Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/ecSF9NE211OUQGVVY-gYrorVDo0.roa
File:                     ecSF9NE211OUQGVVY-gYrorVDo0.roa (raw, json)
Hash identifier:          AFCEodkMI54VOYg+dE3fMMiMAl/LGN5jW0HDeqocDmM=
Subject key identifier:   79:C4:85:F4:D1:36:D7:53:94:40:65:55:63:E8:18:AE:8A:D5:0E:8D
Certificate issuer:       /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial:       0194266BC281EC35D07A9EF835330D028D32
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/ecSF9NE211OUQGVVY-gYrorVDo0.roa
Signing time:             Thu 02 Jan 2025 09:49:43 +0000
ROA not before:           Thu 02 Jan 2025 09:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207902
IP address blocks:        2a0e:7900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c2:81:ec:35:d0:7a:9e:f8:35:33:0d:02:8d:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
        Validity
            Not Before: Jan  2 09:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79c485f4d136d7539440655563e818ae8ad50e8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ed:7d:5e:7b:3e:d6:74:75:46:95:72:5b:58:
                    60:74:48:98:e4:93:f6:51:e5:d0:2b:8e:b1:d9:66:
                    da:8f:0f:26:83:5b:44:f3:7d:f8:20:ae:29:e9:d7:
                    1c:5d:de:76:e2:5f:9d:d8:73:24:46:9c:4b:be:31:
                    d4:8e:68:7f:68:ed:64:d1:3a:77:8c:95:01:bf:42:
                    51:ab:a6:2f:5f:7f:b9:c1:47:be:0f:57:69:7d:6c:
                    61:d9:34:10:8b:e0:8e:6a:ec:6c:27:72:f3:2a:b7:
                    f2:4e:ce:82:af:81:c5:ac:37:e7:75:8e:ba:1e:6d:
                    5d:a4:a5:fb:43:68:09:98:08:de:9f:9f:d1:a0:e8:
                    7e:ac:0e:62:1e:0a:e4:f4:b9:64:75:36:85:11:fd:
                    30:cb:3c:d2:eb:30:b4:43:db:f7:06:4e:a8:77:1d:
                    4a:77:97:2c:7d:fa:08:7c:91:3a:ab:0c:08:02:01:
                    1e:14:34:a5:70:09:dd:fa:87:4d:df:00:00:41:d6:
                    31:0d:24:40:c2:73:1d:f0:07:30:51:52:3e:5c:3c:
                    7a:e4:11:2c:e5:75:b0:24:20:b3:12:9d:9f:62:07:
                    17:d1:28:47:f0:e7:eb:99:60:a3:fd:11:55:20:34:
                    0f:1a:31:b4:6b:9a:df:ff:4a:d6:ac:53:a0:ca:37:
                    21:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C4:85:F4:D1:36:D7:53:94:40:65:55:63:E8:18:AE:8A:D5:0E:8D
            X509v3 Authority Key Identifier:
                keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/ecSF9NE211OUQGVVY-gYrorVDo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7900::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:93:75:ee:f4:f8:23:fb:be:46:f4:fb:62:d7:ba:3d:6e:fe:
         8d:51:d8:c3:64:83:c8:92:5a:74:5a:81:df:3e:5f:aa:b1:57:
         04:56:88:3c:34:1a:5a:45:35:4c:10:64:91:18:a6:2b:d4:9a:
         8f:f7:cf:da:2e:42:c4:e4:b0:1b:8d:eb:43:89:73:74:38:a9:
         c1:a8:dd:9e:29:c1:52:70:ee:9f:79:16:31:30:44:7e:7d:e0:
         d9:63:2c:c2:3e:aa:2b:03:5b:c5:a3:b5:41:b0:73:25:15:43:
         6d:97:4b:0d:7e:57:4b:09:cd:a8:2f:d3:f1:04:d1:11:dc:bb:
         bf:23:99:49:ef:54:0b:ef:04:25:0f:cc:10:2d:7a:fe:3c:85:
         d2:b4:1f:f7:d1:fb:10:0c:73:1a:2e:9a:54:b3:51:dd:c9:b8:
         a5:f1:47:cf:24:91:97:3e:55:fb:cc:99:a2:4c:10:9d:d4:cf:
         ed:d9:24:05:c1:52:e0:9f:5e:0c:b9:bd:0d:d1:28:90:2b:bb:
         21:06:ca:83:69:fa:b6:c7:e6:62:25:10:85:19:35:aa:8a:3e:
         01:e9:b4:2b:22:5e:84:a6:9c:fb:5f:27:e4:48:7a:66:aa:77:
         ae:e3:9f:ff:4e:b0:16:aa:4e:50:a0:eb:d4:9e:e2:ad:8d:4d:
         7e:d0:d8:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQma8KB7DXQep74NTMNAo0yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTRiYWY5OWFiODQwMTI5MTMzMjg1ZmU5YWQ3YjgzZmQx
MzBjMzkwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWM0ODVmNGQxMzZkNzUzOTQ0MDY1NTU2M2U4MThhZThhZDUwZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAje19Xns+1nR1RpVyW1hgdEiY5JP2
UeXQK46x2Wbajw8mg1tE8334IK4p6dccXd524l+d2HMkRpxLvjHUjmh/aO1k0Tp3
jJUBv0JRq6YvX3+5wUe+D1dpfWxh2TQQi+COauxsJ3LzKrfyTs6Cr4HFrDfndY66
Hm1dpKX7Q2gJmAjen5/RoOh+rA5iHgrk9LlkdTaFEf0wyzzS6zC0Q9v3Bk6odx1K
d5csffoIfJE6qwwIAgEeFDSlcAnd+odN3wAAQdYxDSRAwnMd8AcwUVI+XDx65BEs
5XWwJCCzEp2fYgcX0ShH8OfrmWCj/RFVIDQPGjG0a5rf/0rWrFOgyjchJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHnEhfTRNtdTlEBlVWPoGK6K1Q6NMB8GA1UdIwQY
MBaAFHLkuvmauEASkTMoX+mte4P9Eww5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2Qt
YThkNjVkY2NiOTZiLzEvZWNTRjlORTIxMU9VUUdWVlktZ1lyb3JWRG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2QtYThkNjVkY2NiOTZi
LzEvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg55ADAN
BgkqhkiG9w0BAQsFAAOCAQEAiJN17vT4I/u+RvT7Yte6PW7+jVHYw2SDyJJadFqB
3z5fqrFXBFaIPDQaWkU1TBBkkRimK9Saj/fP2i5CxOSwG43rQ4lzdDipwajdninB
UnDun3kWMTBEfn3g2WMswj6qKwNbxaO1QbBzJRVDbZdLDX5XSwnNqC/T8QTREdy7
vyOZSe9UC+8EJQ/MEC16/jyF0rQf99H7EAxzGi6aVLNR3cm4pfFHzySRlz5V+8yZ
okwQndTP7dkkBcFS4J9eDLm9DdEokCu7IQbKg2n6tsfmYiUQhRk1qoo+Aem0KyJe
hKac+18n5Eh6Zqp3ruOf/06wFqpOUKDr1J7irY1NftDYnQ==
-----END CERTIFICATE-----