Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a7ce9e-10fc-4bda-838b-bcb724bc2684/1/hSxuqdFakuVuEvKUogCcsFaigPs.roa
File:                     hSxuqdFakuVuEvKUogCcsFaigPs.roa (raw, json)
Hash identifier:          Xj6H7DBsScqxHUyFTpNMVSRKFfZSSLZGI1xOM2DNsyc=
Subject key identifier:   85:2C:6E:A9:D1:5A:92:E5:6E:12:F2:94:A2:00:9C:B0:56:A2:80:FB
Certificate issuer:       /CN=a07f6e2b60ca464700dd8e28fba0daadc2c40ced
Certificate serial:       0194258F42B084582D404A50F0F754D58CE6
Authority key identifier: A0:7F:6E:2B:60:CA:46:47:00:DD:8E:28:FB:A0:DA:AD:C2:C4:0C:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oH9uK2DKRkcA3Y4o-6DarcLEDO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a7ce9e-10fc-4bda-838b-bcb724bc2684/1/hSxuqdFakuVuEvKUogCcsFaigPs.roa
Signing time:             Thu 02 Jan 2025 05:48:53 +0000
ROA not before:           Thu 02 Jan 2025 05:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213758
IP address blocks:        2a0c:f686::/32 maxlen: 44
                          2a0c:f686:10::/44 maxlen: 44
                          2a0c:f686:40::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/a7ce9e-10fc-4bda-838b-bcb724bc2684/1/oH9uK2DKRkcA3Y4o-6DarcLEDO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/a7ce9e-10fc-4bda-838b-bcb724bc2684/1/oH9uK2DKRkcA3Y4o-6DarcLEDO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oH9uK2DKRkcA3Y4o-6DarcLEDO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:42:b0:84:58:2d:40:4a:50:f0:f7:54:d5:8c:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a07f6e2b60ca464700dd8e28fba0daadc2c40ced
        Validity
            Not Before: Jan  2 05:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=852c6ea9d15a92e56e12f294a2009cb056a280fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:27:71:c5:bd:b9:ea:d9:a2:f0:da:98:16:c6:
                    07:a2:65:39:e3:93:f2:4f:94:66:33:47:2c:f6:34:
                    52:2e:15:63:72:ee:62:b6:35:40:5c:13:81:ae:bc:
                    69:b2:10:fa:d5:2a:66:c8:a6:68:19:d5:61:ce:80:
                    d8:31:9b:c6:1b:45:27:23:65:d8:96:45:66:8b:56:
                    cf:03:12:f7:4e:7e:1f:08:4e:6c:bc:59:0d:86:c6:
                    1e:d8:f0:c0:2c:01:15:bb:cb:1f:76:29:0f:19:20:
                    5a:62:0f:8e:2c:82:e9:e6:e8:ea:81:b1:7f:d5:f9:
                    b6:12:55:15:20:30:ea:d5:c1:12:20:b4:3b:ec:2e:
                    d1:3e:7b:58:18:f6:d1:99:42:00:e9:a2:96:83:64:
                    b8:f9:ba:f5:9b:bf:a7:d7:66:e6:35:b3:0d:d6:8a:
                    f2:5a:d1:c2:00:28:bb:6d:52:dc:ba:65:0f:bc:1d:
                    8a:34:f2:68:17:df:5f:8d:92:d5:f1:a1:56:94:4f:
                    d9:34:3e:f0:fe:cf:10:7d:08:5c:b7:1d:d9:e9:5b:
                    49:44:4a:f1:93:af:cc:bc:f5:d0:88:42:69:36:c8:
                    85:31:c0:b9:29:81:e8:c4:9d:7b:bd:68:5d:27:7e:
                    5c:ec:af:3f:8d:25:bb:8d:25:9f:14:e8:cd:95:6a:
                    3c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:2C:6E:A9:D1:5A:92:E5:6E:12:F2:94:A2:00:9C:B0:56:A2:80:FB
            X509v3 Authority Key Identifier:
                keyid:A0:7F:6E:2B:60:CA:46:47:00:DD:8E:28:FB:A0:DA:AD:C2:C4:0C:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oH9uK2DKRkcA3Y4o-6DarcLEDO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a7ce9e-10fc-4bda-838b-bcb724bc2684/1/hSxuqdFakuVuEvKUogCcsFaigPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a7ce9e-10fc-4bda-838b-bcb724bc2684/1/oH9uK2DKRkcA3Y4o-6DarcLEDO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:f686::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:b2:96:a0:e0:15:e1:0b:78:95:6f:a6:36:b3:54:b2:15:cb:
         d8:67:6b:9f:82:9a:62:c8:ad:08:f4:8f:16:37:3e:37:ba:56:
         dd:b7:7d:4f:14:4e:3f:c7:66:dd:db:10:d3:cd:09:b5:98:f9:
         f6:02:f0:39:cc:b5:59:06:6e:84:4e:2c:4e:f8:3c:d0:4e:df:
         88:31:5d:38:4d:78:d8:e8:0a:60:df:8e:48:5d:99:d7:9e:1b:
         8b:22:79:fa:89:be:16:b6:8b:80:da:9f:41:0e:4f:70:3b:12:
         9b:a5:e2:16:82:67:75:5a:67:ad:4b:2d:52:2a:79:84:f6:8f:
         60:dd:7a:21:8d:5e:b8:1a:82:ef:64:4f:4d:ce:61:a5:7d:dd:
         4e:5e:96:ff:e3:d6:6c:58:0e:01:3f:7a:c8:cf:95:e5:d1:35:
         e0:38:63:32:61:13:be:21:a5:0c:8d:c8:65:69:4a:22:42:ef:
         41:66:41:a7:d7:d3:52:55:a1:51:bd:8b:85:92:09:63:bc:9e:
         c0:75:33:6b:39:c6:a5:1d:fc:a7:76:c5:21:cd:ee:77:1a:e7:
         e9:03:cf:87:c6:08:fd:d1:d2:04:59:83:f4:e2:a9:ab:a2:b5:
         82:3b:42:cd:96:89:3e:94:be:1e:d7:91:e2:68:fd:00:53:dd:
         f0:eb:33:a0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj0KwhFgtQEpQ8PdU1YzmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwN2Y2ZTJiNjBjYTQ2NDcwMGRkOGUyOGZiYTBkYWFkYzJj
NDBjZWQwHhcNMjUwMTAyMDU0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTJjNmVhOWQxNWE5MmU1NmUxMmYyOTRhMjAwOWNiMDU2YTI4MGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuidxxb256tmi8NqYFsYHomU545Py
T5RmM0cs9jRSLhVjcu5itjVAXBOBrrxpshD61SpmyKZoGdVhzoDYMZvGG0UnI2XY
lkVmi1bPAxL3Tn4fCE5svFkNhsYe2PDALAEVu8sfdikPGSBaYg+OLILp5ujqgbF/
1fm2ElUVIDDq1cESILQ77C7RPntYGPbRmUIA6aKWg2S4+br1m7+n12bmNbMN1ory
WtHCACi7bVLcumUPvB2KNPJoF99fjZLV8aFWlE/ZND7w/s8QfQhctx3Z6VtJRErx
k6/MvPXQiEJpNsiFMcC5KYHoxJ17vWhdJ35c7K8/jSW7jSWfFOjNlWo8hwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIUsbqnRWpLlbhLylKIAnLBWooD7MB8GA1UdIwQY
MBaAFKB/bitgykZHAN2OKPug2q3CxAztMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0g5dUsyREtSa2NBM1k0by02RGFyY0xFRE8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9hN2NlOWUtMTBmYy00YmRhLTgzOGIt
YmNiNzI0YmMyNjg0LzEvaFN4dXFkRmFrdVZ1RXZLVW9nQ2NzRmFpZ1BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9hN2NlOWUtMTBmYy00YmRhLTgzOGItYmNiNzI0YmMyNjg0
LzEvb0g5dUsyREtSa2NBM1k0by02RGFyY0xFRE8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgz2hjAN
BgkqhkiG9w0BAQsFAAOCAQEAobKWoOAV4Qt4lW+mNrNUshXL2Gdrn4KaYsitCPSP
Fjc+N7pW3bd9TxROP8dm3dsQ080JtZj59gLwOcy1WQZuhE4sTvg80E7fiDFdOE14
2OgKYN+OSF2Z154biyJ5+om+FraLgNqfQQ5PcDsSm6XiFoJndVpnrUstUip5hPaP
YN16IY1euBqC72RPTc5hpX3dTl6W/+PWbFgOAT96yM+V5dE14DhjMmETviGlDI3I
ZWlKIkLvQWZBp9fTUlWhUb2LhZIJY7yewHUzaznGpR38p3bFIc3udxrn6QPPh8YI
/dHSBFmD9OKpq6K1gjtCzZaJPpS+HteR4mj9AFPd8OszoA==
-----END CERTIFICATE-----