Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/JA7bmNFaXPZ3zOhIhSoSK6cX0GM.roa
File:                     JA7bmNFaXPZ3zOhIhSoSK6cX0GM.roa (raw, json)
Hash identifier:          /9NIaaC/nQfKu4JBvIQ0FkNL7E03OA0xPdL0pUFpcGQ=
Subject key identifier:   24:0E:DB:98:D1:5A:5C:F6:77:CC:E8:48:85:2A:12:2B:A7:17:D0:63
Certificate issuer:       /CN=6d650af172444b52116a7a67d74aac7df8a55e1c
Certificate serial:       0194228D529391287EC1A6C31365B6D52F38
Authority key identifier: 6D:65:0A:F1:72:44:4B:52:11:6A:7A:67:D7:4A:AC:7D:F8:A5:5E:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWUK8XJES1IRanpn10qsffilXhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/JA7bmNFaXPZ3zOhIhSoSK6cX0GM.roa
Signing time:             Wed 01 Jan 2025 15:47:54 +0000
ROA not before:           Wed 01 Jan 2025 15:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43129
IP address blocks:        2a0a:11c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/bWUK8XJES1IRanpn10qsffilXhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/bWUK8XJES1IRanpn10qsffilXhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bWUK8XJES1IRanpn10qsffilXhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:52:93:91:28:7e:c1:a6:c3:13:65:b6:d5:2f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d650af172444b52116a7a67d74aac7df8a55e1c
        Validity
            Not Before: Jan  1 15:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=240edb98d15a5cf677cce848852a122ba717d063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1f:5f:e9:0a:80:a2:69:3b:87:08:a4:3b:81:
                    af:f4:87:84:10:a6:ea:0e:3a:62:cc:ed:e0:d7:40:
                    a4:5f:50:4d:b7:5d:d2:d2:aa:85:a4:ae:32:09:95:
                    3a:49:54:df:ff:9c:19:8a:fa:60:e5:b0:4e:6f:30:
                    d6:6a:45:07:3f:59:72:35:62:e5:2e:85:bf:b4:26:
                    50:a5:5b:d0:4b:a5:60:3d:2b:70:6a:44:06:74:2a:
                    44:30:a8:64:13:7b:bd:9b:dd:45:fe:77:6e:ac:21:
                    a4:23:a8:7b:5a:30:da:3d:a4:73:30:af:cd:3c:82:
                    cc:0a:a1:fb:3a:64:03:74:01:fd:e9:82:00:e0:c2:
                    20:d6:0f:ff:d9:f6:99:98:80:ab:19:fc:a2:0d:f1:
                    c4:62:8b:5f:e2:7b:21:de:9d:bb:9c:09:75:0c:72:
                    86:4f:c6:50:3f:f8:dd:a0:3c:89:15:85:1a:70:1e:
                    04:be:2b:a6:63:92:c6:3b:29:0f:0a:d4:76:be:ab:
                    5f:20:75:64:d1:30:56:9b:9e:76:34:7d:51:07:5f:
                    46:dd:23:b3:89:0d:ba:f9:f8:2b:e8:a6:4f:0f:8e:
                    64:9c:ef:b8:3e:77:6a:c1:3a:8a:dc:6a:0a:20:cb:
                    21:06:5b:a1:68:b3:7b:23:46:40:d3:49:4f:11:cf:
                    78:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:0E:DB:98:D1:5A:5C:F6:77:CC:E8:48:85:2A:12:2B:A7:17:D0:63
            X509v3 Authority Key Identifier:
                keyid:6D:65:0A:F1:72:44:4B:52:11:6A:7A:67:D7:4A:AC:7D:F8:A5:5E:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWUK8XJES1IRanpn10qsffilXhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/JA7bmNFaXPZ3zOhIhSoSK6cX0GM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/bWUK8XJES1IRanpn10qsffilXhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:11c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:5f:2e:67:0b:5a:25:45:d1:c6:7d:a0:25:d7:03:3f:92:ca:
         99:75:57:6a:fe:a1:f1:21:e8:55:08:9a:1f:2f:93:f9:a8:9d:
         dc:e3:44:96:6d:e5:4d:9d:80:d6:2d:57:d5:05:cf:28:87:05:
         84:51:fa:b8:d2:a1:1f:84:90:f1:7b:f8:a8:ff:8a:d3:bf:eb:
         72:df:9b:dd:19:c4:e6:db:44:75:36:aa:d7:07:c8:4d:00:62:
         1b:81:de:b5:37:d2:a7:b7:d8:fa:dd:fc:4e:b5:c9:a3:fc:98:
         04:3f:0b:7d:4d:60:bf:d3:03:43:ca:db:2c:d7:36:24:89:86:
         1a:1e:91:60:ef:c3:78:0b:cc:44:f9:59:c4:45:c1:99:ab:dd:
         47:82:5a:d7:fa:53:b2:f3:55:3c:62:a6:32:78:0f:4e:00:fd:
         7a:a4:6d:44:1d:b5:33:27:7a:0d:b8:db:1f:02:4d:93:b4:76:
         53:78:79:3e:7c:aa:8f:2e:10:50:54:2e:69:97:f7:5f:23:4e:
         3a:d9:8f:9d:bb:f4:27:d1:01:64:5a:e1:18:cd:29:50:3d:76:
         0b:9c:47:17:e3:fc:63:4d:2e:2b:85:a2:c4:13:a9:54:41:70:
         a0:12:10:0b:41:ba:26:f7:30:49:86:fb:7d:c8:18:e8:e0:11:
         ac:26:4e:27
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQijVKTkSh+wabDE2W21S84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjUwYWYxNzI0NDRiNTIxMTZhN2E2N2Q3NGFhYzdkZjhh
NTVlMWMwHhcNMjUwMTAxMTU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDBlZGI5OGQxNWE1Y2Y2NzdjY2U4NDg4NTJhMTIyYmE3MTdkMDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoh9f6QqAomk7hwikO4Gv9IeEEKbq
DjpizO3g10CkX1BNt13S0qqFpK4yCZU6SVTf/5wZivpg5bBObzDWakUHP1lyNWLl
LoW/tCZQpVvQS6VgPStwakQGdCpEMKhkE3u9m91F/ndurCGkI6h7WjDaPaRzMK/N
PILMCqH7OmQDdAH96YIA4MIg1g//2faZmICrGfyiDfHEYotf4nsh3p27nAl1DHKG
T8ZQP/jdoDyJFYUacB4EviumY5LGOykPCtR2vqtfIHVk0TBWm552NH1RB19G3SOz
iQ26+fgr6KZPD45knO+4PndqwTqK3GoKIMshBluhaLN7I0ZA00lPEc94+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCQO25jRWlz2d8zoSIUqEiunF9BjMB8GA1UdIwQY
MBaAFG1lCvFyREtSEWp6Z9dKrH34pV4cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYldVSzhYSkVTMUlSYW5wbjEwcXNmZmlsWGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9iN2NhODktNzBmMi00MDhmLWE0ZTQt
YjRhMGNiOGVkODIxLzEvSkE3Ym1ORmFYUFozek9oSWhTb1NLNmNYMEdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9iN2NhODktNzBmMi00MDhmLWE0ZTQtYjRhMGNiOGVkODIx
LzEvYldVSzhYSkVTMUlSYW5wbjEwcXNmZmlsWGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgoRwDAN
BgkqhkiG9w0BAQsFAAOCAQEAJV8uZwtaJUXRxn2gJdcDP5LKmXVXav6h8SHoVQia
Hy+T+aid3ONElm3lTZ2A1i1X1QXPKIcFhFH6uNKhH4SQ8Xv4qP+K07/rct+b3RnE
5ttEdTaq1wfITQBiG4HetTfSp7fY+t38TrXJo/yYBD8LfU1gv9MDQ8rbLNc2JImG
Gh6RYO/DeAvMRPlZxEXBmavdR4Ja1/pTsvNVPGKmMngPTgD9eqRtRB21Myd6Dbjb
HwJNk7R2U3h5Pnyqjy4QUFQuaZf3XyNOOtmPnbv0J9EBZFrhGM0pUD12C5xHF+P8
Y00uK4WixBOpVEFwoBIQC0G6JvcwSYb7fcgY6OARrCZOJw==
-----END CERTIFICATE-----