Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/2d8VX1yVh54mGYkeHaHmzVPzhZo.roa
File:                     2d8VX1yVh54mGYkeHaHmzVPzhZo.roa (raw, json)
Hash identifier:          cYGvSwaRPDVvS+Yq5KxRkZ+234/mFxXJD0RJHeKEEjQ=
Subject key identifier:   D9:DF:15:5F:5C:95:87:9E:26:19:89:1E:1D:A1:E6:CD:53:F3:85:9A
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       019420D6405C0FADC52EF4F55801D787913D
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/2d8VX1yVh54mGYkeHaHmzVPzhZo.roa
Signing time:             Wed 01 Jan 2025 07:48:19 +0000
ROA not before:           Wed 01 Jan 2025 07:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212437
IP address blocks:        2a07:22c1:9::/48 maxlen: 48
                          2a07:22c1:30::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:40:5c:0f:ad:c5:2e:f4:f5:58:01:d7:87:91:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9df155f5c95879e2619891e1da1e6cd53f3859a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:20:37:b7:d8:ea:00:b3:0a:8d:c1:4b:11:93:
                    22:81:95:a3:c2:d6:8d:59:d7:9e:87:2d:40:a0:56:
                    72:e3:68:cc:74:4d:ca:c8:b7:a5:58:79:48:62:8e:
                    6c:91:80:26:d1:e7:b5:0c:ee:fd:48:54:d9:f3:29:
                    7f:01:05:ae:82:4e:e1:4a:55:97:ae:99:f5:59:37:
                    92:59:f2:8a:0d:d9:38:6a:4e:eb:e1:c3:d0:f8:0c:
                    2f:4d:a3:87:da:bd:ab:f7:df:2d:d2:58:2c:69:78:
                    cc:62:6c:57:64:5c:2d:fb:22:c8:58:5e:44:a2:f3:
                    52:d1:98:19:99:3e:5a:0c:4c:26:59:16:c7:56:9b:
                    e1:ce:41:f1:b5:70:38:ba:04:28:4c:38:88:29:8d:
                    ae:d4:5f:10:28:ab:ba:f0:f3:87:6c:b9:58:1f:23:
                    26:1b:84:d0:7f:13:ff:2e:68:da:9e:fb:80:d6:ec:
                    c9:e3:5f:cc:d3:22:77:9f:20:7e:05:1e:f3:c4:b3:
                    15:62:bd:f7:f8:de:e1:51:68:76:da:6d:db:64:67:
                    e8:b9:a4:ab:bd:c3:3a:4d:29:2b:05:fb:88:9e:87:
                    07:63:b6:ee:f4:d8:83:c1:72:21:7c:41:42:48:9c:
                    ab:36:4d:1f:6e:6e:6b:70:59:80:73:0e:4a:86:83:
                    b7:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:DF:15:5F:5C:95:87:9E:26:19:89:1E:1D:A1:E6:CD:53:F3:85:9A
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/2d8VX1yVh54mGYkeHaHmzVPzhZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:9::/48
                  2a07:22c1:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:3f:f6:8b:53:4a:10:de:ed:41:1d:98:bf:0f:eb:56:62:7a:
         43:c4:2d:25:f3:32:b0:e8:53:46:92:2b:ab:d1:f7:99:8f:8e:
         07:29:21:85:b3:3a:af:11:00:2b:f7:34:77:d4:30:69:2b:12:
         3a:16:3f:b9:dc:38:2b:ab:c1:bb:78:b9:fb:37:9a:6b:05:da:
         63:85:94:df:83:3f:2b:67:13:0e:1f:19:3e:6c:ee:5c:a0:fd:
         0e:af:81:31:d5:6d:bd:d1:05:58:6f:e3:1c:50:17:ea:ee:52:
         8f:fa:8a:31:2e:22:31:b3:57:a7:73:bc:11:fc:51:75:dc:0a:
         50:a2:0e:79:56:a6:5f:5d:78:17:1c:4a:ac:02:e4:53:09:42:
         f4:bf:1a:f0:47:50:e9:d0:fb:22:9c:70:49:53:c7:3c:27:fc:
         88:a8:d9:fa:08:15:72:5e:95:6b:57:ed:42:0b:96:17:e7:ee:
         9e:22:dd:52:01:06:bc:6c:d1:b0:9b:2d:53:d3:1f:b2:a6:ce:
         10:e4:77:a6:58:e2:65:ff:67:36:93:ca:5c:f1:44:c8:60:7c:
         a6:80:99:72:c8:57:fc:f1:54:63:af:5e:21:91:03:6a:60:ff:
         6a:a6:3a:79:cd:29:ff:1e:d0:14:e8:00:ea:6b:b0:4f:53:cb:
         4e:91:bf:00
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQg1kBcD63FLvT1WAHXh5E9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjUwMTAxMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWRmMTU1ZjVjOTU4NzllMjYxOTg5MWUxZGExZTZjZDUzZjM4NTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yA3t9jqALMKjcFLEZMigZWjwtaN
Wdeehy1AoFZy42jMdE3KyLelWHlIYo5skYAm0ee1DO79SFTZ8yl/AQWugk7hSlWX
rpn1WTeSWfKKDdk4ak7r4cPQ+AwvTaOH2r2r998t0lgsaXjMYmxXZFwt+yLIWF5E
ovNS0ZgZmT5aDEwmWRbHVpvhzkHxtXA4ugQoTDiIKY2u1F8QKKu68POHbLlYHyMm
G4TQfxP/LmjanvuA1uzJ41/M0yJ3nyB+BR7zxLMVYr33+N7hUWh22m3bZGfouaSr
vcM6TSkrBfuInocHY7bu9NiDwXIhfEFCSJyrNk0fbm5rcFmAcw5KhoO3hQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNnfFV9clYeeJhmJHh2h5s1T84WaMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvMmQ4VlgxeVZoNTRtR1lrZUhhSG16VlB6aFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgciwQAJ
AwcAKgciwQAwMA0GCSqGSIb3DQEBCwUAA4IBAQARP/aLU0oQ3u1BHZi/D+tWYnpD
xC0l8zKw6FNGkiur0feZj44HKSGFszqvEQAr9zR31DBpKxI6Fj+53Dgrq8G7eLn7
N5prBdpjhZTfgz8rZxMOHxk+bO5coP0Or4Ex1W290QVYb+McUBfq7lKP+ooxLiIx
s1enc7wR/FF13ApQog55VqZfXXgXHEqsAuRTCUL0vxrwR1Dp0PsinHBJU8c8J/yI
qNn6CBVyXpVrV+1CC5YX5+6eIt1SAQa8bNGwmy1T0x+yps4Q5HemWOJl/2c2k8pc
8UTIYHymgJlyyFf88VRjr14hkQNqYP9qpjp5zSn/HtAU6ADqa7BPU8tOkb8A
-----END CERTIFICATE-----