Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/lJrwoyCHk-KhLsTndl2kfTJmzS0.roa
File:                     lJrwoyCHk-KhLsTndl2kfTJmzS0.roa (raw, json)
Hash identifier:          QQVDCU2+xswVxXyXjpbkieNuyjdGUltA6OYqC3/o4lo=
Subject key identifier:   94:9A:F0:A3:20:87:93:E2:A1:2E:C4:E7:76:5D:A4:7D:32:66:CD:2D
Certificate issuer:       /CN=4df0970484eb26bc59fd8fa8d5bf7c3c7212d011
Certificate serial:       0196F4C554449362D361A039BE7E0B7384FC
Authority key identifier: 4D:F0:97:04:84:EB:26:BC:59:FD:8F:A8:D5:BF:7C:3C:72:12:D0:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/lJrwoyCHk-KhLsTndl2kfTJmzS0.roa
Signing time:             Wed 21 May 2025 21:34:54 +0000
ROA not before:           Wed 21 May 2025 21:34:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205692
IP address blocks:        2a0b:4ec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f4:c5:54:44:93:62:d3:61:a0:39:be:7e:0b:73:84:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4df0970484eb26bc59fd8fa8d5bf7c3c7212d011
        Validity
            Not Before: May 21 21:34:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=949af0a3208793e2a12ec4e7765da47d3266cd2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:18:65:5e:41:c6:24:cd:74:6e:e0:fd:fc:0b:
                    e6:b6:9f:b5:b9:b3:31:4c:7b:e2:fb:13:50:c8:32:
                    28:04:40:b3:c3:9d:e0:a8:07:e1:3a:e8:4c:18:f2:
                    2b:18:77:56:4e:28:d2:29:e3:f9:09:b6:f5:79:a6:
                    fb:96:79:9a:fe:53:4e:db:48:ff:7c:c0:25:a6:33:
                    42:30:18:dc:9d:d8:32:b8:6d:6d:61:d2:00:bb:61:
                    f7:0f:0b:c5:1e:0a:1d:52:74:c9:19:d1:99:8f:63:
                    30:72:7f:3b:2d:e1:90:98:f7:d3:aa:72:90:5c:3e:
                    6a:60:e4:67:88:a8:85:2e:a7:f1:d4:22:c3:74:fa:
                    d7:c7:98:31:70:96:3a:bf:0d:bb:44:ba:14:53:9d:
                    a4:99:02:c1:8b:ca:64:35:90:74:b1:0b:8b:a8:6f:
                    e9:bf:53:09:97:7f:83:c5:ff:f3:31:30:d3:b3:8a:
                    c5:af:0f:50:53:80:1d:1c:74:97:e9:d7:eb:6a:c6:
                    c1:fb:dd:f9:17:81:47:61:d4:5b:8b:54:d7:a2:47:
                    98:20:92:d9:4a:68:f2:ad:da:08:75:d4:c7:63:87:
                    a6:46:4b:70:87:0f:d5:4f:ba:7a:c1:b7:eb:8f:0f:
                    69:e2:a4:e5:0b:b9:61:9c:1e:24:d1:57:79:45:f3:
                    dc:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:9A:F0:A3:20:87:93:E2:A1:2E:C4:E7:76:5D:A4:7D:32:66:CD:2D
            X509v3 Authority Key Identifier:
                keyid:4D:F0:97:04:84:EB:26:BC:59:FD:8F:A8:D5:BF:7C:3C:72:12:D0:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/lJrwoyCHk-KhLsTndl2kfTJmzS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:ed:d8:23:6b:af:21:ef:50:5f:8a:b3:f5:fd:02:78:e8:b3:
         74:38:19:08:99:bb:46:31:d5:03:86:0b:67:12:73:30:3d:b3:
         7d:95:a0:cf:23:1e:5f:92:91:8c:af:8e:54:79:06:aa:19:e7:
         7f:bf:99:0e:9b:60:89:62:06:c4:84:0b:24:41:7c:58:4b:97:
         b6:91:0e:f5:cb:5a:f2:53:43:fb:f0:d7:df:0e:8c:96:95:37:
         9a:ca:56:e2:40:64:79:e8:ae:d2:e8:c3:65:63:90:05:fc:33:
         6c:10:a9:ca:85:49:dc:f7:fe:82:03:44:d0:b0:95:f6:31:9c:
         79:17:9b:10:a1:69:78:24:71:c7:ed:1d:ea:2c:04:6c:a0:c2:
         7f:08:18:ac:57:cd:92:54:c1:53:97:40:22:dc:51:27:ca:23:
         2b:63:36:87:12:7b:08:ca:2d:70:ac:2d:b3:3d:65:11:8a:85:
         24:f3:4d:ac:3c:d0:a6:98:9a:0e:84:9e:81:82:b4:3c:9b:59:
         83:ae:0a:ce:2e:58:48:82:3e:c9:8d:25:ce:a7:dc:3a:28:7a:
         2a:6f:1d:53:68:9a:3a:05:bb:a6:36:e1:5a:9e:ce:7e:4f:1a:
         36:d1:4b:15:72:ef:81:50:a9:72:89:06:40:69:16:38:aa:c3:
         1c:42:70:e6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZb0xVREk2LTYaA5vn4Lc4T8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZjA5NzA0ODRlYjI2YmM1OWZkOGZhOGQ1YmY3YzNjNzIx
MmQwMTEwHhcNMjUwNTIxMjEzNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDlhZjBhMzIwODc5M2UyYTEyZWM0ZTc3NjVkYTQ3ZDMyNjZjZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBhlXkHGJM10buD9/Avmtp+1ubMx
THvi+xNQyDIoBECzw53gqAfhOuhMGPIrGHdWTijSKeP5Cbb1eab7lnma/lNO20j/
fMAlpjNCMBjcndgyuG1tYdIAu2H3DwvFHgodUnTJGdGZj2Mwcn87LeGQmPfTqnKQ
XD5qYORniKiFLqfx1CLDdPrXx5gxcJY6vw27RLoUU52kmQLBi8pkNZB0sQuLqG/p
v1MJl3+Dxf/zMTDTs4rFrw9QU4AdHHSX6dfrasbB+935F4FHYdRbi1TXokeYIJLZ
SmjyrdoIddTHY4emRktwhw/VT7p6wbfrjw9p4qTlC7lhnB4k0Vd5RfPcBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJSa8KMgh5PioS7E53ZdpH0yZs0tMB8GA1UdIwQY
MBaAFE3wlwSE6ya8Wf2PqNW/fDxyEtARMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGZDWEJJVHJKcnhaX1ktbzFiOThQSElTMEJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84ZTExOTgtZTUwZi00MTZmLTlkNmIt
MWU5YmZmNWU0MDIxLzEvbEpyd295Q0hrLUtoTHNUbmRsMmtmVEptelMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84ZTExOTgtZTUwZi00MTZmLTlkNmItMWU5YmZmNWU0MDIx
LzEvVGZDWEJJVHJKcnhaX1ktbzFiOThQSElTMEJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgtOwDAN
BgkqhkiG9w0BAQsFAAOCAQEANe3YI2uvIe9QX4qz9f0CeOizdDgZCJm7RjHVA4YL
ZxJzMD2zfZWgzyMeX5KRjK+OVHkGqhnnf7+ZDptgiWIGxIQLJEF8WEuXtpEO9cta
8lND+/DX3w6MlpU3mspW4kBkeeiu0ujDZWOQBfwzbBCpyoVJ3Pf+ggNE0LCV9jGc
eRebEKFpeCRxx+0d6iwEbKDCfwgYrFfNklTBU5dAItxRJ8ojK2M2hxJ7CMotcKwt
sz1lEYqFJPNNrDzQppiaDoSegYK0PJtZg64Kzi5YSII+yY0lzqfcOih6Km8dU2ia
OgW7pjbhWp7Ofk8aNtFLFXLvgVCpcokGQGkWOKrDHEJw5g==
-----END CERTIFICATE-----