Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/72faed-a8f8-4a33-8ddc-5cef04b79737/1/AiN7Ez2w_b0YE1rusXobhUE3Svs.roa
File:                     AiN7Ez2w_b0YE1rusXobhUE3Svs.roa (raw, json)
Hash identifier:          ZSIj8QVrkX7C1hvAMfX1/++sMORTKY7694MSitrCN1I=
Subject key identifier:   02:23:7B:13:3D:B0:FD:BD:18:13:5A:EE:B1:7A:1B:85:41:37:4A:FB
Certificate issuer:       /CN=0d23064e3c27ec92b7eab667649d204e5673838e
Certificate serial:       019424457BD0517487F8AE32B58548FA6081
Authority key identifier: 0D:23:06:4E:3C:27:EC:92:B7:EA:B6:67:64:9D:20:4E:56:73:83:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSMGTjwn7JK36rZnZJ0gTlZzg44.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/72faed-a8f8-4a33-8ddc-5cef04b79737/1/AiN7Ez2w_b0YE1rusXobhUE3Svs.roa
Signing time:             Wed 01 Jan 2025 23:48:40 +0000
ROA not before:           Wed 01 Jan 2025 23:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50178
IP address blocks:        2a11:f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/72faed-a8f8-4a33-8ddc-5cef04b79737/1/DSMGTjwn7JK36rZnZJ0gTlZzg44.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/72faed-a8f8-4a33-8ddc-5cef04b79737/1/DSMGTjwn7JK36rZnZJ0gTlZzg44.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSMGTjwn7JK36rZnZJ0gTlZzg44.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:7b:d0:51:74:87:f8:ae:32:b5:85:48:fa:60:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d23064e3c27ec92b7eab667649d204e5673838e
        Validity
            Not Before: Jan  1 23:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02237b133db0fdbd18135aeeb17a1b8541374afb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:dd:73:23:79:d4:90:94:63:03:ee:9c:3f:f7:
                    8d:6f:d5:54:e3:a6:a6:f4:ec:aa:34:1b:d7:26:c7:
                    69:a0:ee:1e:9d:17:c3:4d:48:97:3d:f2:50:20:2d:
                    f0:5a:cc:aa:8c:3e:6d:a3:78:f7:f3:9d:27:42:cd:
                    f7:53:b8:fe:66:7d:5b:01:cb:ba:d4:b0:6d:d4:38:
                    81:70:9f:ce:15:8d:aa:72:3b:14:68:fe:38:91:77:
                    bc:e6:de:ff:bf:43:ff:a4:2f:00:49:69:07:6b:cb:
                    51:3f:19:d5:70:a9:47:2e:8e:6f:e7:64:46:b1:f2:
                    a9:55:f6:75:d1:f5:53:ea:68:55:c5:6e:5a:64:08:
                    9f:d8:47:e5:16:7c:b2:ed:7e:4a:ef:27:7d:68:3e:
                    ea:79:f1:af:f0:be:bb:e9:da:9d:ab:69:2c:4c:53:
                    7a:18:3d:91:5e:24:94:e3:26:95:62:86:c8:cc:0f:
                    af:e5:30:af:57:50:a1:19:25:20:0e:55:d1:f5:ed:
                    aa:6e:3f:7a:48:b5:95:5d:ca:b6:67:8e:4b:ad:0d:
                    cd:35:c4:d6:06:09:e6:56:1d:d4:cc:5b:cb:38:9d:
                    42:c1:7a:6b:06:a9:99:7b:94:a1:92:8d:92:1f:5a:
                    45:f9:04:ea:38:81:a5:b3:26:f0:38:fc:dc:e3:5b:
                    75:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:23:7B:13:3D:B0:FD:BD:18:13:5A:EE:B1:7A:1B:85:41:37:4A:FB
            X509v3 Authority Key Identifier:
                keyid:0D:23:06:4E:3C:27:EC:92:B7:EA:B6:67:64:9D:20:4E:56:73:83:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSMGTjwn7JK36rZnZJ0gTlZzg44.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/72faed-a8f8-4a33-8ddc-5cef04b79737/1/AiN7Ez2w_b0YE1rusXobhUE3Svs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/72faed-a8f8-4a33-8ddc-5cef04b79737/1/DSMGTjwn7JK36rZnZJ0gTlZzg44.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:a4:84:e1:51:eb:fb:c7:4c:55:e0:76:92:10:c0:d0:1b:03:
         ed:62:cb:53:53:f5:33:ee:56:a4:3e:da:91:25:18:b5:a7:af:
         11:f1:16:1c:5e:cc:9f:7a:f8:0d:c4:bc:23:7e:8d:32:12:7b:
         6a:49:69:83:66:a4:4d:26:78:f0:14:9b:3b:29:b2:28:d6:09:
         ac:72:06:a6:54:a6:e3:79:b1:ee:58:30:8d:30:f7:58:f5:d3:
         e6:92:b6:21:1f:a1:b0:5d:b3:d0:b2:99:5f:c5:51:2f:d8:22:
         81:30:58:0e:fb:e9:c7:2d:63:f3:c7:63:b9:d5:50:4b:5e:91:
         6b:b5:31:9b:b0:a8:07:16:8d:91:f6:e6:22:83:78:41:62:9d:
         6f:c0:9b:e2:ce:67:e4:42:f5:09:2a:a6:bb:e0:71:f8:24:90:
         d3:3f:3e:a4:ee:ef:ad:92:cb:45:ce:bf:3d:8e:20:a1:37:66:
         d1:c9:0b:e5:45:d5:46:6c:08:12:9e:81:99:e0:bb:7b:d0:ca:
         ee:7d:23:8c:d9:46:2d:4d:41:ce:59:75:d0:ba:da:ee:81:13:
         6e:a5:e3:0f:b8:4b:c4:dd:3f:52:3e:c8:84:6b:a1:f6:0e:0b:
         80:52:dc:f9:d0:8d:06:df:2d:49:dc:a8:3d:9d:e7:83:9e:e0:
         98:28:7e:1c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRXvQUXSH+K4ytYVI+mCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjMwNjRlM2MyN2VjOTJiN2VhYjY2NzY0OWQyMDRlNTY3
MzgzOGUwHhcNMjUwMTAxMjM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjIzN2IxMzNkYjBmZGJkMTgxMzVhZWViMTdhMWI4NTQxMzc0YWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA591zI3nUkJRjA+6cP/eNb9VU46am
9OyqNBvXJsdpoO4enRfDTUiXPfJQIC3wWsyqjD5to3j3850nQs33U7j+Zn1bAcu6
1LBt1DiBcJ/OFY2qcjsUaP44kXe85t7/v0P/pC8ASWkHa8tRPxnVcKlHLo5v52RG
sfKpVfZ10fVT6mhVxW5aZAif2EflFnyy7X5K7yd9aD7qefGv8L676dqdq2ksTFN6
GD2RXiSU4yaVYobIzA+v5TCvV1ChGSUgDlXR9e2qbj96SLWVXcq2Z45LrQ3NNcTW
BgnmVh3UzFvLOJ1CwXprBqmZe5Shko2SH1pF+QTqOIGlsybwOPzc41t1BwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAIjexM9sP29GBNa7rF6G4VBN0r7MB8GA1UdIwQY
MBaAFA0jBk48J+ySt+q2Z2SdIE5Wc4OOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNNR1Rqd243SkszNnJablpKMGdUbFp6ZzQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS83MmZhZWQtYThmOC00YTMzLThkZGMt
NWNlZjA0Yjc5NzM3LzEvQWlON0V6MndfYjBZRTFydXNYb2JoVUUzU3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS83MmZhZWQtYThmOC00YTMzLThkZGMtNWNlZjA0Yjc5NzM3
LzEvRFNNR1Rqd243SkszNnJablpKMGdUbFp6ZzQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhEPADAN
BgkqhkiG9w0BAQsFAAOCAQEAhqSE4VHr+8dMVeB2khDA0BsD7WLLU1P1M+5WpD7a
kSUYtaevEfEWHF7Mn3r4DcS8I36NMhJ7aklpg2akTSZ48BSbOymyKNYJrHIGplSm
43mx7lgwjTD3WPXT5pK2IR+hsF2z0LKZX8VRL9gigTBYDvvpxy1j88djudVQS16R
a7Uxm7CoBxaNkfbmIoN4QWKdb8Cb4s5n5EL1CSqmu+Bx+CSQ0z8+pO7vrZLLRc6/
PY4goTdm0ckL5UXVRmwIEp6BmeC7e9DK7n0jjNlGLU1Bzll10Lra7oETbqXjD7hL
xN0/Uj7IhGuh9g4LgFLc+dCNBt8tSdyoPZ3ng57gmCh+HA==
-----END CERTIFICATE-----