:99:f3:ce:9b:15:e4:df:61:
                    d8:bc:fd:00:82:78:33:80:75:e6:69:61:53:bc:15:
                    28:ce:f5:ed:da:65:11:d6:bd:55:68:17:ba:a3:c9:
                    91:89:21:0b:71:46:c3:16:f6:67:3b:12:f3:b9:d8:
                    19:88:72:c0:4e:19:61:cd:07:45:29:b1:c5:3b:36:
                    06:55:70:4c:c6:b0:37:8a:90:e3:fe:5c:0a:9a:8d:
                    5c:71:fa:ae:c9:79:13:f2:be:a7:d2:ee:bd:b6:24:
                    cd:95:8a:80:2c:12:8c:92:9e:41:c9:c5:ae:f7:5b:
                    bb:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:43:96:EB:B1:3B:DC:B8:C6:92:14:5B:8D:3F:29:F0:70:2E:43:B8
            X509v3 Authority Key Identifier:
                keyid:62:92:7B:36:B1:38:F0:86:35:89:38:E3:AC:FD:A4:63:8E:56:A7:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YpJ7NrE48IY1iTjjrP2kY45Wp5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/ZEOW67E73LjGkhRbjT8p8HAuQ7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8d241f-71ea-4a1b-96ea-a99c7ee5c284/1/YpJ7NrE48IY1iTjjrP2kY45Wp5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:20c7:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         0e:ea:49:37:16:a7:94:09:9d:c0:42:34:47:c6:90:a6:f7:12:
         2a:79:fb:a0:fe:a2:b4:eb:ba:81:69:05:78:5c:cf:70:64:bb:
         a6:01:60:94:9e:b6:df:67:a6:7e:8c:69:c2:5b:fc:e1:c3:8b:
         18:3f:69:6c:95:20:18:c2:01:16:69:4b:23:f8:06:44:69:2e:
         3f:a7:0e:89:91:8e:bd:af:14:37:1e:7e:97:4b:7a:2c:14:69:
         e1:b2:29:bd:79:bf:f5:90:7b:48:d4:83:a4:5d:9a:f5:b3:87:
         21:55:5a:c9:44:8f:84:8f:4d:80:b3:a4:62:30:c8:4e:b7:42:
         75:3a:f5:7a:04:41:8b:f6:33:81:a4:16:19:0e:7c:d3:9b:45:
         7d:51:e8:07:23:63:9c:16:e6:72:f8:fc:fc:50:51:0f:95:26:
         0c:d7:5a:a1:f0:c6:4d:af:6a:6b:6a:5d:4d:34:15:8c:ff:7b:
         9d:46:8d:36:f3:02:d4:fd:03:ac:39:11:f3:70:ed:fd:51:90:
         4a:25:45:51:fa:5a:2b:71:99:63:de:d0:d8:82:77:d9:ec:a5:
         47:d7:f3:e0:12:f4:22:7b:0a:2c:02:e3:1d:8e:b2:7d:20:d4:
         17:2e:59:71:6b:40:e1:65:ba:1d:fa:42:0d:3a:7b:47:51:ac:
         56:5d:65:47
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQl/dT7lsNU/N/S424B2guzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyOTI3YjM2YjEzOGYwODYzNTg5MzhlM2FjZmRhNDYzOGU1
NmE3OTIwHhcNMjUwMTAyMDc0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDQzOTZlYmIxM2JkY2I4YzY5MjE0NWI4ZDNmMjlmMDcwMmU0M2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmYeqtdERkOK2pvFgwdIich1FozH
AQ3fMnJmQqd378E9oTi5Kz1E4NsS/vsy1UiF2235apFANHaPZeE1lzux/e+mKunO
2Qi3ngPOJMHje4SpNu67PJ9QXKMGswVqbYNjP9a/G43oyoD+AQGDkRBA7czwqwRn
3OamPNA3X4hy29RwTM9umc1OQACQpnMVmfPOmxXk32HYvP0AgngzgHXmaWFTvBUo
zvXt2mUR1r1VaBe6o8mRiSELcUbDFvZnOxLzudgZiHLAThlhzQdFKbHFOzYGVXBM
xrA3ipDj/lwKmo1ccfquyXkT8r6n0u69tiTNlYqALBKMkp5BycWu91u7VwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGRDluuxO9y4xpIUW40/KfBwLkO4MB8GA1UdIwQY
MBaAFGKSezaxOPCGNYk446z9pGOOVqeSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXBKN05yRTQ4SVkxaVRqanJQMmtZNDVXcDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZDI0MWYtNzFlYS00YTFiLTk2ZWEt
YTk5YzdlZTVjMjg0LzEvWkVPVzY3RTczTGpHa2hSYmpUOHA4SEF1UTdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZDI0MWYtNzFlYS00YTFiLTk2ZWEtYTk5YzdlZTVjMjg0
LzEvWXBKN05yRTQ4SVkxaVRqanJQMmtZNDVXcDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhAgx/8w
DQYJKoZIhvcNAQELBQADggEBAA7qSTcWp5QJncBCNEfGkKb3Eip5+6D+orTruoFp
BXhcz3Bku6YBYJSett9npn6MacJb/OHDixg/aWyVIBjCARZpSyP4BkRpLj+nDomR
jr2vFDcefpdLeiwUaeGyKb15v/WQe0jUg6RdmvWzhyFVWslEj4SPTYCzpGIwyE63
QnU69XoEQYv2M4GkFhkOfNObRX1R6AcjY5wW5nL4/PxQUQ+VJgzXWqHwxk2vamtq
XU00FYz/e51GjTbzAtT9A6w5EfNw7f1RkEolRVH6WitxmWPe0NiCd9nspUfX8+AS
9CJ7CiwC4x2Osn0g1BcuWXFrQOFluh36Qg06e0dRrFZdZUc=
-----END CERTIFICATE-----