Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/aubQYKYuI6MIHGp2nchWjbFhUU4.roa
File:                     aubQYKYuI6MIHGp2nchWjbFhUU4.roa (raw, json)
Hash identifier:          2F+ILSELYXvb+ZAKX5VNzDJvloBcFe6YEc5yS5L5tl0=
Subject key identifier:   6A:E6:D0:60:A6:2E:23:A3:08:1C:6A:76:9D:C8:56:8D:B1:61:51:4E
Certificate issuer:       /CN=0bb3e73aa8b7f0af3bd8400572dae72b0d46f55c
Certificate serial:       019424B3E1B72C2C575D78F92534F431580A
Authority key identifier: 0B:B3:E7:3A:A8:B7:F0:AF:3B:D8:40:05:72:DA:E7:2B:0D:46:F5:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/aubQYKYuI6MIHGp2nchWjbFhUU4.roa
Signing time:             Thu 02 Jan 2025 01:49:16 +0000
ROA not before:           Thu 02 Jan 2025 01:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209968
IP address blocks:        2a0e:48c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e1:b7:2c:2c:57:5d:78:f9:25:34:f4:31:58:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bb3e73aa8b7f0af3bd8400572dae72b0d46f55c
        Validity
            Not Before: Jan  2 01:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ae6d060a62e23a3081c6a769dc8568db161514e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7a:aa:ba:1d:c1:e7:84:ba:df:36:ca:e2:bc:
                    1c:f3:73:d5:e7:3a:37:c7:1e:ca:fc:2a:4c:12:05:
                    1e:dc:1a:16:2d:bf:15:00:26:cb:ac:7c:83:28:36:
                    90:4e:ad:52:1f:5f:b6:e6:b4:40:b3:2b:fb:6b:2d:
                    d6:03:2c:04:11:c4:a4:72:4e:53:e9:7b:1a:a1:20:
                    79:b9:2d:44:dc:2a:ca:4f:bb:f9:30:2d:3f:ed:b9:
                    ca:d9:a5:99:96:fa:42:bc:9e:66:e9:a9:19:a4:ff:
                    95:88:ce:98:13:8e:94:39:79:2c:95:d8:ab:da:ae:
                    03:0c:2e:79:4f:5e:d2:a5:59:68:83:6c:7d:47:d7:
                    71:47:53:f5:1b:24:83:90:2f:59:1f:35:15:20:56:
                    c5:bd:63:38:d0:47:82:a3:17:bb:12:32:d1:05:94:
                    4d:19:0a:f7:42:f5:34:23:75:6c:3b:59:b4:2b:dd:
                    8b:e6:6f:51:51:50:7a:fb:e1:85:d3:d4:38:e8:af:
                    a7:9c:62:63:d0:d6:0d:b5:11:7a:3d:3e:8d:5c:91:
                    44:5f:be:96:00:3f:83:8a:f0:b5:e7:5e:1f:63:41:
                    15:f5:c5:b5:0e:13:00:7c:f5:f5:d2:ec:15:da:0a:
                    e1:a6:30:bd:8f:ac:e5:72:de:4b:d3:6a:07:5e:d3:
                    f0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:E6:D0:60:A6:2E:23:A3:08:1C:6A:76:9D:C8:56:8D:B1:61:51:4E
            X509v3 Authority Key Identifier:
                keyid:0B:B3:E7:3A:A8:B7:F0:AF:3B:D8:40:05:72:DA:E7:2B:0D:46:F5:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/aubQYKYuI6MIHGp2nchWjbFhUU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:48c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:84:fe:1b:f3:f5:23:d5:f6:4e:ca:a4:56:86:e6:57:35:ff:
         48:50:83:95:7f:ea:df:23:d3:dd:49:72:40:9f:37:bb:ba:0a:
         a0:be:da:7a:2c:7a:96:17:26:76:22:16:19:71:b1:2b:4c:9f:
         4b:48:e2:dc:f0:0e:4f:2a:b9:d7:69:7e:5b:cf:49:83:e7:c8:
         ff:50:4a:73:b6:2f:88:7f:21:e4:e6:75:59:ea:9d:54:7d:dc:
         5a:35:4a:f4:e8:48:a5:eb:df:76:fa:d5:2d:34:56:89:c5:5e:
         4e:b7:53:e1:ee:58:51:c9:18:5e:7e:23:92:50:72:a2:c6:4a:
         d3:b4:70:b1:1a:a4:49:84:e6:4b:db:8d:dc:0c:0c:53:7f:59:
         21:ff:06:f3:69:d1:ea:09:3b:e5:69:71:8a:56:97:06:96:f9:
         5b:13:b6:0e:85:15:7a:d0:93:20:55:a8:61:b7:b8:e8:bd:2c:
         d3:4c:64:9d:c2:22:98:52:87:25:55:a7:8d:aa:48:44:e8:2b:
         7b:e8:e4:4a:12:ac:d7:fe:a0:af:af:90:1e:45:19:c7:a7:c0:
         67:57:14:fe:40:6e:23:3b:d2:2c:e4:7a:0e:48:22:13:c2:ad:
         8f:7e:b1:ef:63:c3:22:48:19:52:e2:ae:b4:4a:b3:1e:70:42:
         dc:e0:78:1b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQks+G3LCxXXXj5JTT0MVgKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYjNlNzNhYThiN2YwYWYzYmQ4NDAwNTcyZGFlNzJiMGQ0
NmY1NWMwHhcNMjUwMTAyMDE0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWU2ZDA2MGE2MmUyM2EzMDgxYzZhNzY5ZGM4NTY4ZGIxNjE1MTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXqquh3B54S63zbK4rwc83PV5zo3
xx7K/CpMEgUe3BoWLb8VACbLrHyDKDaQTq1SH1+25rRAsyv7ay3WAywEEcSkck5T
6XsaoSB5uS1E3CrKT7v5MC0/7bnK2aWZlvpCvJ5m6akZpP+ViM6YE46UOXksldir
2q4DDC55T17SpVlog2x9R9dxR1P1GySDkC9ZHzUVIFbFvWM40EeCoxe7EjLRBZRN
GQr3QvU0I3VsO1m0K92L5m9RUVB6++GF09Q46K+nnGJj0NYNtRF6PT6NXJFEX76W
AD+DivC1514fY0EV9cW1DhMAfPX10uwV2grhpjC9j6zlct5L02oHXtPw/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGrm0GCmLiOjCBxqdp3IVo2xYVFOMB8GA1UdIwQY
MBaAFAuz5zqot/CvO9hABXLa5ysNRvVcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzdQbk9xaTM4Szg3MkVBRmN0cm5LdzFHOVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lZmY2N2YtNDBhOS00Nzc1LWE5YzIt
YWQyOGZhOTY2YjUxLzEvYXViUVlLWXVJNk1JSEdwMm5jaFdqYkZoVVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lZmY2N2YtNDBhOS00Nzc1LWE5YzItYWQyOGZhOTY2YjUx
LzEvQzdQbk9xaTM4Szg3MkVBRmN0cm5LdzFHOVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5IwDAN
BgkqhkiG9w0BAQsFAAOCAQEAm4T+G/P1I9X2TsqkVobmVzX/SFCDlX/q3yPT3Uly
QJ83u7oKoL7aeix6lhcmdiIWGXGxK0yfS0ji3PAOTyq512l+W89Jg+fI/1BKc7Yv
iH8h5OZ1WeqdVH3cWjVK9OhIpevfdvrVLTRWicVeTrdT4e5YUckYXn4jklByosZK
07RwsRqkSYTmS9uN3AwMU39ZIf8G82nR6gk75WlxilaXBpb5WxO2DoUVetCTIFWo
Ybe46L0s00xkncIimFKHJVWnjapIROgre+jkShKs1/6gr6+QHkUZx6fAZ1cU/kBu
IzvSLOR6DkgiE8Ktj36x72PDIkgZUuKutEqzHnBC3OB4Gw==
-----END CERTIFICATE-----