Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/TEBaODlmDCqhNdveSNP6xcEtL-0.roa
File:                     TEBaODlmDCqhNdveSNP6xcEtL-0.roa (raw, json)
Hash identifier:          Ni+drEe1sF+jcV53LsQ0wrDEiq7Vue9pJpbJAT7gLcE=
Subject key identifier:   4C:40:5A:38:39:66:0C:2A:A1:35:DB:DE:48:D3:FA:C5:C1:2D:2F:ED
Certificate issuer:       /CN=abdc402cd535fc9123ea026c62ae9cf0f80e9418
Certificate serial:       019427472672020E1CD3F11AD75A146FB926
Authority key identifier: AB:DC:40:2C:D5:35:FC:91:23:EA:02:6C:62:AE:9C:F0:F8:0E:94:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q9xALNU1_JEj6gJsYq6c8PgOlBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/TEBaODlmDCqhNdveSNP6xcEtL-0.roa
Signing time:             Thu 02 Jan 2025 13:49:21 +0000
ROA not before:           Thu 02 Jan 2025 13:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203820
IP address blocks:        2a06:9040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/q9xALNU1_JEj6gJsYq6c8PgOlBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/q9xALNU1_JEj6gJsYq6c8PgOlBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q9xALNU1_JEj6gJsYq6c8PgOlBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:26:72:02:0e:1c:d3:f1:1a:d7:5a:14:6f:b9:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abdc402cd535fc9123ea026c62ae9cf0f80e9418
        Validity
            Not Before: Jan  2 13:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c405a3839660c2aa135dbde48d3fac5c12d2fed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5a:c2:aa:9a:87:d1:63:d0:05:d5:e8:f0:81:
                    a4:f9:2c:ca:a2:da:68:27:ad:b9:26:ee:d5:44:e7:
                    e0:b5:df:40:00:8a:57:d1:6f:06:47:40:39:7a:0a:
                    31:df:f9:e5:a7:02:36:c6:75:11:ba:73:7b:e4:a4:
                    77:91:77:a4:55:18:a0:cb:8e:00:1b:99:b4:ff:48:
                    72:9f:eb:0d:4a:94:38:6c:4d:ca:75:52:a3:3a:06:
                    55:be:a1:12:71:49:65:ac:b4:0e:c6:93:53:52:23:
                    7a:51:9d:22:fc:04:4c:40:72:15:bc:fd:d5:69:fd:
                    04:99:7d:85:71:42:50:8f:ca:d2:7c:44:1a:4e:db:
                    9d:c2:c8:15:ce:a9:0d:20:de:b6:bc:b2:ae:48:da:
                    76:c7:1e:e5:68:63:40:6e:b9:dd:a7:d5:39:f8:68:
                    c2:a2:68:f8:5a:df:54:3e:1a:0f:7d:35:fd:5b:39:
                    e3:33:ca:53:78:b4:fd:f4:da:76:33:54:1c:75:83:
                    5c:ca:56:40:c2:e5:5d:78:36:a0:80:f6:83:31:c6:
                    27:e3:2f:fc:51:09:c4:33:4c:94:dd:de:e5:3f:4f:
                    18:fb:77:10:40:3d:7d:dd:d8:2b:77:3b:92:46:f5:
                    a2:5e:7c:1d:c9:8c:30:d1:e4:c8:ee:ee:bb:cc:70:
                    4c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:40:5A:38:39:66:0C:2A:A1:35:DB:DE:48:D3:FA:C5:C1:2D:2F:ED
            X509v3 Authority Key Identifier:
                keyid:AB:DC:40:2C:D5:35:FC:91:23:EA:02:6C:62:AE:9C:F0:F8:0E:94:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q9xALNU1_JEj6gJsYq6c8PgOlBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/TEBaODlmDCqhNdveSNP6xcEtL-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/q9xALNU1_JEj6gJsYq6c8PgOlBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9040::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:fa:b1:8c:a1:9c:c1:99:92:ac:ca:c3:60:61:69:e7:42:bf:
         41:dc:53:78:f3:6e:90:e6:2b:63:f1:b3:35:9d:4c:99:aa:8d:
         dc:72:de:9c:ea:a7:5c:5d:f0:cf:74:1d:22:a8:21:e3:43:7e:
         11:31:e0:b5:4b:43:2a:ed:02:8a:be:76:aa:7d:90:51:e0:c1:
         9d:07:72:b7:61:17:a7:8d:bb:1f:64:4c:27:31:25:77:e2:ed:
         a8:43:0a:32:e5:20:cb:a9:20:7f:6b:83:1e:5a:44:1e:8f:51:
         fb:17:03:6d:e7:a3:ee:1c:ce:2a:83:0f:c4:58:f7:62:f2:51:
         8c:58:b4:c5:49:26:7f:f0:5d:40:17:af:ea:82:08:af:b2:e9:
         3a:aa:74:cd:d8:f9:b8:df:2f:80:3a:f4:8a:e1:ef:de:73:03:
         1d:b8:a6:05:06:1b:5d:06:3f:64:36:f7:b2:fc:35:48:04:a5:
         de:09:17:54:3e:5f:41:b9:59:85:19:90:e6:2b:af:d1:a4:db:
         15:ec:7e:0e:4e:be:e8:b0:7e:40:f3:89:8e:3a:39:40:f6:02:
         9d:c3:63:a2:95:67:fc:c2:7a:10:55:58:e3:ab:7f:5b:48:d5:
         ff:1b:de:14:e3:34:d3:d7:e7:e0:af:64:47:89:2c:96:63:71:
         fc:f0:d2:e8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnRyZyAg4c0/Ea11oUb7kmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZGM0MDJjZDUzNWZjOTEyM2VhMDI2YzYyYWU5Y2YwZjgw
ZTk0MTgwHhcNMjUwMTAyMTM0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzQwNWEzODM5NjYwYzJhYTEzNWRiZGU0OGQzZmFjNWMxMmQyZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVrCqpqH0WPQBdXo8IGk+SzKotpo
J625Ju7VROfgtd9AAIpX0W8GR0A5egox3/nlpwI2xnURunN75KR3kXekVRigy44A
G5m0/0hyn+sNSpQ4bE3KdVKjOgZVvqEScUllrLQOxpNTUiN6UZ0i/ARMQHIVvP3V
af0EmX2FcUJQj8rSfEQaTtudwsgVzqkNIN62vLKuSNp2xx7laGNAbrndp9U5+GjC
omj4Wt9UPhoPfTX9WznjM8pTeLT99Np2M1QcdYNcylZAwuVdeDaggPaDMcYn4y/8
UQnEM0yU3d7lP08Y+3cQQD193dgrdzuSRvWiXnwdyYww0eTI7u67zHBMvwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFExAWjg5ZgwqoTXb3kjT+sXBLS/tMB8GA1UdIwQY
MBaAFKvcQCzVNfyRI+oCbGKunPD4DpQYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTl4QUxOVTFfSkVqNmdKc1lxNmM4UGdPbEJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS83NTIzZDktNDY0OC00MzVlLTk5NjEt
NDA3MzViMmY4NDgxLzEvVEVCYU9EbG1EQ3FoTmR2ZVNOUDZ4Y0V0TC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS83NTIzZDktNDY0OC00MzVlLTk5NjEtNDA3MzViMmY4NDgx
LzEvcTl4QUxOVTFfSkVqNmdKc1lxNmM4UGdPbEJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgaQQDAN
BgkqhkiG9w0BAQsFAAOCAQEAKvqxjKGcwZmSrMrDYGFp50K/QdxTePNukOYrY/Gz
NZ1MmaqN3HLenOqnXF3wz3QdIqgh40N+ETHgtUtDKu0Cir52qn2QUeDBnQdyt2EX
p427H2RMJzEld+LtqEMKMuUgy6kgf2uDHlpEHo9R+xcDbeej7hzOKoMPxFj3YvJR
jFi0xUkmf/BdQBev6oIIr7LpOqp0zdj5uN8vgDr0iuHv3nMDHbimBQYbXQY/ZDb3
svw1SASl3gkXVD5fQblZhRmQ5iuv0aTbFex+Dk6+6LB+QPOJjjo5QPYCncNjopVn
/MJ6EFVY46t/W0jV/xveFOM009fn4K9kR4kslmNx/PDS6A==
-----END CERTIFICATE-----