Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/NxaezdRi3ofV0Ea6FtmKMCg4Xno.roa
File:                     NxaezdRi3ofV0Ea6FtmKMCg4Xno.roa (raw, json)
Hash identifier:          OxfdQ+cdMI49CYY0Q1jeMkKHuJPcs1w/NoTD4eAZ2MA=
Subject key identifier:   37:16:9E:CD:D4:62:DE:87:D5:D0:46:BA:16:D9:8A:30:28:38:5E:7A
Certificate issuer:       /CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Certificate serial:       01942825578C3CE77323B8EDCEBB328429B9
Authority key identifier: B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/NxaezdRi3ofV0Ea6FtmKMCg4Xno.roa
Signing time:             Thu 02 Jan 2025 17:52:03 +0000
ROA not before:           Thu 02 Jan 2025 17:52:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12302
IP address blocks:        2a01:878::/32 maxlen: 32
                          2a01:8fa::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:57:8c:3c:e7:73:23:b8:ed:ce:bb:32:84:29:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
        Validity
            Not Before: Jan  2 17:52:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37169ecdd462de87d5d046ba16d98a3028385e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e4:3c:55:44:f6:f4:3b:3d:1d:24:de:7e:61:
                    98:01:39:90:4c:75:5e:66:92:ab:ea:8d:b1:13:84:
                    4e:ee:ac:4b:da:21:8c:c1:cd:f5:89:81:b4:2f:2f:
                    e2:de:b2:02:79:64:de:9e:72:96:7e:94:8f:d6:22:
                    5d:2d:84:7c:83:7f:45:bf:ba:ca:e7:55:5f:40:35:
                    14:28:7b:38:5a:f9:39:16:36:5e:30:4d:be:3f:b4:
                    10:0e:a3:ee:24:92:02:ef:2a:33:75:85:0f:96:62:
                    de:83:8a:9d:98:52:e6:92:87:76:a3:39:d3:a8:e5:
                    6e:ef:25:6b:11:30:ae:bc:4b:37:29:18:79:96:55:
                    27:c5:f5:c2:1d:2d:45:37:fd:96:03:67:f6:42:ce:
                    59:0d:75:65:0e:82:a0:51:4c:0c:95:d7:db:72:4d:
                    38:2d:b2:66:19:52:92:84:ef:15:cf:c1:84:11:a2:
                    73:99:9f:22:fa:13:a8:4c:c5:65:cf:40:62:77:7b:
                    01:c2:d7:ef:a9:2f:c9:90:20:31:89:eb:85:99:37:
                    8a:36:07:c3:29:fa:97:03:ca:ba:46:26:68:a1:34:
                    4b:c3:77:a6:7b:07:f8:29:be:cb:01:19:c9:f0:f2:
                    c9:7b:bb:27:01:db:60:d9:c3:7c:2d:93:ed:96:18:
                    43:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:16:9E:CD:D4:62:DE:87:D5:D0:46:BA:16:D9:8A:30:28:38:5E:7A
            X509v3 Authority Key Identifier:
                keyid:B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/NxaezdRi3ofV0Ea6FtmKMCg4Xno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:878::/32
                  2a01:8fa::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:b8:1d:58:24:3a:56:5a:dc:85:a6:05:44:77:6f:23:b4:65:
         13:96:5b:b7:e0:4f:c1:b7:1b:b4:7a:33:0c:0a:92:ca:1d:b8:
         67:c4:6c:a1:7d:33:66:65:c7:c3:84:6b:2c:3f:f2:f6:ad:10:
         c6:f4:56:21:9c:ed:af:0b:fa:27:fb:48:c6:32:94:ab:4f:8a:
         17:c1:4a:c4:4b:9f:51:ad:ac:13:17:7e:0c:03:b9:a9:89:62:
         ba:fa:fb:49:af:4e:a5:aa:dd:d0:ae:82:74:b7:57:3c:69:1d:
         ac:21:4e:3e:e6:31:ec:ba:03:c9:7b:89:c7:6e:5e:7e:87:ba:
         21:f2:f7:4c:13:53:38:77:9b:69:83:33:81:c2:e3:bb:af:ac:
         7f:a1:39:64:e0:cf:38:28:f5:10:6a:0e:81:83:b7:5a:0b:59:
         ea:c8:b9:b2:59:1e:72:c5:a8:83:3c:8f:28:ad:8c:32:4d:fe:
         e2:5f:e1:67:97:42:36:0b:96:61:ba:d7:4b:8b:00:13:99:bf:
         fc:f3:b5:6c:51:21:04:d5:4b:88:90:89:c2:d1:b4:34:b9:32:
         36:29:85:c5:f2:bf:61:c8:1f:e2:52:74:b1:07:40:aa:61:74:
         96:d0:0c:e9:8e:15:d6:21:b4:ac:be:88:d5:5e:66:b8:35:91:
         63:6a:db:8e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQoJVeMPOdzI7jtzrsyhCm5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTVkOTk4NjNkYjJlNDliNDRmNmMzMjRlYjA0Mzg4ZmM3
NTE1ZDIwHhcNMjUwMTAyMTc1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzE2OWVjZGQ0NjJkZTg3ZDVkMDQ2YmExNmQ5OGEzMDI4Mzg1ZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteQ8VUT29Ds9HSTefmGYATmQTHVe
ZpKr6o2xE4RO7qxL2iGMwc31iYG0Ly/i3rICeWTennKWfpSP1iJdLYR8g39Fv7rK
51VfQDUUKHs4Wvk5FjZeME2+P7QQDqPuJJIC7yozdYUPlmLeg4qdmFLmkod2oznT
qOVu7yVrETCuvEs3KRh5llUnxfXCHS1FN/2WA2f2Qs5ZDXVlDoKgUUwMldfbck04
LbJmGVKShO8Vz8GEEaJzmZ8i+hOoTMVlz0Bid3sBwtfvqS/JkCAxieuFmTeKNgfD
KfqXA8q6RiZooTRLw3emewf4Kb7LARnJ8PLJe7snAdtg2cN8LZPtlhhDiQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDcWns3UYt6H1dBGuhbZijAoOF56MB8GA1UdIwQY
MBaAFLOl2Zhj2y5JtE9sMk6wQ4j8dRXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAt
ZWVjNWQ1MGVmYTk0LzEvTnhhZXpkUmkzb2ZWMEVhNkZ0bUtNQ2c0WG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAtZWVjNWQ1MGVmYTk0
LzEvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgEIeAMF
ACoBCPowDQYJKoZIhvcNAQELBQADggEBAIm4HVgkOlZa3IWmBUR3byO0ZROWW7fg
T8G3G7R6MwwKksoduGfEbKF9M2Zlx8OEayw/8vatEMb0ViGc7a8L+if7SMYylKtP
ihfBSsRLn1GtrBMXfgwDuamJYrr6+0mvTqWq3dCugnS3VzxpHawhTj7mMey6A8l7
icduXn6HuiHy90wTUzh3m2mDM4HC47uvrH+hOWTgzzgo9RBqDoGDt1oLWerIubJZ
HnLFqIM8jyitjDJN/uJf4WeXQjYLlmG610uLABOZv/zztWxRIQTVS4iQicLRtDS5
MjYphcXyv2HIH+JSdLEHQKphdJbQDOmOFdYhtKy+iNVeZrg1kWNq244=
-----END CERTIFICATE-----